PRTODAY / NewswireToday Free press release distribution service network

Written by / Agency / Source: IronKey

Check Ads Availability|e-mail Article


Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

IronKey Introduces Protection for Banks and their Customers from RSA SecurID Data Breach - IronKey Trusted Access for Banking allows banks to protect their commercial banking customers from the risk of compromised RSA SecurID authentication tokens
IronKey Introduces Protection for Banks and their Customers from RSA SecurID Data Breach

 

NewswireToday - /newswire/ - Sunnyvale, CA, United States, 2011/03/21 - IronKey Trusted Access for Banking allows banks to protect their commercial banking customers from the risk of compromised RSA SecurID authentication tokens.

   
 
Your Banner Ad Here instead - Showing along with ALL Articles covering Computer Hardware/Storage Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

On March 17, 2011, RSA Executive Chairman Art Coviello made a public announcement that cyber criminals had penetrated internal systems at RSA, and the resulting data breach could compromise the authentication capabilities of their SecurID authentication tokens. SecurID tokens are used by tens of millions of users to securely log into online banking and enterprise networks over the Internet. RSA is the security division of EMC, Inc.

IronKey today announced that their Trusted Access for Banking product is immediately available to allow banks to protect their commercial banking customers from the risk of compromised RSA SecurID authentication tokens.

“Criminals used an Advanced Persistent Threat (APT) attack to breach the RSA SecurID infrastructure, and can now combine that information with data-stealing malware in order to compromise high value online banking sites,” said Dave Jevans, IronKey’s founder and chairman. “IronKey is already working with banks impacted by the RSA SecurID data breach in order to protect their customers. Banks that are using IronKey Trusted Access for Banking in combination with RSA SecurID can be reassured that their online banking users are kept safe from criminals involved in this massive breach. For banks that need immediate protection, Trusted Access can be deployed to their clients immediately, and does not require modification to back-end banking websites.”

While law enforcement continues to investigate the breach at RSA, the incident threatens the integrity of bank payment services, enterprise remote access and government systems. It is the focus of ongoing efforts by the U.S. Treasury, FS-ISAC, and other industry bodies tasked with securing global financial services. The most likely scenario proposed by industry experts is that the secret codes, also known as seeds, used to generate one-time passcodes have been compromised or stolen, potentially allowing RSA SecurID authentication to be performed without a genuine token. RSA states “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” To do this, criminals must match their stolen data with real user identities.

Criminals will likely turn to crimeware such as ZeuS and SpyEye to infect the computers of online banking users. These toolkits allow rapid development and distribution of Trojans that can match users to SecurID tokens and capture the additional information needed to successfully takeover online accounts and steal money. Additional data required by criminals include sample one-time passcodes generated by an RSA SecurID device or software token, authentication PINs, and private challenge answers only known to users. Crimeware toolkit attacks likely to be used include:

• Man-in-browser attack: By modifying browser executables and shared libraries, criminals can present users with fake web pages and requests for information such as one-time password codes entry and private challenge answers;
• Keylogging: Capture of keystrokes including one-time passcodes, authentication PINs, and other personally identified information;
• Network monitoring: Listening for user access to specific online banking sites to activate attacks and filter for only relevant banking information;
• DNS tampering: Modification of computer network settings to redirect users to realistic but fake banking sites used to capture credentials.

Aware of the potential for compromise to online banking accounts requiring RSA SecurID authentication, RSA (rsa.com) has recommended customers strengthen the security of SecurID deployments. These suggestions include use of strong passwords/PINs in combination with one-time passcodes, closely monitor user databases that could link users with tokens, and reiterate anti-fraud education. While best practice security recommendations, these methods have and can easily again be compromised using the malware toolkits and attacks described earlier.

IronKey Trusted Access for Banking allows banks to continue using their existing SecurID deployments and banking applications without enabling criminals to make use of the stolen RSA data. IronKey designed Trusted Access for Banking to isolate online banking users from APT attacks using toolkits such as ZeuS and SpyEye rather than trying to detect them.

Specifically, Trusted Access addresses these likely attacks:

• Man-in-browser attack: Trusted Access isolates users from malware by running in a fully virtualized OS environment, does not depend on desktop browsers, and runs from a write-protected USB security device;
• Keylogging: Protects keyboard input, including one-time passcodes, authentication PINs, and challenge questions, from keylogging software;
• Network monitoring: Encrypts all network access through a secure tunnel so Trojans are unable to monitor DNS lookups and website access to indentify online banking activity;
• DNS tampering: Provides authoritative DNS lookups that are not dependent on local network or ISP settings and are delivered through an encrypted tunnel.

