Risk
9/11/2008
12:15 PM
Connect Directly
LinkedIn
Google+
Twitter
RSS
E-Mail
50%
50%

Startup Of The Week: Trusteer

A new approach to security focuses on protecting online banking and e-commerce.

The major flaw of most security software is it can't keep pace with new malware. Trusteer doesn't even try. "We assume the desktop is compromised," says CEO and co-founder Mickey Boodaei. Trusteer's software protects passwords and account numbers rather than trying to seek and destroy infections.
--Andrew Conry-Murray

TRUSTEER


Mickey Boodaei, co-founder and CEO, Trusteer

Boodaei tackles online banking security
HEADQUARTERS: Tel Aviv, Israel

PRODUCT: Rapport

PRINCIPALS: Mickey Boodaei, co-founder and CEO; Amit Klein, co-founder and CTO; Shmulik Regev, co-founder and chief architect

INVESTORS: Private investors

FUNDING: $4 million

EARLY CUSTOMERS: ING Direct, Muriel Siebert


HOW IT WORKS
Rapport is a desktop agent that performs multiple functions, including encrypting all the keystrokes from the keyboard driver to the browser to thwart keyloggers. It also restricts access to the browser and browser APIs. Any attempt by a browser add-on to interact with the browser must be allowed by the software's rule set. Finally, the software authenticates the e-commerce server, whether by checking a trusted list of IPs, by reverse DNS lookup, or by using a secure DNS server hosted by Trusteer.

WHAT'S DIFFERENT?
Trusteer's security software doesn't try to identify malware. Instead, it protects Web transactions by monitoring browser processes so malware can't log keystrokes, redirect the browser, or inject transactions. In addition, Trusteer doesn't sell to end users. It contracts with banks and e-commerce companies, which in turn offer the software to their customers.

OUR TAKE
Trusteer faces a couple of major hurdles. First, its software has to be nearly flawless, both in operation and construction. Second, banks usually don't provide security software to customers because they risk liability if something goes wrong. But the pain inflicted by criminal malware may now outweigh the risk. Trusteer's product is compelling enough to get in the labs of potential customers, where it will be pounded mercilessly. If it can run the gauntlet, look for an acquisition within two years.

LEADERSHIP
CEO and co-founder Boodaei was VP of EMEA sales at Imperva, a Web and database security vendor. CTO and co-founder Klein was chief scientist at security vendor Cyota, which was acquired by RSA.

TIMELINE
Timeline Chart

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5027
Published: 2014-12-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2062. Reason: This candidate is a reservation duplicate of CVE-2010-2062. Notes: All CVE users should reference CVE-2010-2062 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2010-1441
Published: 2014-12-26
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.

CVE-2010-1442
Published: 2014-12-26
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.

CVE-2010-1443
Published: 2014-12-26
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format...

CVE-2010-1444
Published: 2014-12-26
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.