Marble Security, Inc.

Mobile apps expose enterprises to loss of sensitive data

The explosive use of mobile devices connected to enterprises allows cybercriminals, hackers, and hostile governments to target users as entry points to corporate networks. Apps may legitimately access proprietary data and contact information, however once information is exposed to the Internet it may be exploited for attacks on enterprise networks.
Both Android and iOS apps pose significant risk to enterprises
More than 30 percent of Android apps are capable of leaking usersâÃÂ??ÃÂ?? private data
Most iOS apps are vulnerable to the top 13 mobile security threats identified by Marble
The iOS malware family known as WireLurker and Masque Attack infects non-jailbroken iOS devices through trojanized and repackaged OS X applications, and is the first known malware family that infects installed iOS applications in the same way as a traditional virus.
App developers integrate third party libraries of code into apps, but frequently donâÃÂ??ÃÂ??t know what data is collected or where it is sent

Consumer apps on BYOD devices put enterprises at risk

Riskware is a class of apps that may behave well enough for consumers, but expose enterprises with bring-your-own-device (BYOD) programs to high risk.
Riskware frequently has passed security reviews by Apple and Google
But riskware can expose enterprises to data loss, transferring contact and address book information to third party servers, privacy violations and regulatory compliance violations
Enterprises need to control the risk of mobile apps with behaviors that can compromise data security

AppHawk protects organizations from dangerous apps

With AppHawk, IT administrators can detect and control apps with risky behaviors that may lead to advanced persistent threats (APTs), spear phishing attacks on employees, and other information security risks within the enterprise.
Combines comprehensive, correlated threat intelligence across multiple data sources with an adaptive engine to assess app risk
Looks for anomalous apps and risky app behaviors, allowing enterprises to detect side loading and suspicious enterprise-signed apps such as those delivered by the WireLurker and Masque Attack family of iOS malware
When used with mobile device management (MDM) or Enterprise Mobility Management (EMM) solutions provides dynamic app threat detection and protection

App intelligence and defense in BYOD environments

Marble SecurityâÃÂ??ÃÂ??s app analysis engine powers AppHawk, with a database of 2 million free and paid iOS and Android apps, and publisher reputation scores of 500,000 publishers. Each app is scored against 500 potentially malicious and privacy-leaking behaviors to determine whether it is risky or safe.
Each appâÃÂ??ÃÂ??s code, behavior and continuing operating characteristics are analyzed
New or unknown apps found on usersâÃÂ??ÃÂ?? devices are put to the front of the analysis queue and typically analyzed within minutes
Tracks the websites, servers, and third party cloud services that apps communicate with
Correlates all app traffic with a large, historical global database of malicious sites
Identifies apps communicating with sites that host phishing or app phising sites, botnet command and control centers, and servers hosted by cybercriminals
Once malicious traffic is identified, app may be blocked or flagged for deeper investigation

Enterprise controls

AppHawk offers a high level of control for Android and iOS devices in BYOD environments:
Administrative console offers a dashboard view of app risk throughout the enterprise
Set new thresholds for risky app behavior, and restrict specific behavior
White list, black list and gray list specific apps
Users and admins receive alerts when apps exceed risk thresholds
Quarantine devices or deny access to enterprise services and data until risky apps are removed

The AppHawk client

AppHawk includes a mobile client app that works with leading MDM and EMM platforms to inform employees in corporate BYOD environments about the potential risks associated with the apps on their devices.
Users see whether a specific app is dangerous or safe with a mere glance
An app data location feature maps where apps send data
New apps loaded onto the device are scanned within minutes
Alerts instruct the user to delete an app if it is risky or dangerous.

Automated workflows

Workflows automate your defense with AppHawk:
AppHawk identifies a dangerous app on the employeeâÃÂ??ÃÂ??s device
The employee receives an alert that a dangerous app on their device must be removed
If the employee fails to remove the dangerous app in time, AppHawk quarantines the device
Once the app is deleted, corporate services are reinstated

Employee privacy

To assure that businesses have the flexibility to comply with a wide range of employee privacy laws and regulations, AppHawk offers several levels of control. AppHawk may be configured to:
Report all apps and specifically correlate apps to a userâÃÂ??ÃÂ??s device
Report apps anonymously, without correlating to any user
Total privacy, where no app information is reported to the enterprise, only whether there is a dangerous app on an employeeâÃÂ??ÃÂ??s device