Trusteer drives endpoint security
Endpoint protection has always been a bit hit and miss for companies. Most just hope that nothing serious attacks the computers their users have.
When IBM acquired Trusteer in September 2013, it seemed like they were finally closing in an a complete end-to-end solution. Prior to the acquisition, IBM had no endpoint anti-virus or anti-malware solution. Instead it relied on partners who were also competing with IBM in the enterprise security space. That has now changed and IBM wants to own corporate security from device to mainframe and all points in between.
Part of that IBM push has seen a large hiring exercise with Trusteer scooping up 60 new hires and massively expanding its Israel R&D facility. With other companies beating a path to Israel, including the UK Government, this is likely to lead to a real shortage of security skills in that market.
The main focus for the Trusteer team appears to have been around integration with the IBM Security Reference Architecture but there have been a lot of other things happening as well. One of the differences between IBM and other endpoint solutions is using the Trusteer experience of working with banks.
One feature stands out here - credential protection. Anyone who subscribes to a credit protection agency, and all regular travellers should, will get a monthly email telling them if the credentials they use to monitor their finances appear on public facing websites. For small businesses, this could be something as simple as name, address and telephone number on the bottom of a website.
IBM Trusteer has taken this feature and will monitor where users are logging on. If it finds them using their corporate credentials on a site that is not owned by the company, it will alert the user to the issue and pass a report to IT. This has a real bonus for the IT department. It allows them to stop users leaking corporate credentials to the outside world. More importantly, it provides them with a view as to what cloud services departments may be purchasing.
This also flows into the intelligence led approach that IBM has been taking. The uptake of cloud-based file sharing and collaboration services has seen vast amounts of corporate data moved offsite without any controls at all. Mixed in to that is a lot of data being moved by malware. Identification of what users are doing using corporate credentials helps to at least eliminate that level of data exfiltration as being malware led allowing security teams to focus on the real leaks.
This becomes extremely effective when combined with firewall rules to block IP addresses to prevent data being sent to them. In the early stage of any deployment here, there will be the risk of impacting users who are carrying out perfectly reasonable tasks. However, as organisations tune the lists, they will understand more about cloud usage, data loss, compliance risk and gain the ability to reduce loss of data and IP.
A third strand of Trusteers latest update focuses on choking off malware. There is an acceptance, emphasised by the US Government report on online advertising, that malware is almost unavoidable. Instead of trying to fight a losing battle Trusteer has turned to what it called the strategic chokepoints.
One part of the choking off of malware is to put tighter controls around Java. This is a delicate balancing act for IBM as it has been a big adopter and supporter of Java across its own product line. What Trusteer is doing is deep inspection of the Java VM, looking at applications and deciding if they can be trusted. It then allows the enterprise to effectively sign and mark apps as trusted. This is not just about third party apps. There is a lot of internal Java floating around organisations that has never been security checked or even updated as new exploits are released.
The other part of this is blocking the malware command and control (C&C) channels. This will be done by updating the lists of known C&C servers and tracking all links between them and internal machines.
The updates to Trusteer are just part of IBMs latest security plans which include putting more of their high end tools, such as Qradar into the cloud and delivering IT Security as a Service (ITSecaaS)
Intercede announces MyTAM to help protect Android apps and data from hackers.
The Department for Communities and Local Government has issued a paper aimed at helping Local Government become more cyber resilient.
Chinese computing giant Huawei has announced an appliance capable of mitigating the largest DDoS attacks ever seen.
IBM has published its first quarterly X-Force report of 2015 and announces that over 1 billion pieces of PII were leaked in 2014.