April 23, 2015
It’s no secret that enterprises face a greater threat from the millions of apps their employees use each day than from mobile malware. In fact, through 2017, Gartner claims that 75 percent of all mobile security breaches will be through apps, not deep technical attacks on an operating system.
Labeled riskware, these seemingly harmless apps expose enterprise users to data leakage, credential theft, and exfiltration of private information used to target employees in attacks. Cyber attackers can also use mobile apps to target enterprise users, gain valuable information about corporate networks, and socially engineer passwords.
Marble Security wants to plug this figurative hole in the boat with the release of their AppHawk platform. It’s built as an enterprise mobile threat intelligence and defense system that determines which iOS and Android apps send personal and corporate data beyond the enterprise and assesses the risk to the enterprise.
“Risky apps frequently lead to advanced persistent threats (APTs), spear phishing attacks on employees and leaked corporate data,” says Dave Jevans, CEO, chairman, and CTO of Marble Security. “Without considering the potentially negative effects on their personal identities and workplaces, enterprise users nonchalantly give riskware apps sweeping permissions, not realizing that their data may be sent to remote servers and advertising networks all over the world, where it can be mined by cybercriminals and hostile governments seeking access to corporate networks.”
AppHawk, then, provides dynamic app threat detection and protection while ensuring employee privacy. Further, the platform offers automated controls for malicious apps that leak sensitive corporate data, dynamically assesses threat levels and where data is sent, and assures safety of ‘bring your own device’ program rollouts.
To combat these often overlooked dangers, AppHawk’s automated workflow identiﬁes a dangerous app on the employee’s device, prompting an alert to remove it. If the employee fails to do so in time, AppHawk quarantines the device. Once the app is deleted, corporate services are reinstated.
The full list of features available through the AppHawk administrative console is staggering:
- Dashboards and reports of mobile app risks throughout the enterprise
- Setting thresholds for risky app behavior and restricting speciﬁc behaviors
- Ability to white list, black list, and gray list speciﬁc apps and publishers
- Alerts for admins and users when apps exceed risk thresholds
- Quarantining devices or denying access to enterprise services and data until risky apps are removed
- Risky apps that violate users’ privacy may:
- Send an entire address book and calendars to servers across the Internet, exposing personal data to advertisers and criminals alike and providing details for targeted attacks
- Profile enterprise networks, Wi-Fi and VPN connections, giving attackers valuable insight into attack vectors and network topology
- Access, read and mine users’ email, cloud storage or social media accounts, exposing data
- Read text messages and phone call histories, enabling third parties to socially engineer users’ profiles
- Read Web browser histories, allowing attackers to learn where users live, work and bank
- Access a user’s online services, such as Dropbox, and exfiltrate all their data
- Attempt to jailbreak or root mobile devices without the user’s knowledge
AppHawk also has an optional mobile client that seeks to educate employees about downloading dangerous apps, fully deleting malicious apps, and graphically mapping where their data is being sent. It’s a smart solution because they want to start proactively stopping this problem at its root instead of operating in a fully reactive manner.
Did you like this article?
Get more delivered to your inbox just like it!