What exactly is “Agentless” Malware Detection?

Author: Evan Thomas, EvanT@gladtech.net

Retail and commercial account takeovers are a major threat to the relationship between a financial institution (FI) and its customers.  Once a cybercriminal has taken over one (or more) accounts, the ensuing fraudulent transactions and theft of personally identifiable information (PII) can deal a fatal blow to the confidence a person has in your online banking service.  It has been well documented through regulatory requirements (FFIEC’s 2011 Supplemental Guidance on Internet Banking Authentication) and court cases (Patco Constr. Co. v. People’s United Bank) that FI’s must have “commercially reasonable” countermeasures in place to protect online banking customers.  The commercially reasonable standard for security procedures means that user IDs, passwords, and challenge questions are no longer enough to protect online banking customers.  Additional security layers must be put in place to protect both your customers and your FI’s image in what Cisco calls the “internet of everything.”

That being said, fraud prevention technologies in the marketplace today must be capable of reducing fraud without impeding the customer experience, which could ultimately lead to customer attrition or a decrease in the use of cost effective delivery channels like online banking.  Customer frustration can become a problem when countermeasures are too obtrusive.  This is where having agentless malware detection can make a big difference.  It can improve the security of online banking without end users needing an agent on their PC.  Many solutions in the market today require end-users to install monitoring software which often requires the fraud departments’ time to enforce and manage the download process.  This management time increases the total operational expense associated with the fraud tool being used. 

Agentless malware detection gives visibility into online banking session indicators commonly associated with malware infections.  These indicators include login location (IP address), Internet browser and operating system versions, and many other data points collected through numerous threat intelligence feeds and research efforts.  With new variants of malware coming out each day designed to defeat both two-factor authentication methods and deactivate protection software, agentless malware detection is able to detect malware infections at the destination of the session instead of at the source.  Thorough insight into attack patterns and behavior matched with end user PC activity has been a proven success in detecting and foiling fraudsters’ attempts in the early stages of attack.     

All of us ‘good guys’ should be excited for this new innovation in online attack detection and prevention,   for both the decrease in fraud management headaches and, most importantly, for the assurance it brings to online banking customers who are advised of impending attacks.