Trusteer

Rapport is a lightweight security software solution that protects web communication between enterprises, such as banks, and their customers and employees.

Rapport implements a completely new approach to protecting customers and employees. By locking down customer browsers and creating a tunnel for safe communication with the online website, Rapport prevents Man-in-the-Browser malware and Man-in-the-Middle attacks. Rapport also prevents phishing via website authentication to ensure that account credentials are passed to genuine sources only.

Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans. Its proprietary browser lockdown technology simply prevents unauthorized access to information that flows between customer and employee websites regardless of whether these attempts were generated by new or known Trojan variants. Rapport is also capable of preventing very targeted and under the radar phishing attacks.

Enterprises such as banks can easily configure the system to protect customers and employees and begin offering them Rapport software for quick download from their website. Following a simple one time installation process, Rapport begins securing browsers, works in the background and does not call for a change in user behavior – customers and employees can bank and use the internet as usual – thus enabling fast adoption. Rapport comes with a rich management application that enables enterprises to effectively trigger alerts, view and analyze data as well as manage security.

Rapport is focused on preventing online fraud committed by financial malware and differs from Anti-Virus and Firewalls because it:

• Locks down access to financial and private data instead of looking for malware signatures
• Communicates with your online banking website to provide feedback on security level and report unauthorized access attempts
• Allows for immediate action to be taken against changes in threat

It’s a known fact that the internet is a hotbed of online crime. So when customers and employees bank and shop online or remotely connect to their office, they become prime targets for online fraud and so does the enterprise they do business with.

With 90% of attacks moving to the browser, this is the weakest link that fraudsters are exploiting. Strong authentication techniques such as OTP’s and Out-of-Band authentication do not provide adequate protection because fraudsters have learnt how to bypass them.

Fraudsters are rapidly coming up with sophisticated techniques to hijack customer account credentials and commit fraud everyday, making it tough to keep up. Here are three of the top threats online bankers are up against:

Man-in-the-Browser attacks - Zeus, Silon, Torpig and Yaludle are just some of the lethal Trojans in the wild today that focus on committing online fraud. They wait for customers and employees to log-in to their account and then begin tampering with their browser to commit fraud. These Trojans find their way onto computers and into the browser by exploiting software vulnerabilities before the vendor has had a chance to create a workaround. Such attacks are also called Zero day attacks.

Man-in-the-Middle attacks - Using proxy servers, DNS poisoning and other techniques, fraudsters force customer and employee communications with the website to pass through them. Fraudsters then intercept traffic and read login information or change transactions and web pages. Some instances of such attacks don't involve any access to the victim's computer and can be achieved by tampering with the ISP's servers directly.

Phishing – Fraudsters create fake websites that look like online banking or enterprise websites to trick customers and employees into submitting their account credentials. Without knowing what to look out for in the browser, customers and employees can easily fall victim to such attacks.

Read research reports by Trusteer

Features

• Blocks Zeus, Torpig, Silent Banker and other Man-in-the-Browser attacks
• Blocks Keyloggers and screen grabbing
• Blocks Man-in-the Middle attacks
• Blocks Phishing attacks
• Works on both Windows and Mac
• Protects immediately upon install
• Complements other security software
• Transparent to customers and employees unless a threat is detected
• Delivers advanced reporting on current and new threats including zero-day attacks
• Comes with pre-packaged marketing tools and materials
• 24x7 support option

Benefits

• Prevents wire and ACH fraud
• Protects against account takeover attacks
• Deployment within weeks, requires no change to enterprise applications
• Fast notification of threats affecting your customers and employees
• Fast adoption by customers using proven tools
• Added security with no change in user behavior
• Proactive rather than reactive to threats and incidents

Trusteer’s technology protects the weakest link in the online banking security chain – the browser. Rapport is based on three proprietary security technologies that can easily scale to protect customers and employees against the rapidly growing threat of malware and online fraud. Its lack of dependence on heuristics or signatures ensures this scalability. Here are the technologies Rapport employs to make online browsing safe from criminal attacks.

Browser Lockdown - This technology specifically prevents unauthorized access to sensitive information in the browser. Before launching the browser, Rapport verifies its integrity, preventing unauthorized modifications to the browser's executable. Rapport locks down all programmatic interfaces to sensitive information inside the browser while it is connected to a protected website. This prevents browser add-ons and other pieces of software from accessing login information, financial information and transactions based on customized policy created with the enterprise. Additionally, Rapport protects the browser's memory and prevents any pieces of code injected into the browser's memory from capturing or modifying sensitive information.

 Keystroke Lockdown - Rapport prevents tampering and reading of data by encrypting sensitive information from the moment it is typed into the keyboard until it reaches the browser. Trusteer encrypts keystrokes very low in the operating system’s kernel and keeps them encrypted inside the kernel and user space to achieve this goal.

Communication Lockdown - This technology enables Rapport to verify the legitimacy of the website that the customer or employee is currently using, preventing the submission of sensitive information to fraudulent websites. What’s more, verification of a direct connection with the website and assurance of encryption are also confirmed to prevent Man-in-the-Middle attacks.

Actionable Intelligence - All policy violations, such as attempts to read password fields and change web page content are reported to the Trusteer cloud-based fraud analysis service. Trusteer’s team of fraud analysts works 24x7, analyzing information from customers all over the world in order to identify new attack patterns. Advanced automatic update mechanisms allow Trusteer to react immediately to new threats. Organizations are immediately alerted regarding new attacks as they occur, instead of days, weeks, and even months after the fact.

For Enterprises

A lightweight security solution, enterprises can deploy Rapport and begin protecting their customers and employees in days. Rapport comes with a proprietary management application that enables central management of security activities including alert triggering, data viewing and analysis, managing security levels and more.

Trusteer’s Fraud Analysis experts work 24X7 to deliver maximum coverage by analyzing data coming from Rapport installations across the customer base and deciphering new attack patterns. Several actionable intelligence feeds are also available to minimize the risk associated with compromised accounts and block fraud sources before they reach other customers.

For Customers and Employees

Rapport is downloaded only once via a simple installation process that requires no technical skills. Repeat downloads are not required no matter which enterprise it was originally downloaded from. The secure browsing software solution works in the background and doesn’t call for change in user behavior – online banking and use of the internet can continue as usual. Rapport only pop’s up to provide alerts about potential threats and is otherwise transparent. Trusteer operates a 24 hour support center to answer customer questions, which ensures a smooth user experience.

See what firstdirect and their customers have to say about Trusteer Rapport

See what customers have to say about Rapport

See which enterprises are already using Rapport to protect their customers