RSA has announced a set of services aimed at defeating man-in-the-middle attacks, in which a secure link is hijacked by someone looking to steal data.
The Man-in-the-Browser Solutions package offers four distinct services aimed at beating the attacks: transaction monitoring; adaptive authentication; fraud action; and a cyber crime intelligence service.
"Online criminals are continually evolving their tools and tactics to work around defences established by even the most security-conscious organisations," said Christopher Young, senior vice president of products, technologies and markets at RSA.
"Organisations need to approach this problem with a multi-layered defence strategy reinforcing security measures at log-in that in isolation can be thwarted.
"This includes the ability to detect, monitor, shut down and cull intelligence based on transactions, malware and online attacks."
Transaction monitoring analyses the user's behaviour for unusual activity, and looks for malware that could be used in such attacks. It will be run in association with participating financial institutions.
Adaptive authentication uses out-of-band phone identification to avoid man-in-the-middle attacks, as well as risk assessment based on the user's behaviour. It is also adapted to run on cloud services.
RSA's fraud action package is a managed service that shuts down Trojan and other malware attacks, according to the firm, and the cyber crime intelligence service informs the first three services.
"Cyber criminals are able to [access] online banking sessions in real time, concurrent with the victim," said Robert Vamosi, a security, risk and fraud analyst at Javelin Strategy & Research.
"No standalone authentication or other security tool is enough to defend against the more sophisticated man-in-the-browser attacks."
No comments:
Post a Comment