Introducing Entrust IdentityGuard Mobile — Another Proven Entrust Solution for Stopping Man-In-The-Browser Attacks

April 20, 2010

DALLAS, April 20 /PRNewswire/ — As man-in-the-browser attacks continue to siphon funds from unsuspecting businesses and consumers, Entrust, Inc. delivers three proven methods for thwarting the dangerous malware — the latest a new authentication method for smartphones. Easily deployed on today’s most popular mobile platforms, Entrust IdentityGuard Mobile is a cost-effective, easy-to-use method of authenticating the identities of consumers and business-banking customers.

“Our existing comprehensive solutions are stopping online fraud, including man-in-the-browser attacks, today,” said Entrust President and CEO Bill Conner. “But the addition of Entrust IdentityGuard Mobile to our proven strong authentication platform places an effective, easy-to-use authenticator in the hands of anyone with a smartphone. It joins Entrust TransactionGuard to address the problem standard methods like antivirus and traditional strong authentication fail to solve today — particularly for business-banking clients who are being hit hard right now.”

Building on the momentum of Entrust IdentityGuard and Entrust TransactionGuard, Entrust is the only security vendor on the market that offers three highly deployable and effective capabilities for thwarting attacks by Zeus(1) and other man-in-the-browser malware — behavioral and transactional fraud detection; SMS authentication with transaction details; and mobile out-of-band transaction verification and signature.

In its 2009 report, “Where Strong Authentication Fails and What You Can Do About It,” leading research analyst firm Gartner found that man-in-the-browser attacks are best defeated by employing specific security methods.

“Enterprises need to protect their users and accounts using a three-prong fraud prevention approach that employs authentication, fraud detection, and out-of-band transaction verification and signing for high-risk transactions,” said Gartner vice president Avivah Litan in the December 2009 study.(2)

Entrust’s three proven methods are particularly critical for financial institutions with corporate- or business-banking customers, as numerous attacks in the past year have resulted in significant loss. The FBI states that 2009 saw $559.7 million in actual loss from online fraud.(3) The agency has also stated that more than $40 million in actual losses, occurring in the U.S. alone, stemmed from attacks on corporate banking for small- to mid-sized organizations.(4)

Trusted research and advisory services firm TowerGroup, which focuses exclusively on the global financial services industry, agrees that financial institutions need to take very specific steps to stopping man-in-the-browser threats.

“Man-in-the-browser attacks are a very real threat that financial institutions — both large and small — should proactively defend against to safeguard their business and customers,” said TowerGroup senior research director George Tubin. “While there are several ways to address this malware trend, financial institutions will initially deploy one or more solutions to their customers on voluntary basis. Financial institutions that are early to market with customer-oriented solutions will be viewed favorably by an increasingly skeptical, and vulnerable, customer base.”

With the latest addition to the Entrust IdentityGuard platform, Entrust is the leader by delivering a useable and effective mobile solution to address man-in-the-browser attacks. Leveraging standards-based technology and without requiring any specialized hardware, Entrust IdentityGuard Mobile provides one-time-passcode authentication in combination with seamless out-of-band delivery of transaction details. This combination helps defend against man-in-the-browser malware — efficiently and without user inconvenience.

“With a combination of our real-time behavioral and transactional fraud detection solution, SMS authentication with transaction details and now Entrust IdentityGuard Mobile, Entrust offers a proven and comprehensive answer to man-in-the-browser malware — giving financial institutions multiple effective choices from a single trusted vendor,” said Conner.

This innovative new authenticator is designed to help defeat man-in-the-browser attacks by providing transaction details instantly to users for review and confirmation from within the authentication application — all in a straightforward manner that doesn’t require the use of external delivery services, such as SMS. Helpful options include the ability to store and save transaction history, as well as enabling deploying organizations to easily incorporate their brand into the application.

Entrust IdentityGuard Mobile is a software-based, one-time-passcode authentication application that is designed to operate with today’s leading smartphone platforms, including the Apple iPhone, RIM BlackBerry, Microsoft Windows Mobile and Symbian (Java). The new mobile authenticator is currently scheduled to be available in summer 2010 as part of the release of Entrust IdentityGuard 9.3, a strong authentication solution that provides the widest range of authenticators available on single platform.

Not exclusive to banking environments, Entrust IdentityGuard Mobile may also be used with Entrust IdentityGuard to provide strong authentication for enterprise use, remote access or government initiatives. The application can manage multiple identities on a single device, making it one of the most versatile and easy-to-use soft tokens available on the market today.

Entrust enables organizations to layer security — according to access requirements or the risk of a given transaction — across diverse users and applications. Entrust’s authentication capabilities include username and password, IP-geolocation, device, questions and answers, out-of-band one-time passcode (delivered via voice, SMS or e-mail), grid and eGrid cards, digital certificates (in software or on smart cards/USB Tokens) and a range of one-time-passcode tokens, including Entrust IdentityGuard Mobile. Entrust also provides multiple methods of supporting mutual authentication, including picture and caption replay as well as Extended Validation (EV) SSL certificates.

Want to know more about how Entrust IdentityGuard Mobile can help defeat man-in-the-browser malware? Visit entrust.com/mobile for detailed capabilities, features and supported platforms.

    (1) "In online business banking, 'botnet' malware lurks," Mark
        Kellner," The Washington Times, April  7, 2010.
    (2) "Where Strong Authentication Fails and What You Can Do About It,"
        Avivah Litan, Gartner, Inc.,December 3, 2009.
    (3) "2009 Internet Crime Report," Internet Crime Complaint Center
        (IC3), March 12, 2010.
    (4) "FBI: Cyber crooks stole $40MM from U.S. small, mid-sized
        firms," Brian Krebs, The Washington Post: Security Fix, October 26,

About Entrust

Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and Web sites in more than 4,000 organizations spanning 60 countries. Entrust’s identity-based approach offers the right balance between affordability, expertise and service. For strong authentication, fraud detection, digital certificates, SSL and PKI, call 888-690-2424, e-mail entrust@entrust.com or visit www.entrust.com.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.

SOURCE Entrust

Source: newswire

comments powered by Disqus