Student Shelter In Computers - Mobile Application Security

You want to innovate by developing mobile apps to support new business initiatives. And you also need to manage the risks associated with mobile applications downloaded by employees through your BYOD programs.

Our behavioral analysis of mobile apps helps you determine which mobile apps violate enterprise policies for security and privacy — and why.

We provide a variety of mobile security solutions to accommodate the unique characteristics of mobile application development and deployment:

Mobile applications that you build. Our mobile security solution is a combination of automated analysis and program services that enables you to secure mobile applications during development so that security can be an innovation enabler.

Business mobile applications that you buy. Our mobile behavioral analysis engine provides intelligence and controls to help you detect which mobile apps violate your security policies.

Mobile applications your employees download under BYOD program. To help mitigate enterprise risk, our mobile security intelligence integrates with leading mobility device management (MDM) solutions.

Key capabilities

Test applications using a variety of analysis techniques — binary static, behavioral and manual analysis — to provide a comprehensive view of application vulnerabilities, risky and malicious behaviors.

Identify vulnerabilities and behaviors inherited from third-party components. You can then mitigate those risks with app wrapping or by using more secure component libraries.

Upload mobile applications for analysis and obtain detailed intelligence on application capabilities and behaviors before you allow them into your enterprise app stores or secure application containers. Every application is assessed statically to identify capabilities with the code and also run within a sandbox to identify risky behaviors during operation, using dynamic analysis techniques.

Enforce central policies. Every enterprise is different in the level of risk they are willing to take on and the types of application behaviors that they consider risky for various employee groups. The embedded policy engine enables you to quickly identify which mobile apps violate enterprise policy.

Integrate behavioral intelligence via APIs with a variety of enterprise MDM solutions, as well as with enterprise app stores, mobile application containers and app wrapping.

Leverage our searchable directory of the most popular Android and iOS apps available from public app stores including detailed behavioral intelligence on each application. You can use the directory to obtain a good understanding of the types of applications that would pass or not pass your policy.

Scale BYOD Programs via Automated App Blacklisting

Organizations struggle to balance between empowering employees by enabling mobile application use in the enterprise, and keeping enterprise data secure. Traditional mobile management capabilities such as device wiping, controlling email, and managing settings are insufficient to keep up with the risk posed by mobile applications that pose risks due to inherently insecure features, use of undersecured cloud services, mobile malware, and rapidly changing application characteristics. Existing approaches such as manually curated blacklists or whitelists either fail to keep up with the threat, allowing deployment of risky applications, or prevent employees from doing their jobs.

Veracode’s cloud-based app reputation service provides enterprise mobility platforms like MobileIron, AirWatch MDM, and IBM Fiberlink Maas360 with an instant on, continuously updated intelligence source that evaluates all mobile applications on enterprise managed devices against policies designed to keep corporate information secure. The service taps information about hundreds of thousands of mobile applications that have been assessed using Veracode’s unique behavioral analysis technology. Using the app reputation service, organizations can roll out a BYOD program that includes both preventative and corrective controls to keep corporate data safe from risky mobile applications.

Mobile security partners

To help you better act on behavioral intelligence and enforce corporate BYOD policies, we integrate our behavioral analysis capabilities with enterprise MDM solutions from leading providers.

Secure Mobile Applications in Development

Our mobile security solution is a combination of automated analysis and program services that enables you to secure mobile applications during development so that security can be an innovation enabler. Leveraging Veracode's static and behavioral analysis, and optionally Veracode's world class manual penetration testing team, you can get a complete picture of the risk in mobile applications that you build, including security vulnerabilities that may endanger the data being managed by the application as well as risky or unintended behaviors such as indiscriminate sharing of data with third parties. The solution also provides developers with guidance on how to address the problems found via a combination of in-platform guidance and expertise from Veracode application security consultants. Veracode's unique solution also includes support for identifying vulnerabilities and behaviors inherited from third-party components. You can then mitigate those risks with app wrapping or by using more secure component libraries.

Mobile Application Security

Veracode’s cloud-based solution helps mobile teams achieve the correct balance between innovation and control. We help effectively manage the security risk posed by the mobile apps that your organization builds, buys or downloads. Our solution provides the intelligence to protect against attacks and verify compliance with corporate risk and privacy policies.

Veracode’s mobile application security solution combines automated code assessments with expert remediation services that enable IT teams to rapidly secure mobile applications in agile development environments — without slowing innovation.

Behavioral analysis inspects all application actions in real-time, in a controlled sandbox, to expose risky and malicious behaviors such as exfiltration of sensitive data to unknown entities. To determine a risk rating, these results are then compared against millions of known applications, both malicious and safe, in Veracode’s reputation knowledge base.

The application is also assessed using binary static analysis to identify hidden malicious capabilities and common coding vulnerabilities such as buffer overflows and information leakage. Plus it integrates seamlessly with agile development processes and tools including IDEs such as Eclipse and Visual Studio; build servers like Jenkins and Team Foundation Server (TFS); and issue tracking systems like JIRA and Bugzilla.

Veracode’s cloud-based app reputation service enables secure BYOD (Bring-Your-Own-Device) by providing enterprise mobility platforms like MobileIron, AirWatch MDM, and IBM Fiberlink Maas360 with automated app blacklisting. The app reputation service is an instant on, continuously updated intelligence source that evaluates all mobile applications on enterprise managed devices against policies designed to keep corporate information secure. The service taps information about hundreds of thousands of mobile applications that have been assessed using Veracode’s unique behavioral analysis technology. Using the app reputation service, organizations can roll out a BYOD program that includes both preventative and corrective controls to keep corporate data safe from risky mobile applications.

Automated Cloud-Based Assessments

Behavioral Analysis

Behavioral Analysis is a security assessment methodology for mobile apps that provides insight into the risks posed by mobile app behaviors. It compliments traditional static anddynamic assessment methodologies which find security flaws and weaknesses in the application’s code. Behavioral Analysis is designed to inspect mobile applications during operation for risky or malicious behaviors—such as exfiltrating and transmitting sensitive data to unknown entities. An app’s risk rating is quantified in comparison to millions of data points from public applications.
More

Reputation Service

This cloud-based directory and policy-management service, accessible via APIs, provides detailed security intelligence about the most popular Android and iOS applications. This intelligence has also been integrated with widely-used Mobile Device Management (MDM) solutions to enable enterprises to enforce corporate policies regarding their employees’ mobile devices.
More

How we reduce mobile risk

Submit: Applications are auto-submitted using APIs or interactively via a simple web interface to our cloud-based platform.

Analyze: Dozens of analyses are performed, both statically, to identify how the application works and dynamically as the application runs in a sandbox, to identify hundreds of code vulnerabilities and risky app behaviors.

Quantify: Advanced machine learning technology generates a risk rating for each application by comparing its behavioral profile to millions of data points from known applications, both malicious and safe.

Inform: Our static and behavioral intelligence informs your policy development process, an important step for mobile application security programs. Our policy engine provides administrators with the ability to design and test rules before they are deployed for business units, geographies or workgroups.

Enforce: Integrate intelligence from our cloud-based platform with leading MDM solutions such as IBM/Fiberlink, MobileIron and VMware/AirWatch, or with custom in-house solutions via APIs, to enforce policies on end-user devices and enterprise app stores.