OpenPeak Offers Rich In-App Security; Blocks Suspicious Data Movement – Down to the Root
Mobile security solutions company OpenPeak is offerings an in-app hypervisor, in part to cut off hacker access to mobile users’ personal info and other data.
As hacker techniques for mobile apps become sneakier and more nefarious, developers can unknowingly open backdoor to let attackers siphon off personal information from unsuspecting users.
The growing threat to mobile apps has prompted mobile security solutions company OpenPeak, to extend its portfolio with what it called an in-app hypervisor.
One recent hack shows the value of OpenPeak’s approach, dubbed Sanction. One headline-grabbing tactic offered iOS developers a malicious SDKs, which opened users’ info to attack and retrieval. Once this SDK was discovered, Apple removed more 250 iOS apps built using the toolkit from its app store – but not before those apps were downloaded an estimated 1 million times combined.
OpenPeak’s Sanction in-app hypervisor is designed to protect user data on two levels, according to OpenPeak COO Andy Aiello.
- First, it encapsulates enterprise data.
- Second, using advanced app firewalling. It enables organizations to track, detect, manage and protect data movement initiated by apps running on phones and tablets – with the need of gateways or network proxies.
“Secure access to data from mobile devices is an absolute necessity in today’s business, education and government environments. Much of that access is now initiated via mobile applications on end user devices. In order to ensure that those applications are not intentionally or unknowingly passing on sensitive business or personal information to unscrupulous third-parties is an imperative,” Aiello said in a statement.
That problem set is what OpenPeak’s latest technologies takes on. “The only way to successfully achieve this necessary level of security is by ongoing monitoring, threat detection, and remediation capabilities on a per-app, per-connection basis in a way that cannot be circumvented by malware or malicious libraries,” Aiello added.
With OpenPeak’s Sanction app-by-app approach to security, each app gets its own embedded hypervisor and a rich suite of security technologies – including: isolation, authentication, authorization, encryption, auditing, and even policy enforcement. Further, each apps is also wrapped with capabilities that will intercept and inspect every interaction between the app and the underlying OS.
Under the Covers with OpenPeak Sanction’s ‘In-App’ Hypervisor
OpenPeak’s embedded software provides protection from any actions by an app or from malicious code that may be embedded within third-party libraries or even development tools. As Aiello explained, because these security operations occur after the app is compiled, so there is no developer involvement. Even better, there is no way for any malicious software to bypass its security mechanisms, he added.
Architecturally, the mobile app security approach has these main components:
Full Data Isolation: To isolate apps in a controlled manner, and encrypt all app data with unique per-app keys. It also continually monitors policies protect apps from leaking data due to programming errors, malicious developers, and malicious libraries.
Mobile App Firewall: To monitor and control how an app communicates, moves, and accesses data, including: Network traffic or traffic patterns; Enterprise contacts usage; Enterprise calendar access; Enterprise email; Copy-and-paste; External storage access; NFC / Bluetooth; Screen capture; and Inter-app communication including Open-In, URIs, URLs, intents, and service bindings.
Further, each monitored action can have a policy violation rule attached to it. These policy rules allow an enterprise to generate automated notifications to administrators, end-users, and devices, or take actions such as quarantining an application, removing an application from all devices in the organization, or wiping the entire secure workspace, Aiello added.
OpenPeak Sanction has also made it easy for IT admins to use. Thanks to a simple, wizard-based configuration, an admin first installs an app on a few devices and places it in “learning mode,” which logs app activity. This activity can then be inspected and used as a set of allowable actions and actions to take on policy violations.