ThreatMetrix, a provider of technologies to help organizations thwart cybercrime, on Tuesday said that it has acquired TrustDefender, an Australian-based company that offers “secure browsing technology” designed to protect against malware and stop attacks including man-in-the-browser (MitB) attacks.
The core technology from ThreatMetrix is a software-as-a-service (SaaS) solution that profiles devices being used in an online transaction to help companies determine whether the users are fraudsters or legit customers. The company’s device profiling technology goes beyond browser fingerprinting to identify the device, bypass proxies and detect the use of botnets.
"The natural synergies between device identification and secure browsing are very obvious," said Reed Taussig, president and CEO, ThreatMetrix. "Successful transaction profiling requires sophisticated malware detection and intelligent device identification to determine if the device is compromised or if the transaction is at risk of being fraudulent.”
“We can now bring a product to the marketplace that’s integrated into a single solution that meets the FFIEC requirements, under one purchase order and one integration,” Taussig told SecurityWeek. “By putting the two pieces together, you end up in a situation where the sum of the parts is greater than the whole,” Taussig added.
Following the acquisition, the ThreatMetrix Cybercrime Defender Platform consists of the following solutions:
• TrustDefender ID - a cloud-based, real-time device identification solution that helps protect companies against cybercriminals and helps validate legitimate customers. TrustDefender ID provides businesses with a first perimeter of defense to protect online transactions, including account creation, login authentication and payment authorization.
• TrustDefender Cloud - a cloud-based, real-time solution that helps companies protect customer data and defend against fraud, malware, MitB and Trojan attacks, and data breaches. It mitigates the risk of hidden malware compromising authenticated sessions to steal data, identities or money.
• TrustDefender Client - a client-based, real-time solution that mitigates the risk of hidden malware compromising authenticated sessions to steal data, identities or money. A small client component installed on end-user computers identifies and isolates malware, verifies legitimate websites, protects the online session with the business, and communicates with the business to identify potential fraud.
The ThreatMetrix "Cybercrime Control Center" serves as the foundation for the platform and controls the sharing and processing of information throughout the ThreatMetrix global network. In addition to providing global intelligence, it also controls functions including, device and risk intelligence, policy-driven defense logic, unified intelligence analytics, and queue management, review, audits and alerts.
The platform offered as a result of the TrustDefender acquisition puts ThreatMetrix in the ring with companies including Trusteer and IronKey who offer secure browser techology. IronKey, which originally was known for its USB-based hardware of same name, sold its hardware business in September 2011 to focus on its cloud-based solutions to secure access to Internet services.
Andreas Baumhof, co-founder and CEO of TrustDefender, who has joined ThreatMetrix as CTO, says the acquisition addresses the growing global malware threat. "In 2011 we saw a huge increase in sophisticated MitB Trojan activities supporting fraudulent transactions with stolen identities," Baumhof said. "The merger allows ThreatMetrix to address fraud prevention and malware protection as a single problem and deliver real benefits to customers at a lower cost."
“Device identification provides a strong foundation against fraud while malware protection closes a loophole in fraud prevention caused by man-in-the-browser attacks,” said Avivah Litan, vice president and distinguished analyst, Gartner. “Combining these solutions will streamline the fraud prevention, management and administrative processes for organizations combating today's cyberthreats."
The combined companies will operate under the ThreatMetrix name with global operations in the United States, Australia and Europe. The corporate headquarters will be located in San Jose, California.
The terms of the acquisition were not disclosed, but Taussig told SecurityWeek that the deal was completed back on Dec. 23, 2011 through a combination of cash and stock. ThreatMetrix raised $12.2 Million in its most recent round of funding back in October 2010. Taussig told SecurityWeek that the company had 300% year-over-year revenue growth in 2011 and expects to have at least 300% revenue growth in 2012. The company claims over 600 customers in industries including e-commerce, financial services, government agencies, healthcare, and other Fortune 1000 organizations.