Risk
9/11/2008
12:15 PM
Connect Directly
LinkedIn
Google+
Twitter
RSS
E-Mail
50%
50%

Startup Of The Week: Trusteer

A new approach to security focuses on protecting online banking and e-commerce.

The major flaw of most security software is it can't keep pace with new malware. Trusteer doesn't even try. "We assume the desktop is compromised," says CEO and co-founder Mickey Boodaei. Trusteer's software protects passwords and account numbers rather than trying to seek and destroy infections.
--Andrew Conry-Murray

TRUSTEER


Mickey Boodaei, co-founder and CEO, Trusteer

Boodaei tackles online banking security
HEADQUARTERS: Tel Aviv, Israel

PRODUCT: Rapport

PRINCIPALS: Mickey Boodaei, co-founder and CEO; Amit Klein, co-founder and CTO; Shmulik Regev, co-founder and chief architect

INVESTORS: Private investors

FUNDING: $4 million

EARLY CUSTOMERS: ING Direct, Muriel Siebert


HOW IT WORKS
Rapport is a desktop agent that performs multiple functions, including encrypting all the keystrokes from the keyboard driver to the browser to thwart keyloggers. It also restricts access to the browser and browser APIs. Any attempt by a browser add-on to interact with the browser must be allowed by the software's rule set. Finally, the software authenticates the e-commerce server, whether by checking a trusted list of IPs, by reverse DNS lookup, or by using a secure DNS server hosted by Trusteer.

WHAT'S DIFFERENT?
Trusteer's security software doesn't try to identify malware. Instead, it protects Web transactions by monitoring browser processes so malware can't log keystrokes, redirect the browser, or inject transactions. In addition, Trusteer doesn't sell to end users. It contracts with banks and e-commerce companies, which in turn offer the software to their customers.

OUR TAKE
Trusteer faces a couple of major hurdles. First, its software has to be nearly flawless, both in operation and construction. Second, banks usually don't provide security software to customers because they risk liability if something goes wrong. But the pain inflicted by criminal malware may now outweigh the risk. Trusteer's product is compelling enough to get in the labs of potential customers, where it will be pounded mercilessly. If it can run the gauntlet, look for an acquisition within two years.

LEADERSHIP
CEO and co-founder Boodaei was VP of EMEA sales at Imperva, a Web and database security vendor. CTO and co-founder Klein was chief scientist at security vendor Cyota, which was acquired by RSA.

TIMELINE
Timeline Chart

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio