A provider of secure Web access services introduced a new service Wednesday that detects the presence of malware on endpoint devices without the need to install detection software on the device itself. Instead, Trusteer's Pinpoint service runs on the server that delivers the Web application to the device, and, if it detects malware, blocks the device from logging in or prompts the user to download a Trusteer application that removes the malware.
Trusteer Pinpoint runs in the Web browser delivering an application to an endpoint device. It uses intelligence gathered from malware command-and-control servers to detect malware and behaviors that may indicate the presence of malware.
The cloud-based database is constantly updated as new forms of malware appear. Unlike other malware detection solutions that monitor user behavior, Pinpoint monitors device behavior, which Trusteer CEO Mickey Boodaei claims is more accurate and eliminates the false positives that some other solutions generate.
"We are looking at specific behaviors that the browser is doing while connected to the Web application," Boodaei explains. "We have found a way of measuring these impacts by looking at and analyzing the traffic and finding evidence of the way in which the malware interferes with the flow of the traffic and with the information that is being sent to the Website."
Monitoring device behavior for malware, as Trusteer does, may be more accurate than technology that monitors user behavior, says Avivah Litan, a VP and distinguished analyst at Gartner research. In user monitoring, the system tracks how real users typically behave when visiting the site to get a baseline of expected behavior, and then behavior outside those norms is suspected malware.