To help address the dangers posed by ever more sophisticated malicious software infecting the computers of users of corporate online banking services, IronKey (Los Altos, Calif.) today announced its Trusted Access for Banking solution. This new product is an application and services suite that leverages the capabilities of IronKey's Trusted Computing Environment platform to allow banks to provide identity protection, authentication and fraud protection at the endpoint for corporate banking customers.
The computer security industry is discovering increased numbers of malicious software variants that are designed to steal identity credentials and perform fraudulent transactions from the computers of infected banking users. A recent Symantec report states there are 70,330 unique variants of the Zeus banking Trojan malware, with the true absolute figure much higher, and it's one of the top risks to users of online corporate banking services.
IronKey Trusted Access for Banking is a purpose-built application of the IronKey multifunction security device. Corporate banking customers plug it into a computer and enter their device password. Once the IronKey device is unlocked, its virtualized operating system automatically runs and a secure Web browser launches and goes directly to the bank's website. The locked-down Web browser is protected against malware from the host PC, and may also be configured to allow users to visit only specific websites.
Zeus/Zbot is different than other Trojans because it gives hackers the ability to alter Web input rendered by the victim's browser to display its own content, mimicking a bank's Web page form as a legitimate bank website. When the unsuspecting user completes the additional fields on the form, these private credentials are sent directly to the criminal. It can even be customized to steal information from banks in a specific geographic region.
IronKey Trusted Access for Banking has SaaS or software centralized management capabilities for policy control and reporting.