Interview with a trust defender: Ted Egan, CEO

Alex Zaharov-Reutt
Friday, 05 February 2010 21:45

Business IT - Security

Emerging Australian security powerhouse TrustDefender is quietly beavering away and winning big deals in the UK and Europe to uniquely secure the authentication, log-in process and session used by some of the continent's biggest financial institutions, other enterprises and their customers, putting the trust back into Internet transactions where traditional security solutions have failed.

With the ever growing sophistication of online criminals and malware/trojan writers reaching mountainous new heights, including the use of military-style encryption techniques and other tactics to remain invisible to regular security products, the war against the terrors of malware is being lost by many.

This is despite an ever growing number of reports by major security organisations and research firms (RSA and Deloitte and others) pointing towards the authentication process and the end-point. The end-point computer is under increasingly sophisticated attack, with most enterprises and organisations unwilling or unable to take the security health status of end-point devices into consideration.

For example, Deloitte notes that: 'Today's cyber criminals are increasingly adept at gaining undetected access and maintaining a persistent, low-profile, long-term presence in IT environments. Meanwhile, many organizations may be leaving themselves vulnerable to cyber crime based on a false sense of security, perhaps even complacency, driven by non-agile security tools and processes.

The Deloitte report continues: 'Many are failing to recognize cyber crimes in their IT environments and misallocating limited resources to lesser threats. For example, many organizations focus heavily on foiling hackers and blocking pornography while potential'”and actual'”cyber crimes may be going undetected and unaddressed. This has generated significant risk exposure, including exposure to financial losses, regulatory issues, data breach liabilities, damage to brand, and loss of client and public confidence.

A final quote from the Deloitte report says that: 'Data is more valuable than money. Once spent, money is gone, but data can be used and reused to produce more money. The ability to reuse data to access on-line banking applications, authorize and activate credit cards, or access organization networks has enabled cyber criminals to create an extensive archive of data for ongoing illicit activities'.

It is amazing to see organisations spending huge amounts of money protecting their own networks, only to find compromised end-point computers in the hands of consumers causing headaches as new attack vectors such as the consumer desktop or mobile phone comes under attack - with massive financial losses to big business criminal syndicates the terrifying and expensive end results - affecting businesses, governments and consumers.

It appears a number of local and international institutions are taking the lead while finally seeing the unique benefits of the real-time risk based security technology provided by the TrustDefender solution. According to TrustDefender's CEO there are a number of announcements due in the near future so I decided to talk to him for an update on the security issues he is seeing that we all face, why TrustDefender is quietly winning overseas business and where to from here.

Egan started off by explaining that: 'Security is a complex animal, while the online consumer, generally speaking, mums, dads, grandparents, etc - just don't understand the jargon used by the IT industry, even when you're talking about malware, firewalls or potential threats - they are confused. However, everyone seems to have a story to tell about themselves or a friend who has been defrauded by malicious software, identity theft or an online criminal incidence. When this sort of terminology is used on a website or in the media most just don't understand - and don't take the right protective actions.'

Egan continues: 'The other real issue is that authentication is not security and in the security context, the current authentication solutions on their own are proving not strong enough to beat the techniques of today's innovative criminal, meaning you cannot rely on the authentication methods used by most online businesses or social networks to protect your identity or private and confidential details when you're logging onto the Internet.

'Even out of band solutions, such as SMS or physical tokens, are now being attacked by criminals who are writing malicious software to defeat authentication methods. For example malicious software such as the 'URL Zone', does not even try to defeat the authentication process, instead riding in on the back of the already authenticated session. This malware even manipulates the online statements so that the bank and the account holder is none the wiser.

'Even with the advancements in SSL with EV SSL usually seen as a padlock in your browser, malware writers are writing Trojans that will bypass the security of the browser, while loading HTML directly in front of the real website so as they can collect, manipulate or deceive the online business and the computer user in real-time - all when the customer thought they were in a secure online session!

'Effectively the criminals are hijacking the authentication process', explains Egan. He continues, saying: 'Authentication has been a big sell in the security market for a long time, but with criminals are upping the ante, the next big challenge is to secure the authentication process in real time, which is where TrustDefender steps into the equation'.

So, where is the current authentication process breaking down? Continued on page two, please read on'¦