Fighting against "Man-in-the-Browser" attacks
Hackers also target Web applications through the PCs of connecting users. The goal remains to destroy or steal sensitive data from the targeted company. These attacks are based on a new generation of trojans and spyware, installed on the end user's machine without their knowledge, which insert themselves within the Internet browsers connecting to the applications. Zeus and Spyeye are the most famous examples of such "Man-in-the-Browser" malwares.
A firewall auscultating HTTP(S) traffic cannot secure the application in this kind of scenario. With its "Client Shield" module, rWeb 4.0 is the only WAF on the market capable of effectively protecting applications against "Man-in-the-Browser" attacks. Client Shield is an optional module of rWeb, which automatically installs an "agent" on the endpoint of the user connecting to the application. This agent's function is to control the normal execution of the browser, and to block any malware attempts to temper with it.
There are many advantages to this approach:
- It guarantees a secure access to Web applications (webmail, ERP, etc), and thus to critical corporate data, including from remote endpoints not under the immediate control of IT (employees’ home PCs, airport kiosks, etc).
- It secures B2B and B2C applications, such as eCommerce, eBanking or eAdministration, even when connecting devices are infected with a malware such as Zeus or Speyeve.
- It avoids putting employees in situations where they can’t effectively comply with corporate security policy, or are unknowingly but effectively accessing sensitive corporate data from a compromised device.
The benefits for organizations are the following:
- Excellent protection against the risks of espionage and theft of credit card or personal identification information at a reasonable cost
- All the competitive advantages related to being able to rely on a modern and flexible information system that doesn’t take chances with data security
Why use rWeb's Client Shield?
- It is the most innovative and effective way to protect web applications against man-in-the-browser attacks
- The installation and administration are very easy and fully integrated into rWeb
- It combines high data access flexibility with the highest level of security
- It’s an additional module to rWeb, for a minimal investment