OpenPeak Inc., a leading provider of mobile cybersecurity solutions,
today introduced the industry’s only in-app hypervisor. The new in-app
hypervisor, named SANCTION, delivers unsurpassed levels of
enterprise data encapsulation and advanced app firewalling. SANCTION
enables organizations to track, detect, manage and protect all instances
of data movement initiated by mobile applications on smartphones and
tablet devices without any reliance on gateways or proxies in the
network.
A number of recent events have illustrated the immediate need for a way
to protect businesses and consumers from malicious developers,
third-party libraries, and even developer tools used to create apps for
mobile devices.
Apple recently announced the removal of over 250 iOS apps with over a
million estimated downloads from its App Store. The affected apps were
siphoning personal information from users and sending it to remote
servers without the knowledge of their legitimate developers, who had
unknowingly used a malicious 3rd party SDK in their
application. This news came only a few weeks after the discovery of the
XcodeGhost malware, where a modified version of Apple’s app development
tool added malicious code to apps without the developer’s knowledge.
Over 500 million users were potentially affected by the XcodeGhost
malware. Most commercially available solutions for mobile app protection
require modification or recompilation of an app with an SDK.
Unfortunately, none of these SDK approaches could have identified the
malicious code highlighted in recent attacks.
“Secure access to data from mobile devices is an absolute necessity in
today’s business, education and government environments. Much of that
access is now initiated via mobile applications on end user devices,”
said Andy Aiello, COO of OpenPeak. “In order to ensure that those
applications are not intentionally or unknowingly passing on sensitive
business or personal information to unscrupulous 3rd parties
is an imperative. The only way to successfully achieve the necessary
level of security is by ongoing monitoring, threat detection, and
remediation capabilities on a per-app, per-connection basis in a way
that cannot be circumvented by malware or malicious libraries.”
OpenPeak’s SANCTION in-app hypervisor takes a revolutionary approach.
Leveraging OpenPeak’s patented ADAPT technology, which adds a full
suite of isolation, authentication, authorization, encryption, auditing,
and policy enforcement into each app, SANCTION adds an embedded
hypervisor and advanced firewall into the wrap to intercept and inspect
every interaction between the app and the underlying OS.
Because ADAPT takes place after the app is compiled, there is no
developer involvement needed and no way for any malicious software to
bypass its security mechanisms. The embedded software provides
protection from any actions by an app or from malicious code that may be
embedded within third-party libraries or even development tools. This
patented technology creates a distinct administration and protection
domain for enterprise apps.
The SANCTION in-app hypervisor protects all forms of data movement by
applications, and allows enterprises to block or allow specific
connections on a per app or per connection basis. SANCTION gives
enterprises control over: network traffic or traffic patterns,
enterprise contacts usage, enterprise calendar access, enterprise email,
copy and paste, external storage, inter-app communication including
Open-In, URIs, URLs, intents, and service bindings; NFC/Bluetooth,
screen capture, and device jailbreak/rooting. In addition to the vast
levels of control that enterprises may enable through SANCTION, each
blocked action can also have a policy violation rule attached to it. The
policy rules allow enterprises to generate automated notifications to
admins, end-users, and devices, or take actions like quarantining an
application, or even removing an application or wiping the entire secure
workspace.
SANCTION also provides surgical, closed-loop policy controls to
identify, isolate, and respond to all security threats, even zero-day
threats from code embedded in otherwise trusted apps.
For more information, visit www.openpeak.com