Versafe, the Israeli security startup acquired today by F5 Networks, in Seattle, Washington, recently introduced its TotALL online fraud protection suite, which claims to protect financial institutions against all forms of fraud and malware without requiring any client software downloads.
It is a very bold claim but one that Versafe is comfortable in supporting because of its unique technology. It is also the prime reason that F5 said it acquired the company.
I recently spoke with Jens Hinrichsen VP, Marketing & Business Development at Versafe. Here are my notes:
- The company was co-founded by Eyal Gruner who made a name for himself when he was just 20 years old discovering a vulnerability in ATM machines. He also co-founded BugSec, which tests the security of banking systems.
- The TotALL suite is designed to protect financial systems no matter the architecture of client devices. It consists of two components, Websafe and MobileSafe.
- WebSafe claims to protect all users across all devices from threats such as zero-day attacks, man in the middle, etc., It also prevents personal information and login details from being stolen by third-parties. And it stops automated attacks intended to steal money from user accounts. Plus it stops phishing attacks in which fake web sites are used to fool bank customers.
- MobileSafe can detect if a mobile device has been jail broken, and it also can match the devices ID against behavioral information to spot suspicious behavior.
- Versafe assumes that all customers of financial institution are infected by some type of malware.
- There is no good reason to develop client based security software because it requires users to keep software updated. And there are many changes in architecture that can easily open up new vulnerabilities. This relieves financial institutions from trying to secure a large range of mobile devices and have to update those security measures as those platforms change.
- Versafe installs its protection at the application level. By assuming every user is potentially infected with malware, the security system monitors the application and block any behaviors that are a security risk.
- The goal is to protect the financial applications from becoming modified by any malware by using polymorphic protection.
- Versafe says the security suite can quickly be integrated with customer's IT systems in as little as one day.
- The key benefit is that there is no need to install new software on client devices, the entire protection is transparent to users, requiring no additional steps.
- The Versafe solution works with any browser -- another key advantage. Since the architecture of smartphones and browsers is in constant flux the best place for security is at the server level.
- The way TotALL works is confidential, to stop hackers from figuring out a way around the security. Part of the solution involves using one-time public keys on the server.
- F5 was a partner of Versafe and says it was this ability to work with any mobile device and any browser that led to its decision to acquire the company for an undisclosed amount.