New Mobile Application Protection Suite (MAPS) Identifies Security, Privacy and Compliance Issues During Development and Protects Apps While In Use
Mobile applications have become a business requirement for almost every organization. According to a recent report, four out of 10 large enterprises are planning to deliver more than 50 apps for their internal and external customers.
To meet the skyrocketing demand, some enterprises are increasing their in-house app development while others are outsourcing. And while organizations have become proficient at developing mobile apps, many lack the ability to protect them from threats. When attackers discover and exploit apps in the wild, the lack of visibility and actionable information can lead to breaches, stolen data, brand impact, and lost revenue.
Until now, organizations trying to secure their mobile apps have been forced to piecemeal security solutions together. This approach leaves holes in the development life cycle related to security and provides little to no visibility into threats on end user devices.
According to Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat), “security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”
Organizations need a comprehensive solution that can help them protect their mobile apps throughout their life cycle.
The MAPS Solution Addresses the Need
Zimperium’s Mobile Application Protection Suite (MAPS), was created to address this need.
MAPS identifies security, privacy and compliance risks during app development and protects/monitors apps from attacks while in use, ending the piecemeal approach and connecting data in a single platform.
MAPS is comprised of three solutions, each of which address a specific enterprise mobile app security need:
- zScan helps organizations discover and fix compliance, privacy, and security issues within mobile apps before they are released as part of the development process;
- zShield hardens the app through obfuscation and anti-tampering functionality protects the app from potential attacks like reverse engineering and code tampering; and
- zDefend SDK (formerly zIAP) is embedded in apps to help detect and defend against device, network, phishing and malicious app attacks while the app is in use.
“MAPS provides peace of mind to CISOs, CIOs and security operational teams for the life of their mobile app,” said Nitin Bhatia, chief strategy officer at Zimperium. “Whether it is identifying security and privacy risks during the app development, or monitoring and protecting apps from attacks while in use, we are making sure mobile apps aren’t used by hackers as a data breach gateway.”
Zimperium will be conducting a webinar on MAPS on March 25th at 10am Central.
zScan – Building Compliant Apps
zScan provides an ongoing and automated ability to discover privacy, security, and compliance issues in mobile apps before the apps are released into the wild. zScan is designed to fit directly into the development process without requiring developers to go outside their normal operations, implement any new code, or have to log into another console. Once findings are discovered, zScan can open tickets in ticketing systems to provide developers with detailed information and work packages necessary to address the risk. Once developers fix and mark findings closed (as they would any bug or feature request), the information is synced back to zScan so security and compliance teams can verify the fix.
zShield – Building Secure Apps
Once a mobile app is released publicly, potential attackers can inspect it for any coding errors and vulnerabilities that can be exploited. Zimperium zShield’s obfuscation and anti-tampering functionality hardens and protects the app from attacks such as reverse engineering, piracy, removing ads, extracting assets, extracting API keys and inserting malware among others.
zDefend – Running Securely on Devices
With the zDefend SDK embedded, mobile apps can immediately determine if a user’s device is compromised, any network attacks are occurring or if malicious apps are installed. zDefend is completely configurable by app developers, who can take action when a given threat is detected.
The development of a mobile app should be focused on creating exceptional user experiences and engagement, not financial and reputation concerns over data breaches and privacy and security issues. MAPS provides peace of mind to CISOs, CIOs and security operational teams for the life of their mobile app.