Existing solutions either do not provide adequate protection or force users into changing how they use the device – such as by requiring them to login to a separate "walled off" area of the phone. Skycure is the first solution to offer advanced protection from external attackers while remaining invisible to the user experience.
"It is clear that mobile is the next battlefield for security. No device is ever 100-percent secure, and therefore companies need solutions such as those from Skycure," said Jarad Carleton, principal consultant at Frost & Sullivan. "The Skycure solution adopts behavioral recognition techniques that are crucial given the ever-more-sophisticated nature of malicious attacks. Whether it be through social engineering or exploitation of vulnerabilities, devices are vulnerable, and solutions such as those from Skycure will soon become a base requirement for companies."
Also today, Skycure offered a demonstration of a particularly poignant mobile vulnerability--malicious iOS profiles--and an evaluation of how given companies are vulnerable. Within minutes, Skycure researchers can gain full control over an end user's iPhone by installing a malicious profile. In the process, they can mirror the compromised phone or leverage the credentials stored on the phone to access the user's Facebook, email and banking accounts. Skycure's solution protects against compromised iOS profiles.
Skycure was founded by researchers Adi Sharabani and Yair Amit, who previously led the IT security research teams at IBM and Watchfire. The company, which also features IT security experts that previously worked at companies such as CheckPoint, Google and eBay, has already released research on a number of mobile security threats, including discovering potentially risky functionality whereby LinkedIn collects personal and calendar information without end-user knowledge. Skycure worked with LinkedIn to address and correct the issue.
"Skycure has studied the activity on mobile devices for many months, and we are concerned that these devices present new attack vectors for hackers, no matter how secure the environment claims to be," said Yair Amit, co-founder and CTO at Skycure. "We offer a seamless way to protect the devices, backed by our research into mobile and network vulnerabilities. Our vision is to provide a comprehensive protection from attacks across three different major vectors, which we discovered in our research: attacks from the Internet, attacks from the device toward the corporate intranet, and attacks that result in sensitive data being leaked out of the device."
The new Skycure software solution is installed as an application on end users' phones or other devices, complemented by a cloud component that enables management, secure communications to mitigate Wi-Fi man-in-the-middle attacks, and the collecting of information about dangerous Wi-Fi-networks. The solution provides comprehensive protection for the devices and also allows corporate IT professionals to gain visibility into the threats their organizations face on a regular basis. Features and benefits of the software include:
· Behavioral analysis of device and wireless network activity to keep the hackers out
Skycure's software monitors network activity and spots behavior that demonstrates a phone has been compromised or that an active attack is in place. The solution utilizes a honeypot approach, in which Skycure lures attackers to perform actions that reveal their existence.
· Close management by IT teams to enable secure, policy-driven BYOD (Bring Your Own Device)
Corporate IT teams can guard their employees' devices by receiving alerts when suspicious activity is detected. When applicable, a fix to eliminate the threat is automatically applied. When detecting more sophisticated attacks, IT staff is alerted with a suggested remediation task. Companies can permit employees to use their own phones and be confident those devices are both secure and centrally managed, preserving productivity benefits while also eliminating the risk of data leaks due to security breaches.
· No performance or operational impact
No end user will tolerate a device slow down. Skycure's thin app is undetectable in the background and only noticeable if a concern is detected. The solution can integrate with a corporate mobile device management (MDM) deployment, but such an MDM is not a requirement.
Skycure adds real-time intelligence into its solution to benefit all users. For example, when Skycure detects a Wi-Fi attack on one user, it takes proactive measures to make sure other users are protected when they arrive nearby the suspicious network.
"Security is a major roadblock for BYOD adoption," said Rick Doten, CISO of Digital Management Inc. (DMI), a mobility solutions provider. "But today's current mobile security approaches are catering to what features are 'available,' not what is a likely or potent threat vector. Skycure's research is highlighting mobile threats not being considered by traditional mobile security solutions. Mobile application containers and wrappers are fine when you expect the device not to be compromised, but when a traditional Wi-Fi man-in-the-middle or side-channel attack installs a rogue profile, then no data on the device is safe. With Skycure, the devices are secure, company data is protected, and IT security teams will be alerted to any intrusion attempts."
Initially available for iOS-driven devices, future Skycure versions will be Android-compatible.
Based in Tel Aviv and funded by Pitango Venture Capital and angel investors, Skycure (http://www.skycure.com) is a mobile security software solutions company. Skycure's software protects mobile devices and provides companies with management functionality to enforce bring-your-own-device policies and enable the mobile workforce. Skycure's research team regularly identifies new mobile security threats, and that intelligence is incorporated into Skycure's solutions.