SentryBay provides leading-edge banking and enterprise solutions, plus technology that enhances existing enterprise applications.
Data Protection Suite (DPS):
On-line fraud protection for financial institutions
Primarily designed for on-line banking and e-commerce users, the Data Protection Suite allows you to protect any transaction conducted via the web.
For banks, this solution uniquely addresses both on-line banking fraud and Card-Not-Present fraud – thus providing a greater ROI for financial institutions. The anti-Keylogging and anti-phishing technologies protect a user on any website – not just the bank website. This means transactions using debit/credit cards on e-commerce sites (or auction or other sites like PayPal) are also protected.
Every keystroke and mouse-click is protected from malware using a multitude of patented techniques which do not rely on identifying malware in order to protect against it. Malware picks up either no data or fake data created by the software = not the real data.
Individual bank sites (as well as popular e-commerce sites) are “fingerprinted” by the software – with any attempted phishing attacks based on these sites identified by the software from the second they are launched. Users are pro-actively prevented from accessing such fake sites without any user configuration or intervention.
Non-personal analytic information regarding the security of the endpoint can also be collected, analysed and provided to the bank.
Why the Data Protection Suite is the ideal on-line banking solution:
- Installed in 2 minutes
- No configuration or intervention required by end user
- Deepest and most proactive protection against malware and phishing scams
- Automatically addresses more on-line fraud (on-line banking and Card-Not-Present Fraud)
- Has a light footprint and operates seamlessly with other software
- Requires no back end integration for a bank
This makes the DPS a more effective and user-friendly solution than Trusteer Rapport and other software-based solutions.
High security application for corporate and retail on-line banking
The Armored Browser is the premier browser-based solution designed for corporate and retail banking. It was designed for maximum security – but also provides a speed and ease of use others have struggled to achieve.
The application itself can be branded to the institution including dedicated tabs for the desired banking services.
SentryBay’s design of this solution includes a uniquely locked-down browser that only enables support of essential features. Running this browser within a secure session and including a host of security features (including technology patented to SentryBay) provides security capable of defending against the most advanced attacks.
The Armored Browser protects against attacks including:
- Key Logging
- DNS/Host File Poisoning
- File Tampering
- Form Grabbing
- Session Hijacking
- Traffic Sniffing
Whether run as a software-based application or from a USB device, the Armored Browser can collect and analyse the security environment of the device on which the software is running and provide this information to the bank (or a designated third party) – in real-time. This provides the opportunity for managing the transaction/authentication differently – and also provides valuable information about the individual – and overall – user landscapes.
The Armored Browser supports multi factor authentication using digital certificates as well as OTP’s. It can be adapted to harness any existing multi-factor authentication system, overlaying the existing infrastructure to provide additional, essential security layers. The Armored Browser can be deployed as a software-only solution or deployed on a USB device. It also supports PKI and can be run on a PKI-enabled device.
The mobile solution includes a dedicated browser and currently supports IOS and Android operating systems. It can be deployed as a stand-alone solution or deployed as a SDK overlaying the existing banking app with additional valuable security.
EntryProtect Anti-Key Logging
Patented anti-keylogging technology for OEM partners
EntryProtect is the world’s leading anti-key logging technology. It is specifically designed to be integrated with third party software applications to make them “keylogger-proof”. It can be embedded into PC-based, smart-card based or flash-disk based applications and the technology is patent-protected to SentryBay.
How EntryProtect Works
EntryProtect operates by identifying all areas of the operating system where information can be uplifted and provides patented techniques that thwart the attacker at every level. This multi-layered approach provides full security – regardless of what part of the operating system or application is attacked.
Deploying EntryProtect can be undertaken in one day and involves the embedding of either dynamic or static libraries into the host application following instructions provided within a SDK. The technology can be “pointed” to protect any entry field(s) within an application. The protection happens in the background so does not affect end users of an application.
Cloud-based proactive anti-phishing engine for OEM partners
PhishLock was developed in response to the ever-increasing speed at which phishing attacks can be launched. By training on specific websites and “fingerprinting” these sites using SentryBay’s unique algorithms, the PhishLock technology can automatically prevent a user from navigating to a phishing site – from the second the attack is launched.
How it Works
PhishLock is initially “trained” on the relevant web-pages of a targeted brand. Once trained the technology can identify whenever a web page has been designed to emulate the brand/web pages on which it has been trained. This training is ongoing (and automated) so adapts to any significant changes in the host web page that require re-training. Dynamic content is ignored.
When a phishing site loads, PhishLock automatically identifies it as a scam site and prevents the user from entering personal information such as login details and credit card numbers. PhishLock is thus capable of identifying phishing sites without the use of blacklists/whitelists.
PhishLock also immediately alerts the organization of the phishing attack so that they can begin the process of closing the site down. This happens automatically when the first user attempts to load a phishing website – without the need for anyone to report or discover it.
The PhishLock technology is augmented with the use of a Phishing blacklist which is updated live.
The PhishLock engine can be licensed to OEM partners who can run the engine within their environment and apply to PC-based apps, mobile apps and cloud-based content filtering or security monitoring services.
For more information on this solution, including a demo and white papers please contact email@example.com