Kamis, 01 Oktober 2015

F5 acquires Versafe for its TotALL online security software

Versafe says its technology protects against malware and other threats regardless of mobile devices or browser - key weak points.


Versafe, the Israeli security startup acquired today by F5 Networks, in Seattle, Washington, recently introduced its TotALL online fraud protection suite, which claims to protect financial institutions against all forms of fraud and malware without requiring any client software downloads.

It is a very bold claim but one that Versafe is comfortable in supporting because of its unique technology. It is also the prime reason that F5 said it acquired the company.

I recently spoke with Jens Hinrichsen VP, Marketing & Business Development at Versafe. Here are my notes:

- The company was co-founded by Eyal Gruner who made a name for himself when he was just 20 years old discovering a vulnerability in ATM machines. He also co-founded BugSec, which tests the security of banking systems.

- The TotALL suite is designed to protect financial systems no matter the architecture of client devices. It consists of two components, Websafe and MobileSafe.

- WebSafe claims to protect all users across all devices from threats such as zero-day attacks, man in the middle, etc., It also prevents personal information and login details from being stolen by third-parties. And it stops automated attacks intended to steal money from user accounts. Plus it stops phishing attacks in which fake web sites are used to fool bank customers.

- MobileSafe can detect if a mobile device has been jail broken, and it also can match the devices ID against behavioral information to spot suspicious behavior.

- Versafe assumes that all customers of financial institution are infected by some type of malware.

- There is no good reason to develop client based security software because it requires users to keep software updated.  And there are many changes in architecture that can easily open up new vulnerabilities. This relieves financial institutions from trying to secure a large range of mobile devices and have to update those security measures as those platforms change.

- Versafe installs its protection at the application level. By assuming every user is potentially infected with malware, the security system monitors the application and block any behaviors that are a security risk.

- The goal is to protect the financial applications from becoming modified by any malware by using polymorphic protection.

- Versafe says the security suite can quickly be integrated with customer's IT systems in as little as one day.

- The key benefit is that there is no need to install new software on client devices, the entire protection is transparent to users, requiring no additional steps. 

- The Versafe solution works with any browser -- another key advantage. Since the architecture of smartphones and browsers is in constant flux the best place for security is at the server level.

- The way TotALL works is confidential, to stop hackers from figuring out a way around the security. Part of the solution involves using one-time public keys on the server.

- F5 was a partner of Versafe and says it was this ability to work with any mobile device and any browser that led to its decision to acquire the company for an undisclosed amount.
Diposting oleh di Tidak ada komentar:
Label:

F5 on its acquisition of 'natural fit' Versafe: Clientless security is the way forward

Clientless security and compatibility with its existing products are two of the reasons F5 Networks is acquiring Israel's Versafe, according to F5.



As reliable as security may be, it's useless unless the person responsible — whether a PC or device owner, or the manager of a nationwide network — doesn't actually deploy it as it's supposed to be deployed.

Israel's Versafe has come up with its own solution to the problem: a clientless online fraud protection system that requires no installation or even awareness by end-users that it is present. It's a product that appealed to Seattle-based data and application delivery company F5 Networks, which recently decided to buy Versafe and offer the company's TotALL Online Fraud Protection Suite as its own .

Versafe and F5 were a natural match, according to Gad Elkin, F5 Networks' regional director for Israel, Turkey and Greece. "Security is very important for us in F5, and we have a number of very good solutions. With Versafe, we will be able to reach a larger customer base ... extending our offerings and exposing more customers to the technology."

Clientless is a hot area for F5; its FirePass SSL VPN, for example, provides remote access without requiring pre-installed client software and configuration of the remote device, and allows administrators to restrict or permit access based on the security state of the device being used to access the network.

Similarly, Versafe's TotALL enables organisations to protect their entire user base from all online threat types, across all devices, in real time — without the user having to do anything. For example, the system proactively identifies changes to the HTML or injection of malicious script into a genuine site; on mobile devices, it can identify transactions initiated by malware, and stop them in their tracks.

"Clientless solutions are an important aspect of F5's offerings, and acquiring Versafe's clientless security suite is a big market advantage for us," Elkin said.

Even better for F5 is how Versafe's solution is involved, he said. Versafe's security protection is constantly being deployed and updated as needed, with that need monitored by its cloud-based Security Operations Center. Using F5's scripting language for application traffic (iRules), the appropriate protection can be deployed as needed.

"For now, we will continue offering Versafe's solution as a standalone product, while gradually integrating it with our other offerings," Elkin said. "Versafe's technology works very well with iRules, so integrating TotALL with our other products should be a smooth process."

F5 is no stranger to Israel, according to Elkin. "This is our fourth acquisition here, and we have greatly benefited from all the Israeli technology we have brought into the company."

2009, for example, F5 acquired Traffix, which developed technology for routing and load balancing, capabilities much in demand as transfer to an all-internet protocol network LTE network, with their far greater traffic demands.

Terms of the deal were not revealed, although F5 said in a statement that the acquisition "will not have a material impact" on operating results.

Advance Phishing Protection & Phishing graphic 15 june 2
Versafe's TotALL in action. Image: Versafe
Diposting oleh di Tidak ada komentar:
Label:
Langganan: Postingan (Atom)