New Trusteer Service Spots Malware On Endpoint Devices

A provider of secure Web access services introduced a new service Wednesday that detects the presence of malware on endpoint devices without the need to install detection software on the device itself. Instead, Trusteer's Pinpoint service runs on the server that delivers the Web application to the device, and, if it detects malware, blocks the device from logging in or prompts the user to download a Trusteer application that removes the malware.

Trusteer Pinpoint runs in the Web browser delivering an application to an endpoint device. It uses intelligence gathered from malware command-and-control servers to detect malware and behaviors that may indicate the presence of malware.

The cloud-based database is constantly updated as new forms of malware appear. Unlike other malware detection solutions that monitor user behavior, Pinpoint monitors device behavior, which Trusteer CEO Mickey Boodaei claims is more accurate and eliminates the false positives that some other solutions generate.

"We are looking at specific behaviors that the browser is doing while connected to the Web application," Boodaei explains. "We have found a way of measuring these impacts by looking at and analyzing the traffic and finding evidence of the way in which the malware interferes with the flow of the traffic and with the information that is being sent to the Website."

Monitoring device behavior for malware, as Trusteer does, may be more accurate than technology that monitors user behavior, says Avivah Litan, a VP and distinguished analyst at Gartner research. In user monitoring, the system tracks how real users typically behave when visiting the site to get a baseline of expected behavior, and then behavior outside those norms is suspected malware."Those things can be beaten," Litan says. "I would say that probably Trusteer does a better job of pinpointing malware than competing solutions that go at it from a different angle." If Pinpoint identifies malware on an endpoint device, the service blocks user log-in and directs them to download Trusteer Rapport, the company's security software for desktops and laptops, including Macs.

Pinpoint is already running in beta form with several financial institutions in North America and Europe that offer mobile apps for consumers to view their bank balances and to transfer funds. With such services, security is important to prevent unauthorized access to accounts, Boodaei says.

"They can actually take action based on the information that Pinpoint generates, whether it's to block the transaction or block the user from logging on or to challenge the user for more information or a higher level of authentication," he says. "This is the next level that all the banks are taking right now."

Pinpoint can also be used by a variety of enterprises to secure endpoint devices trying to access corporate Web-delivered apps. Pricing for Pinpoint starts at $10,000 a year for enterprises with up to 1,000 users, the company says.

See more on this topic by subscribing to Network Computing Pro Reports Mobile Apps: A Whole New Ball Game (subscription required).