Security Experts:

IBM to Acquire Trusteer in Effort to Boost Anti-Cybercrime Capabilities

IBM announced on Thursday that it has agreed to acquire Trusteer, a Boston-based provider of cybercrime protection solutions for endpoints.

While the company’s products historically focused on endpoint security solutions to protect financial transactions, the company has expanded its product offerings with the launch of a solution to protect endpoints in the enterprise, and recently made its cybercrime prevention solution available for e-commerce operations.

According to Trusteer, seven of the top 10 U.S. banks and nine of the top 10 U.K. banks use its solutions to help secure customer accounts against financial fraud and cyber attacks.

Mike Rothman, Analyst and President at security advisory firm Securosis, thinks the deal is a win for both IBM and Trusteer.

“I think Trusteer has interesting technology that fills a big hole in IBM’s product line in terms of being able to deal with advanced malware,” Rothman told SecurityWeek.

Trusteer LogoIBM LogoThe acquisition of Trusteer brings a team of solid researchers to Big Blue as well. Trusteer’s researchers have been behind the discovery of many new cyber threats, mainly targeting the financial sector.

This past June, the company discovered a variant of the Citadel Trojan that utilizes regional-based HTML injects that match language and could focus on a specific domain. The company also uncovered details of an upgraded version of the Shylock financial malware that had new evasive capabilities and could detect if it was being observed within a remote desktop session or being executed locally. Last summer, the security firm discovered a type of attack that targeted Android users via their desktops, with the aim of controlling both endpoint devices.

In March, Trusteer announced a partnership with Russia-based Group-IB, a security incident response and research firm, to help financial institutions combat cybercrime.

While no security product is a silver bullet, Trusteer’s anti-cybercrime solutions have had enough success to be well known by cybercriminals, and more advanced malware authors are even incorporating and bragging about “Anti-Rapport” features designed specifically to circumvent Trusteer’s protection efforts.

Just recently, RSA researchers uncovered “KINS”, a new professional-grade banking Trojan that could soon rival Zeus, SpyEye and Citadel in how effectively it spreads. The authors of that emerging malware are reportedly offering an Anti-Rapport module for a cool $2,000.

As part of the announcement, IBM said it was creating a cybersecurity software lab in Israel, where Trusteer also has a development office, that will combine more than 200 Trusteer and IBM researchers and developers to focus on advance and emerging security threats.

"Trusteer's expertise and superior technology in enterprise endpoint defense and advanced malware prevention will help our clients across all industries address the constantly evolving threats they are facing," said Brendan Hannigan, General Manager, Security Systems Division, IBM.

IBM says that Trusteer’s cloud-based solutions will complement IBM’s more than 100 Software as a Service (SaaS) solutions, and also help customers identify mobile threats.

While the terms of the transaction were not disclosed, some reports peg the deal at between $800 million to $1 billion, with Techcrunch citing a source saying it was the latter of the two.

“If those numbers are right, it’s a huge win for Trusteer,” Rothman said. “With very little [VC] money in there, those guys did a great job building out the company and finding a very interesting and innovative model,” Rothman said, noting that “IBM paid up because they need that capability to deal with advanced attacks.” 

Trusteer was founded in 2006 by Mickey Boodaei, Rakesh Loonkar, Amit Klein, Shmulik Regev, and Eldan Ben-Haim and is backed by U.S. Venture Partners and Shlomo Kramer.

*Updated with additional commentary and rumored sale price.
view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.