RSA fights man-in-the-browser attacks
RSA Man-in-the-Browser Solutions is a portfolio of anti-fraud services designed to provide defense against theft of online information. It includes newly enhanced transaction monitoring as well as risk-based authentication; Trojan detection and attack shut down; and intelligence to identify malware-infected enterprise environments.
MITB attacks are designed by fraudsters to infect a web browser with malware that can result in modified web pages and transactions that are largely transparent to both the user and the host application.
Trojans such as Silent Banker, Sinowal and Zeus are pre-programmed by fraudsters to activate when the user’s browser accesses a specific website such as their online banking portal. The activated Trojan can then track the online session and perform real-time interception and manipulation of information that can lead to illegal money transfers, identity theft, or the compromise of valuable enterprise information.
The RSA Man-in-the-Browser Solutions are engineered to offer organizations the ability to utilize multiple components and techniques to create a layered defense against malware. As designed, these defense layers include:
RSA Transaction Monitoring
- Transaction-level fraud monitoring and protection for participating financial institutions
- Invisible analysis of user behavior
- Can be layered non-disruptively onto existing authentication methods
- Out-of-band phone authentication
- New features that include detection of Trojans and HTML injections as well as analysis of mule accounts and user vulnerabilities.
RSA Adaptive Authentication
- Risk-based authentication based on identification and analysis of potentially risky behavior by online users
- Out-of-band phone authentication option to verify user identities in cases of possible Trojan infection
- SaaS and on-premise deployments.
RSA FraudAction Solution
- Detection, monitoring, blocking and shut down of phishing and Trojan attacks
- Powered by the RSA Anti-Fraud Command Center and team of fraud analysts
- Managed service minimizes internal resource investment.
RSA CyberCrime Intelligence Service
- Helps identify corporate resources, user devices and data compromised by malware
- Provides access to real-time fraud data via the RSA eFraudNetworkSM collaborative community of financial services and other organizations.