ProofPoint: Technology

Mobile apps expose enterprises to loss of sensitive data.

The explosive use of mobile devices connected to enterprises allows cybercriminals, hackers, and hostile governments to target users as entry points to corporate networks. Apps may legitimately access proprietary data and contact information, however once information is exposed to the Internet it may be exploited for attacks on enterprise networks.

  • Both Android and iOS apps pose significant risk to enterprises
  • More than 30 percent of Android apps are capable of leaking users' private data
  • Most iOS apps are vulnerable to the top 13 mobile security threats identified by ProofPoint
  • The iOS malware family known as WireLurker and Masque Attack infects non-jailbroken iOS devices through trojanized and repackaged OS X applications, and is the first known malware family that infects installed iOS applications in the same way as a traditional virus.
  • App developers integrate third party libraries of code into apps, but frequently don't know what data is collected or where it is sent

Consumer apps on BYOD devices put enterprises at risk

Riskware is a class of apps that may behave well enough for consumers, but expose enterprises with bring-your-own-device (BYOD) programs to high risk.

  • Riskware frequently has passed security reviews by Apple and Google
  • But riskware can expose enterprises to data loss, transferring contact and address book information to third party servers, privacy violations and regulatory compliance violations
  • Enterprises need to control the risk of mobile apps with behaviors that can compromise data security

AppHawk protects organizations from dangerous apps

With AppHawk, IT administrators can detect and control apps with risky behaviors that may lead to advanced persistent threats (APTs), spear phishing attacks on employees, and other information security risks within the enterprise.

  • Combines comprehensive, correlated threat intelligence across multiple data sources with an adaptive engine to assess app risk
  • Looks for anomalous apps and risky app behaviors, allowing enterprises to detect side loading and suspicious enterprise-signed apps such as those delivered by the WireLurker and Masque Attack family of iOS malware
  • When used with mobile device management (MDM) or Enterprise Mobility Management (EMM) solutions provides dynamic app threat detection and protection

App intelligence and defense in BYOD environments

ProofPoint's app analysis engine powers AppHawk, with a database of 2 million free and paid iOS and Android apps, and publisher reputation scores of 500,000 publishers. Each app is scored against 500 potentially malicious and privacy-leaking behaviors to determine whether it is risky or safe.

  • Each app's code, behavior and continuing operating characteristics are analyzed
  • New or unknown apps found on users' devices are put to the front of the analysis queue and typically analyzed within minutes
  • Tracks the websites, servers, and third party cloud services that apps communicate with
  • Correlates all app traffic with a large, historical global database of malicious sites
  • Identifies apps communicating with sites that host phishing or app phising sites, botnet command and control centers, and servers hosted by cybercriminals
  • Once malicious traffic is identified, app may be blocked or flagged for deeper investigation

Enterprise controls

AppHawk offers a high level of control for Android and iOS devices in BYOD environments:

  • Administrative console offers a dashboard view of app risk throughout the enterprise
  • Set new thresholds for risky app behavior, and restrict specific behavior
  • White list, black list and gray list specific apps
  • Users and admins receive alerts when apps exceed risk thresholds
  • Quarantine devices or deny access to enterprise services and data until risky apps are removed

The AppHawk client

AppHawk includes a mobile client app that works with leading MDM and EMM platforms to inform employees in corporate BYOD environments about the potential risks associated with the apps on their devices.

  • Users see whether a specific app is dangerous or safe with a mere glance
  • An app data location feature maps where apps send data
  • New apps loaded onto the device are scanned within minutes
  • Alerts instruct the user to delete an app if it is risky or dangerous.

Automated workflows

Workflows automate your defense with AppHawk:

  • AppHawk identifies a dangerous app on the employee's device
  • The employee receives an alert that a dangerous app on their device must be removed
  • If the employee fails to remove the dangerous app in time, AppHawk quarantines the device
  • Once the app is deleted, corporate services are reinstated

Employee privacy

To assure that businesses have the flexibility to comply with a wide range of employee privacy laws and regulations, AppHawk offers several levels of control. AppHawk may be configured to:

  • Report all apps and specifically correlate apps to a user's device
  • Report apps anonymously, without correlating to any user
  • Total privacy, where no app information is reported to the enterprise, only whether there is a dangerous app on an employee's device