Banks must adopt a layered approach to security in order to combat highly sophisticated cyber-attacks, the FFIEC said in a supplement released June 28. The new rules update the 2005 "Authentication in an Internet Banking Environment" guidance to reflect new security measures banks need to fend off increasingly sophisticated attacks.
One of the layered security controls recognized by the guidance to help prevent fraud is the use of USB devices "that increase session security when plugged into the customer's PC." Unlike competing solutions that increase the attack surface by adding virtualization and sandboxing software, Secure Pocket Drive boots the PC directly into a fast, native, Microsoft Windows Embedded Standard 7 operating system contained within the drive itself. Since the Microsoft Windows operating system running from Secure Pocket Drive doesn’t access the host PC’s hard drive, there is no chance of cross-contamination with the environment that is used every day. Thus, Secure Pocket Drive "enables a secure link between the customer's PC and the financial institution independent of the PC's operating system and application software," as recommended by the FFIEC.
Because Secure Pocket Drive boots a native Microsoft Windows operating system, it delivers the capabilities that bank examiners will now look for without the use of proprietary vendor back-end services that require changes to existing bank infrastructure systems.
Secure Pocket Drive stops hackers where they are attacking--- at the customer's PC, by presenting a secure, read-only, and easy-to-use thin client environment to banking customers while allowing security administrators to ensure that the device is always patched, up-to-date, and is enforcing the institution’s latest security policies. If lost or stolen, the device can be deactivated remotely.
Even if a computer is infected with malware, browser sessions initiated using Secure Pocket Drive remain safe, secure, and private, as highlighted in the FFIEC's review of today's threatscape.
For more information or to purchase Secure Pocket Drive, visit http://www.spyrus.com/products/secure_pocket_drive.asp
About SPYRUS, Inc.
SPYRUS holds patents in the U.S. and abroad that enable solutions for secure authentication, secure communication, and full disk encryption, as well as patents relating to data protection and rights management for digital content. To prevent the insertion of untrusted components, Secured by SPYRUS™ security technology is proudly designed, engineered, and manufactured in the USA to meet FIPS 140-2 Level 3 standards. SPYRUS is headquartered in San Jose, California and is a Microsoft Gold OEM Partner. See www.spyrus.com for more information.
SPYRUS, the SPYRUS logo, Secured by SPYRUS, Hydra Privacy Card, Hydra PC, Secure Pocket Drive, and Security to the Edge are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization, and product names are trademarks of their respective organizations.