Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

4/30/2013
03:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Arxan Announces Mobile Application Integrity Protection For IBM MobileFirst Customers

Introduces Arxan Mobile Application Integrity Protection for IBM Worklight Apps

IBM IMPACT 2013 – LAS VEGAS, April 29, 2013 – Arxan Technologies, the industry-leading provider of software security solutions that protect the App Economy today introduced Arxan Mobile Application Integrity Protection for IBM Worklight Apps, a new, integrated solution that enables IBM Worklight customers to protect their mobile apps against hacking attacks and malware exploits. Arxan's Guarding technology is the industry-leading approach to protect app integrity, as evidenced by Arxan's recent win as "Best Security Software" (Gold Winner) at 9th Annual 2013 Info Security's Global Excellence Awards, and is currently in production deployment by leading Fortune 500 organizations on over 200 million devices.

Arxan will demonstrate the new solution during its launch at the IBM Impact 2013 event April 29-May 2 with information and showcase available at the Arxan booth (M12) in the Mobile Application Zone. In addition, Arxan will present the solution, "Arxan's Mobile App Integrity Protection&trade Defends Your Apps From Hacking Attacks and Malware Exploits" on April 30 at 1:45 p.m. in the Expo Theatre. More information and a free evaluation can be requested via http://ibm.com/developerworks/connect/Arxan or [email protected]

This progressive solution is well aligned with notable marketplace requirements. According to a recent Gartner report1, "developers need rapid, noninvasive, cross-platform methods to include security in the mobile app development process". Arxan's new Mobile Application Integrity Protection for IBM Worklight Apps delivers to IBM's MobileFirst customers unique protection capabilities that provide them with end-to-end mobile application security across Worklight, AppScan, and Arxan. This is achieved through seamless and rapid instrumentation of Arxan's awarding-winning Guarding technology to provide self-defense and tamper-resistance mechanisms to apps that are built by IBM Worklight. The IBM Worklight mobile platform is the first of its kind to include such comprehensive mobile app shielding during the mobile app development and deployment process.

Keeping the App Economy Safe and Secure

"Arxan applauds IBM MobileFirst strategies as they offer significant innovation and transformation potential in the new App Economy with consumer and enterprise mobile app revenues expected to grow to more than $60 billion by 2016", said Mike Dager, CEO, Arxan Technologies. "We are excited to bring our award-winning application integrity protection to IBM MobileFirst customers as the need for keeping applications safe from hacking attacks and malware exploits continues to grow, especially given the breakneck speed of mobile app development and the escalating severity of hacking threats."

The integrated solution addresses mobile app integrity attacks which cannot be mitigated by traditional app security practices alone as even "flawless" code can be cracked open and modified by hackers. For instance, with readily available hacking tools, such as decompilers, hex editors, debuggers, etc., hackers can easily target and render defenseless the internal operations and critical security components of an unprotected application – in under 3 minutes.

Such passive and active attacks lead to malware exploits, fraud, unauthorized access, intellectual property theft and piracy. In fact, an academic study2 recently found that the 86% of mobile malware cases are legit apps that a hacker compromised and repackaged with a malicious payload ("App Repackaging Attack"). Arxan's own "State of Security in the App Economy" study found that over 90% of top 100 Apple iOS and Android apps exist as hacked versions. Of course, threats such as these can limit mobile innovation and ultimately put brand, revenue, and intellectual property at risk. With access to proactive application integrity protection from Arxan, IBM MobileFirst customers can now build and deploy secure mobile apps with confidence.

Introducing Arxan Mobile Application Integrity Protection for IBM Worklight Apps

Supporting all key mobile platforms and operating systems (Apple iOS, Android, Blackberry, Win Phone Series, Tizen, etc), Arxan's Mobile Application Integrity Protection for IBM Worklight Apps is powered by Arxan's Guard injection technology which embeds self-defending and tamper-resistant protection mechanisms (a network of Guards) directly into the code. These protections do not require source code modification and they go wherever the app goes to provide app integrity protection both at rest (statically) and at run-time against hacking attacks and malware compromises.

Arxan Guarding protection can be integrated into the IBM Worklight build workflow without disruption to the software development process and can be leveraged in two tiers of protection.

Gold Protection: Recommended for all apps developed with Worklight.

Gold Protection provides the mobile enterprise with efficient and seamless insertion of pre-defined Guards for a minimum set of mobile app integrity protection to make apps self-defending and tamper-resistant against the most common app integrity risks before deployment:

Jailbreak/root detection at run-time in the app

Application verification at run-time against compromise

Tamper-resistance for Worklight SDK (security-sensitive run-time libraries)

All of the above pre-defined security schemes include automated reactions (e.g., app shut-down) and alerting intelligence capabilities such as a notification to the Worklight server or QRadar, and are based on patented multi-layer defense (Guards protecting other Guards).

Platinum Customized Protection: Recommended for apps developed with Worklight apps that have custom native code (hybrid mixed and native app types) and/or a custom shell.

Platinum Customized Protection provides advanced customized mobile app integrity protection:

Complete access to all Arxan "defend, detect, alert and react" Guard types (e.g., code obfuscation, string encryption, symbol stripping and renaming, checksum, anti-debug, damage, repair, custom reactions and alerting, etc.)

Comprehensive protection against all static and dynamic/run-time app integrity attacks such as app reverse-engineering (decompilation, disassembly, debug, etc.) and tampering of custom code (e.g., sensitive functionality or security controls in the app)

Custom multi-layer Guard network definition (GuardSpec®) addressing application-specific integrity risks and threats and providing defense-in-depth

This new end-to-end approach with IBM and Arxan is a significant enabler for the mobile enterprise market to create rich, cross-platform apps on a secured, single integrated platform, reducing the time to market, as well as the costs and complexities of application development. The integration of Arxan's mobile application integrity protection technology enables organizations to confidently develop and deploy mobile apps to their customers and employees across the globe, whether on smartphones, tablets or other mobile device. Prospective customers can request a free demonstration or evaluation of the new solution by contacting Arxan on http://arxan.com/contact or [email protected] A solution brief and a short video demonstration is available at http://ibm.com/developerworks/connect/Arxan or by contacting Arxan.

1 Gartner Inc., Emerging Technology Analysis: Mobile Application Shielding, March 26th 2013.

2 Dissecting Android Malware: Characterization and Evolution, 2012 IEEE Symposium on Security and Privacy.

ABOUT ARXAN TECHNOLOGIES

Arxan protects the App Economy from attacks in distributed or untrusted environments with the world's strongest and most deployed application integrity protection products. Among today's diverse computing platforms, mobile and tablet apps and packaged or embedded software are all exposed to hacking attacks such as reverse-engineering, tampering, insertion of malware/exploits, repackaging, fraud, intellectual property theft, and piracy. Arxan's unique patented Guarding technology enables sensitive or high-value applications to proactively guard their own integrity by defending, detecting, alerting, and reacting to hacking attacks through a risk-based, customized protection. Arxan's self-defending and tamper-proof applications are deployed on more than 200 million devices by leading Fortune 500 organizations in high-tech, ISV, financial services, digital media, gaming, healthcare, and other industries. Arxan Technologies is headquartered in the United States with global offices in EMEA and APAC. Visit us at www.arxan.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.