In addition to immediately strengthening an RSA SecurID deployment, Trusted Access also allows banks to address current and draft industry guidelines. Trusted Access allows banks to provide a dedicated online banking experience as recommended by NACHA and the FBI.1 As well, draft FFIEC guidance that updates 2005 online banking authentication guidelines recognizes that a USB device that securely connects users to online banking is a relevant multi-layer security control to prevent fraud.2

IronKey Trusted Access for Banking is available immediately worldwide. With Trusted Access for Banking, users simply connect their Trusted Access USB device to their computer to automatically launch a protected, virtualized online banking environment. The Trusted Access Browser starts at the bank’s home page and restricts users to only navigate to bank-authorized websites. To protect users from ever-changing malware, Trusted Access for Banking does not rely on potentially compromised and vulnerable applications on the user’s host computer. Instead, a secure, encrypted connection to online banking is made through the IronKey Trusted Network to lock out man-in-the-middle and DNS attacks. Advanced encrypted keyboard input protects users from keyloggers that can steal user names and passwords.

1National Automated Clearinghouse Association (NACHA)
2Federal Financial Institutions Examination Council (FFIEC)
Resources

“Protecting Online Banking Customers from Evolving Cyber Crime Threats,” a 20-minute online webcast from IronKey, can help you understand the risks facing anyone using a PC for online banking and why anti-virus software and firewalls and other conventional safeguards are not able to stop these attacks. The webcast explains the latest bank phishing attacks, the ZeuS Trojan and SpyEye, the "mule" economy and dozens of other topics relevant to understanding and fighting this serious crime wave.

“Trusted Access Guided Demonstration” provides a complete product demonstration and example attacks. Presented by Kapil Raina, senior product manager at IronKey, the demonstration also shows how banks can easily issue and managed Trusted Access.

About IronKey
Ranked as the 14th best venture-funded startup in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromise of passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as ‘FutureNow 2010 Top 5’ from Bank Technology News. Visit IronKey.com for more information.

 
 
Your Banner Ad Here instead - Showing along with ALL Articles covering Computer Hardware/Storage Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

Written by / Agency / Source: IronKey

 
 

Availability: All Regions (Including Int'l)

 

Traffic Booster: [/] Quick Newswire Today Visibility Checker

 

Distribution / Indexing: [+] / [Company listed above is a registered member of our network. Content made possible by PRZOOM / PRTODAY indexing services]

 
 
# # #
 
 
  Your Banner Ad showing on ALL
Computer Hardware/Storage articles,
CATCH Visitors via Your Competitors Announcements!


IronKey Introduces Protection for Banks and their Customers from RSA SecurID Data Breach

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name Newswire Today and LINK as the source.
 
  Is this your article?
Activate ALL web links and social stream by Upgrading to Press Release PREMIUM Plan Now!

|
Publisher Contact: IronKey.com 
650-492-4055 info[.]ironkey.com
 
Newswire Today - PRZOOM / PRTODAY disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any IronKey securities in any jurisdiction including any other companies listed or named in this release.

Computer Hardware/Storage via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY



Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!


Read Latest Articles From IronKey / Company Profile


Read Computer Hardware/Storage Most Recent Related Newswires:

KorenixSky--11 Korenix Launches JetNet 6828Gf for Substation Applications
Korenix Launches JetNet 6828Gf for Substation Applications
MXstudio Network Management Suite Features New Functions to Manage the Security Status of Network Devices
Curtiss-Wright’s New Memory-Maximized 16-Core Intel® Xeon® Processor D-based DSP Module is First to Support Up to 128 GB DDR-4 Memory
Moxa Launches MC-1100 Computer Designed for Industrial Automation Applications
Eurotech Announces EDCK 4001 - A New Development Kit to Create IoT Applications from Field-to-Cloud in Minutes
Korenix Introduces Modern Train Solution - Korenix JetNet 7714G-M12
Eurotech Collaborates with Red Hat on the First Code Contribution to and the Availability of Eclipse Kapua
Korenix Launches Industrial Communication Computer - JetBox8312 for High Flexibility Deployment
Moxa Releases New Switch Firmware to Ramp Up Device Security
Moxa Switches Bring Legacy Devices to PRP/HSR Networks
Korenix Launches New JetPort 5801 V3 for Serial to WIFI Transmission
Eurotech Announces ESF Release 4.0 - Featuring Support for the New ReliaGATE 20-25 and Connectivity to Multiple Clouds
Eurotech Presents New Products for Rolling Stock At Innotrans 2016
Moxa Launches Modbus-to-DNP3 Gateway to Accelerate Project Deployments

Boost Your Social Network
& Crowdfunding Campaigns


LIFETIME SOCIAL MEDIA WALL
NewswireToday Celebrates 10 Years in Business


PREMIUM Members


Visit  BizJobs.com

Visit  La Bella Bakery Artisan Bakery Arizona





 
  ©2016 Newswire Today — Limelon Advertising, Co.
Home | About | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR free press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneurs newswire distribution prtoday.com freenewswiredistribution asianewstoday bizwiretoday USA pr UK today - NOT affiliated with PRNewswire as we declined their partnership offer in 2013
 
PRTODAY & NewswireTODAY are NOT affiliated with USA TODAY (usatoday.com)