As most readers here know, IBM Security Trusteer helps enterprises accelerate digital growth by seamlessly detecting fraud risk (including in IAM systems such as IBM Security Verify), establishing digital identity trust and simplifying access with frictionless continuous authentication across the digital user journey.
As we work to innovate, improve and simplify, we wanted to pause and share with you some of the new capabilities that we’ve introduced into Trusteer Pinpoint over the past few months.
Addressing unusual times – and beyond. It is well recognized that many employees now working from home are using personal, unmanaged devices. To help provide essential visibility into this emerging risk area, IBM has created an agentless solution that quickly exposes the risk and alerts to compromised credentials and infected devices attempting to access the organization’s data. The Trusteer solution evaluates hundreds of signals, including device identification, session manipulation, virtual deceiving tools, location, suspicious evidence and behavior analysis, and alerts you to high-risk access. To speak with someone about this remote workforce solution, go here.
- Optimized processing and communication of information about the current session to the Pinpoint server
- Reduced the collection of information required to detect usage of Remote Access Tools (RAT) often used by cybercriminals
We’ve also improved performance of the Pinpoint server-side API and can now quickly return with an assessment if nothing changed since the previous assessment.
Chrome aligned. To align with recent changes to the Chrome default referrer-policy, we’ve updated Pinpoint to ensure no disruption to the communication about the current session to the Pinpoint servers.
Pinpoint uses multiple kinds of feeds to indicate that access to an end user's account is suspected of being from an account that was taken over and that cybercriminals might be using the account to perform malicious activities. We’ve added a Global Device ID (GDID) field to mail feeds that include information about the session. GDIDs help globally identify a device that connects to more than one application, further informing your ability to take action, assess the activity and prevent fraud.
Go mobile! If you have a mobile app, you may be interested to learn that IBM Security Trusteer Mobile SDK 5.1, released in June, offers you several important enhancements:
- Continuous risk notification for SDK-S, delivering more value with less coding effort. The SDK-S API introduced in 5.0 now comes with an automated notification mechanism to Pinpoint server. SDK-S automatically sends an updated risk indication to Pinpoint when detecting an event that requires an update, such as a change to the session score or detection of an overlay attack.
- Detecting malicious VPN: The SDK now analyzes the type of network interfaces used by the device for both iOS and Android operating systems, and sends this information to Pinpoint for comparing the connection interface against known malicious protocols.
- Faster initial risk assessment. We have split the calculation of risk items into two phases, speeding up initial risk assessment without the need to wait for all risk items to be calculated. The first phase provides a partial risk assessment of critical risk items such as Rooted / Jailbroken devices, applications running on an emulator / virtual environment and configuration not updated. The second phase includes the calculation of the rest of the risk items. An intermediary result is provided when calling the risk assessment API, indicating the phase of the risk assessment. Please refer to Trusteer Mobile SDK online documentation to update yourself on this latest use of 'WaitForBackgroundOps()' API.
Seeing linkages is power. I share with great delight that we have implemented the first stage of Trusteer Link Analysis on the Trustboard, Trusteer's new fraud analytics dashboard. Link Analysis enables searching for linkages between devices, accounts or IPs, among others. This powerful mechanism helps identify accounts that have been compromised by a single device, IP or other attribute. The capability is particularly useful as an organization gains more insight into potential mule accounts or general fraudulent activity across accounts. It is a far more holistic approach than investigating account by account to try identify individual fraudulent sessions. For more information, head to the customer portal, where you will find the most recent documentation.
Please reply here to any of the info above. Let me know what you think and keep us informed about how we can further help your business and security teams partner in unlocking innovation and growth.
Offering Manager, IBM Security Trusteer Pinpoint Portfolio