Arxan will demonstrate the new solution during its launch at the IBM Impact 2013 event April 29-May 2 with information and showcase available at the Arxan booth (M12) in the Mobile Application Zone. In addition, Arxan will present the solution, "Arxan's Mobile App Integrity Protection&trade Defends Your Apps From Hacking Attacks and Malware Exploits" on April 30 at 1:45 p.m. in the Expo Theatre. More information and a free evaluation can be requested via http://ibm.com/developerworks/connect/Arxan or [email protected].
This progressive solution is well aligned with notable marketplace requirements. According to a recent Gartner report1, "developers need rapid, noninvasive, cross-platform methods to include security in the mobile app development process". Arxan's new Mobile Application Integrity Protection for IBM Worklight Apps delivers to IBM's MobileFirst customers unique protection capabilities that provide them with end-to-end mobile application security across Worklight, AppScan, and Arxan. This is achieved through seamless and rapid instrumentation of Arxan's awarding-winning Guarding technology to provide self-defense and tamper-resistance mechanisms to apps that are built by IBM Worklight. The IBM Worklight mobile platform is the first of its kind to include such comprehensive mobile app shielding during the mobile app development and deployment process.
Keeping the App Economy Safe and Secure
"Arxan applauds IBM MobileFirst strategies as they offer significant innovation and transformation potential in the new App Economy with consumer and enterprise mobile app revenues expected to grow to more than $60 billion by 2016", said Mike Dager, CEO, Arxan Technologies. "We are excited to bring our award-winning application integrity protection to IBM MobileFirst customers as the need for keeping applications safe from hacking attacks and malware exploits continues to grow, especially given the breakneck speed of mobile app development and the escalating severity of hacking threats."
The integrated solution addresses mobile app integrity attacks which cannot be mitigated by traditional app security practices alone as even "flawless" code can be cracked open and modified by hackers. For instance, with readily available hacking tools, such as decompilers, hex editors, debuggers, etc., hackers can easily target and render defenseless the internal operations and critical security components of an unprotected application – in under 3 minutes.
Such passive and active attacks lead to malware exploits, fraud, unauthorized access, intellectual property theft and piracy. In fact, an academic study2 recently found that the 86% of mobile malware cases are legit apps that a hacker compromised and repackaged with a malicious payload ("App Repackaging Attack"). Arxan's own "State of Security in the App Economy" study found that over 90% of top 100 Apple iOS and Android apps exist as hacked versions. Of course, threats such as these can limit mobile innovation and ultimately put brand, revenue, and intellectual property at risk. With access to proactive application integrity protection from Arxan, IBM MobileFirst customers can now build and deploy secure mobile apps with confidence.
Introducing Arxan Mobile Application Integrity Protection for IBM Worklight Apps
Supporting all key mobile platforms and operating systems (Apple iOS, Android, Blackberry, Win Phone Series, Tizen, etc), Arxan's Mobile Application Integrity Protection for IBM Worklight Apps is powered by Arxan's Guard injection technology which embeds self-defending and tamper-resistant protection mechanisms (a network of Guards) directly into the code. These protections do not require source code modification and they go wherever the app goes to provide app integrity protection both at rest (statically) and at run-time against hacking attacks and malware compromises.
Arxan Guarding protection can be integrated into the IBM Worklight build workflow without disruption to the software development process and can be leveraged in two tiers of protection.
Gold Protection: Recommended for all apps developed with Worklight.
Gold Protection provides the mobile enterprise with efficient and seamless insertion of pre-defined Guards for a minimum set of mobile app integrity protection to make apps self-defending and tamper-resistant against the most common app integrity risks before deployment:
Jailbreak/root detection at run-time in the app
Application verification at run-time against compromise
Tamper-resistance for Worklight SDK (security-sensitive run-time libraries)
All of the above pre-defined security schemes include automated reactions (e.g., app shut-down) and alerting intelligence capabilities such as a notification to the Worklight server or QRadar, and are based on patented multi-layer defense (Guards protecting other Guards).
Platinum Customized Protection: Recommended for apps developed with Worklight apps that have custom native code (hybrid mixed and native app types) and/or a custom shell.
Platinum Customized Protection provides advanced customized mobile app integrity protection:
Complete access to all Arxan "defend, detect, alert and react" Guard types (e.g., code obfuscation, string encryption, symbol stripping and renaming, checksum, anti-debug, damage, repair, custom reactions and alerting, etc.)
Comprehensive protection against all static and dynamic/run-time app integrity attacks such as app reverse-engineering (decompilation, disassembly, debug, etc.) and tampering of custom code (e.g., sensitive functionality or security controls in the app)
Custom multi-layer Guard network definition (GuardSpec®) addressing application-specific integrity risks and threats and providing defense-in-depth
This new end-to-end approach with IBM and Arxan is a significant enabler for the mobile enterprise market to create rich, cross-platform apps on a secured, single integrated platform, reducing the time to market, as well as the costs and complexities of application development. The integration of Arxan's mobile application integrity protection technology enables organizations to confidently develop and deploy mobile apps to their customers and employees across the globe, whether on smartphones, tablets or other mobile device. Prospective customers can request a free demonstration or evaluation of the new solution by contacting Arxan on http://arxan.com/contact or [email protected]. A solution brief and a short video demonstration is available at http://ibm.com/developerworks/connect/Arxan or by contacting Arxan.