Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/18/2010
09:59 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RSA Offers Advanced Solutions To Help Combat Man-In-The-Browser Attacks

Man-in-the-Browser Solutions includes newly enhanced transaction monitoring and risk-based authentication

BEDFORD, Mass., May 18 /PRNewswire/ -- RSA, The Security Division of EMC (NYSE: EMC) today announced RSA Man-in-the-Browser Solutions, a portfolio of anti-fraud services designed to give businesses and their customers defense against one of the most sophisticated means of theft of online information, identities and financial assets. With these additional layers of defense from RSA, organizations can better fight against the sharp rise in Man-in-the-Browser (MITB) attacks that lead to Trojan and malware infection within enterprises and personal computing environments.

Leveraging the technologies and services of the RSA Identity Protection and Verification Suite, the RSA Man-in-the-Browser solution includes newly enhanced transaction monitoring as well as risk-based authentication; Trojan detection and attack shut down; and intelligence to identify malware-infected enterprise environments.

"Today cybercriminals are able to leverage online banking sessions in real time, concurrent with the victim," said Robert Vamosi, Security, Risk & Fraud Analyst for Javelin Strategy & Research. "No stand-alone authentication or other security tool is enough to defend against the more sophisticated Man-in-the-Browser attacks."

"Online criminals are continually evolving their tools and tactics to work around defenses established by even the most security-conscious organizations," said Christopher Young, Senior Vice President of Products, Technologies and Markets, at RSA. "In particular, Man-in-the-Browser attacks have presented a significant online threat that defies geographic boundaries and discriminates against no one person or entity. Organizations need to approach this problem with a multi-layered defense strategy reinforcing security measures at login that in isolation can be thwarted. This includes the ability to detect, monitor, shut down and cull intelligence based on transactions, malware and online attacks."

MITB attacks are designed by fraudsters to infect a web browser with malware that can result in modified web pages and transactions that are largely transparent to both the user and the host application. Trojans such as Silent Banker, Sinowal and Zeus are pre-programmed by fraudsters to activate when the user's browser accesses a specific website such as their online banking portal. The activated Trojan can then track the online session and perform real-time interception and manipulation of information that can lead to illegal money transfers, identity theft, or the compromise of valuable enterprise information.

A Layered Defense Against Malware

The RSA Man-in-the-Browser Solutions are engineered to offer organizations the ability to utilize multiple components and techniques to create a layered defense against malware. As designed, these defense layers include:

RSA Transaction Monitoring

-- Transaction-level fraud monitoring and protection for participating financial institutions -- Invisible analysis of user behavior -- Can be layered non-disruptively onto existing authentication methods -- Out-of-band phone authentication -- New features that include advanced detection of Trojans and HTML injections as well as analysis of mule accounts and user vulnerabilities

RSA Adaptive Authentication

-- Risk-based authentication based on identification and analysis of potentially risky behavior by online users -- Out-of-band phone authentication option to verify user identities in cases of possible Trojan infection -- Software-as-a-service (SaaS) and on-premise deployments

RSA FraudAction(TM) Solution

-- Detection, monitoring, blocking and shut down of phishing and Trojan attacks -- Powered by the RSA Anti-Fraud Command Center and team of fraud analysts -- Managed service minimizes internal resource investment and deploys quickly

RSA CyberCrime Intelligence Service

-- Helps identify corporate resources, user devices and data compromised by malware -- Provides access to real-time fraud data via the RSA eFraudNetworkSMcollaborative community of financial services and other organizations

Availability

RSA Man-in-the-Browser Solutions are currently available worldwide. For more information, visit http://www.rsa.com/MITB or contact RSA sales at +1-800-495-1095.

About the RSA Identity Protection and Verification Suite

The RSA Identity Protection and Verification Suite offers one of the most complete and innovative portfolios of strong authentication and anti-fraud technologies available, and is engineered to protect organizations and their online users against the latest external threats. The Software-as-a-Service (SaaS) and managed services portfolio is designed to help increase activity in online and remote transactions, inspire user confidence, and reduce fraud losses and related costs.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

EMC, RSA, FraudAction and eFraudNetwork are either registered trademarks, trademarks or service marks of EMC Corporation in the United States and other countries. All other products and/or services mentioned are trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...