Mobile apps expose enterprises to loss of sensitive data
The explosive use of mobile devices connected to enterprises allows cybercriminals, hackers, and hostile governments to target users as entry points to corporate networks. Apps may legitimately access proprietary data and contact information, however once information is exposed to the Internet it may be exploited for attacks on enterprise networks.
- Both Android and iOS apps pose significant risk to enterprises
- More than 30 percent of Android apps are capable of leaking users’ private data
- Most iOS apps are vulnerable to the top 13 mobile security threats identified by Marble
- The iOS malware family known as WireLurker and Masque Attack infects non-jailbroken iOS devices through trojanized and repackaged OS X applications, and is the first known malware family that infects installed iOS applications in the same way as a traditional virus.
- App developers integrate third party libraries of code into apps, but frequently don’t know what data is collected or where it is sent
Consumer apps on BYOD devices put enterprises at risk
Riskware are apps that may behave well for consumers, but expose enterprises with bring-your-own-device (BYOD) programs to high risk.
- Riskware frequently has passed security reviews by Apple and Google
- But riskware can expose enterprises to data loss, transferring contact and address book information to third party servers, privacy violations and regulatory compliance violations
- Enterprises need to control the risk of mobile apps with behaviors that can compromise data security
AppHawk protects organizations from dangerous apps
With AppHawk, IT administrators can detect and control apps with risky behaviors that may lead to advanced persistent threats (APTs), spear phishing attacks on employees, and other information security risks within the enterprise.
- Combines comprehensive, correlated threat intelligence across multiple data sources with an adaptive engine to assess app risk
- Looks for anomalous apps and risky app behaviors, allowing enterprises to detect side loading and suspicious enterprise-signed apps such as those delivered by the WireLurker and Masque Attack family of iOS malware
- Three levels of privacy controls keep employees’ apps and content completely private
- When used in tandem with MobileIron’s mobile device management (MDM) solution, IT administrators can restrict network access from mobile devices running risky apps
- Provides a high level of control for Android and iOS devices in BYOD environments
- New apps found on users’ devices are put to the front of Marble’s analysis queue
App intelligence and defense in BYOD environments
Marble Security’s app analysis engine powers AppHawk, with a database of 3.5 million free and paid iOS and Android apps, and publisher reputation scores of 600,000 publishers. Each app is scored against 500 potentially malicious and privacy-leaking behaviors to determine whether it is risky or safe.
- Each app’s code, behavior, and continuing operating characteristics are analyzed
- New or unknown apps found on users’ devices are put to the front of the analysis queue and typically analyzed within minutes
- Tracks the websites, servers, and third party cloud services that apps communicate with
- Correlates all app traffic with a large, historical global database of malicious sites
- Identifies apps communicating with sites that host phishing or app phishing sites, bonnet command and control centers, and servers hosted by cybercriminals
- Once malicious traffic is identified, app may be blocked or flagged for deeper investigation
AppHawk offers a high level of control for Android and iOS devices in BYOD environments:
- Administrative console offers a dashboard view of app risk throughout the enterprise
- Set new thresholds for risky app behavior, and restrict specific behavior
- White list, black list, and gray list specific apps
The AppHawk client
AppHawk includes an optional mobile client app that works with leading MDM and EMM platforms to inform employees in corporate BYOD environments about the potential risks associated with the apps on their devices.
- Users see whether a specific app is dangerous or safe with a glance
- An app data location map graphically depicts where apps send your data
- New apps loaded onto the device are scanned within minutes
- Alerts instruct the user to delete an app if it is risky or dangerous
Workflows automate your defense with AppHawk:
- AppHawk identifies a dangerous app on the employee’s device
- The employee receives an alert that a dangerous app on their device must be removed
- If the employee fails to remove the dangerous app in time, AppHawk quarantines the device
- Once the app is deleted, corporate services are reinstated
To assure that businesses have the flexibility to comply with a wide range of employee privacy laws and regulations, AppHawk offers several levels of control. AppHawk may be configured to:
- Report all apps and specifically correlate apps to a user’s device
- Report apps anonymously, without correlating to any user
- Total privacy, where no app information is reported to the enterprise, only whether there is a dangerous app on an employee’s device