Product Details
Variable Proprietary Character Set Multi-layered Login ™ system.
ArmorLog ™ provides technology (patent pending) under license to assist network owners to protect against various threats to network security.
The ArmorLog Solution will assist in controlling the following types of threats:
- Telephone Scams
- Identity Theft
- Phishing Attacks
- Keyboard Loggers
- Device Skimmers
- Shoulder Browsers
- Password Guessing Programs
- Man in the middle attacks
- Attacks that attempt to hijack well known system accounts
- Denial of Service Attacks
Key Product Benefits:
- Separate tables can be maintained for each User and User Groups.
- User Name is set by administrator and linked to Fixed User Name.
- Fixed user name is never revealed to user and is used for security tracking only.
- Sort order for keys can be changed at each logon.
- Administrator can optionally change code field values as required or on periodical basis without need to establish a new account.
- Traditional keyboard entry can be disabled to prevent keyboard logging.
- Increased code lockout tolerance can be allowed to allow for more complex passwords.
- Code reset for each code type at administrator level.
- Account Lockout time reset at administrator level to prevent customer lockouts by hackers.
- If any entries outside the allowed character set are attempted the account is locked out to prevent password guessing.
- Underlying values for character sets are set at administrator level they do not correspond to normal keyboard input.
- Unique customer keyboard that user will recognise to warn if they have been taken to a fraudulent site as this information is not publicly available and is unique to the customer.
- Protects Client Privacy.
- Deters or Prevents Losses from Sharing of User Logon Credentials.
Click here to view an audio visual online demonstration. Click here to register to obtain a copy of the Distributor Agreement or Licensing Agreement. Read about Licensing.... Comparison with Traditional Authentication Logon Topology download here VPCSML verses Traditional Topology.
Research Analysis
Armorlog™ VPCSML™ Research Analysis
Armorlog TM designed the VPCSML TM authentication interface to protect networks acting on anecdotal evidence often reported in the media that there was a pressing need for such an innovation. It is now becoming apparent from various industry research that is being conducted, that this is the correct solution that will provide significantly improved protection against current forms of attacks against network authentication.
This is because it is now clear from research conducted by companies such as Verizon (Verizon 2010 Data Breach Report) that the most damaging cases of loss involve circumstances where the credentials of a user have been successfully acquired or altered to access the network.
It is also clear from research conducted by the Independent Oracle User Group (IOUG) that more than 68% of organizations cannot tell if they have had a data breach. We argue that given the ease with which the current authentication topology can be circumvented that these events are occurring at much higher rates than anyone is prepared to admit.
We view this with great concern given that there is an ongoing push to outsource information systems management and hosting to networks on which the organisation has far less control over who has access i.e. cloud computing.
A survey conducted by The Ponemon Institute commissioned by Tripwire Inc highlighted that the cost to the respondents who undertook compliance measures to secure data was on average 3.5million while those that incurred a breach after not complying with the regulatory requirements surveyed incurred on average costs of 9.4 million. This suggests strengthening systems can be significantly cheaper than incurring a breach by continuing to use systems with known weaknesses.
Our technology is designed to reduce the instances of breaches by strengthening the key point of weakness the authentication of a user onto a network.
A survey conducted on over 250,000 user social networking accounts by BitDefender found that over 75% used the same password for multiple accounts. This means an attacker may secure a victims password to gain control of an account by simply enticing them to establish an account at site already controlled by the attacker. Our technology is designed to ensure that an Administrator can have unique passwords for users to protect their network. We have designed the system in such a way that the user can devise a memorable password without the need for undue complexity without a reduction in security that occurs on existing authentication topology.
The Armorlog TM VPCSML TM is a system for securing user network login credentials using a proprietary coding system with unique numbering and character sets that protects users falling victim to attempts steal their user codes e.g. phishing, vishing, smishing & spear phishing attacks. The system also protects networks against more traditional forms of attack such as keyboard logging, screen capture and all known forms of password cracking and guessing. Subcodes using a proprietary character set can be established to be called on to validate transactions to render man in the middle attack software ineffective.
The system is designed to partition access to user logon credentials from operational staff administering the credentials to assist in deterring internal fraud from misuse of account credentials. The system incorporates measures to assist in protecting users from being inconvenienced by DOS attacks and will render malware & traitorware attacks on client side devices ineffective. If implemented correctly the system can also be used to deter sharing of logon credentials which will assist in protecting against diminution of copyright revenues.
The technology is available via download from the Armorlog web site as a self installing gateway to be interfaced with existing systems or can be embed in existing products for distribution via the Armorlog e-commerce website administered by Digital River Inc the largest software distributor on the world wide web.
© Armorlog 2010
Armorlog Value Proposition
Armorlog Value Proposition
The licence fee for Armorlog TM VPCSMLTM solution is currently $24 per user per year payable directly by the user.
Generally the costs of implementation of the Armorlog TM VPCSMLTM solution the administration software for which is available free of charge, will be offset by the cost savings in reduced losses, insurance, help desk & deployment costs.
The organisation brand image will be enhanced via assistance in a reduction in the number of network breaches caused unintentionally by user error in configuration of their device or being tricked into revealing their credentials.
There will be a significantly reduced risk of expensive legal and compliance investigative costs including lost management focus and time that are incurred whenever a breach of systems occurs.
Costs to implement will also be offset by savings in losses, costs and damage to brand reputation associated with breaches of privacy which are becoming more expensive as the rules for breaches and mandatory reporting become more widespread and onerous.
The impact of a qualified audit opinion because of poor business controls over data is another significant and increasing consideration for management as data security laws place more obligations on database owners and the absences of proper controls gives rise to significant risks of class actions for negligence in the event of privacy breaches.
There may also be bandwidth cost savings if an organisation is hosting extra bandwidth to cope with promotional campaign overload or denial of service attacks.
Organisations may also wish to use the interface as an advertising funded gateway module.
Intermittent User & Evolving Procedures Risks
Unfamiliar & Intermittent User Risk & Evolving Procedures Risk
A significant risk for phishing attacks are new users and users who do not log on to your system regularly. As they are not as familiar with your organisations’ procedures and culture they may be easily confused into accepting a procedure that is not legitimate and results in their credentials being revealed to an attacker.
Another significant risk factor is evolving organisational procedures. Changes are occurring at a far more rapid pace because of computerisation. Consequently users are becoming desensitised to change and more readily accepting of new procedures and changes in procedures. This readiness to accept changes increases users’ susceptibility to attacks.
As a consequence it is important that the process of authentication operates in such a way that the user cannot accidentally give away their credentials. Armorlogs’ VPCSML technology is designed with these issues in mind.