Just When You Thought It Was Safe to Go Mobile, New Security Threats Emerge

Is it safe to go mobile? New security threats keep your IT team up at night.

The classic 1978 film, Jaws 2, leveraged one of the famous movie taglines ever: “Just when you thought it was safe to go back in the water…” In the movie trailer, fictional Police Chief Brody famously states, “I think we may have another shark problem.”

How does a decades-old film relate to the concerns of today’s IT managers? Because, just when IT managers began to confidently address many of their Web-based and network-related vulnerabilities, along came a new and complex threat variant designed to feast on their valuable organizational data and keep them up at night: mobile malware. Now, let’s explore significant risks posed by mobile threats, and offer practical solutions to address the risks they pose.

Mobile Threat Landscape

Not so long ago, predictions stated that smartphones and tablets weren’t particularly susceptible to malware and hacking. That hasn’t proven to be the case. Instead, organizations’ growing use of mobile technology has been accompanied by an explosion of malware growth. Case in point: Published reports have indicated that malware aimed at mobile platforms grew 614 percent in the one-year period ending March 2013, nearly 450 percent faster than in the year before.

Mobile vulnerability statistics - Total Mobile Vulnerabilities from 2009 to 2013

With the pronounced growth in mobile malware, mobile vulnerabilities currently represent 4 percent of total vulnerability disclosures, up from less than 1 percent in 2009, according to the IBM X-Force 2013 Mid-Year Trend and Risk Report.

In late 2013, IBM partner Arxan Technologies identified and reviewed hacked versions of top iOS and Android apps from third-party sites outside of official Apple and Google app stores. They also reviewed 15 highly-popular free apps for iOS and the same 15 free apps for Android. In addition, 40 popular financial apps were reviewed, with a breakdown of 20 per platform. Arxan’s sample size totaled 230 apps.

To give you a sense of the pervasive nature of mobile risk, Arxan’s research determined that amongst top 100 paid applications:

  •  State of Security in the App Economy100% of apps on the Google Android platform had been hacked
  • 56% of apps on Apple iOS had been hacked

Amongst popular free applications:

  • 73% on Android had been hacked
  • 53% on Apple iOS had been hacked

Safeguarding Your Organization Against Mobile Threats

How do you balance the increased productivity and flexibility offered by mobile technology against growing security risks associated with mobile’s widespread usage? And, how do you manage the myriad of new security threats that are emerging in the marketplace? In 2012, IBM predicted that mobile computing devices were driving security controls and technology that hadn’t previously existed for traditional endpoint devices. But, how does your organization stay at the forefront of the mobile technology curve?

In order to address the growing market need for improved mobile protection, IBM is announcing two exciting new security solutions:

  • IBM Security Access Manager 8.0 all in-one appliance – powered by X-Force, Trusteer, and QRadar – to protect web and mobile applications from threat and vulnerabilities.
  • IBM Security AppScan 9.0 to help you identify and fix vulnerabilities in mobile source code and make your organization’s applications less susceptible to malware attacks.

The new release permits you to integrate your AppScan and IBM Worklight activities, so you can conveniently expand your overall IBM relationship and enhance security protection. You can read more details about what we are announcing below.

Transaction Security: Release of IBM Security Access Manager 8.0

Transaction Security: Release of IBM Security Access Manager 8.0

As organizations expand their business models to delivery via mobile, cloud and social platforms, a powerful access management solution is required to create and enforce session management and context-aware access policies across wide-ranging web and mobile applications. Solutions also need to protect your web and mobile applications from threats and vulnerabilities, through reliable threat protection mechanisms. And, gaining insight into user activity has become a critical requirement for you to effectively protect business assets and achieve your compliance goals.

On February 18th, IBM announced availability of the 8.0 version of Security Access Manager, the“all-in-one” appliance, which includes two modules – IBM Security Access Manager for Web 8.0 and IBM Security Access Manager for Mobile 8.0.

Provided to your organization as a virtual or hardware-based appliance, IBM Security Access Manager protects Web and mobile applications from threats and vulnerabilities through an advanced threat protection mechanism. As such, it enables you to conveniently create and enforce session management, application protection, and context-aware access policies across a wide range of Web and mobile applications. Expanded integration with IBM X-Force Threat Intelligence, IBM QRadar Security Intelligence Platform and Trusteer Mobile SDK help you to expand your end-to-end security capabilities.

Our new solution’s delivered to you in a modular package, so you can deploy it for an initial use-case (for example, traditional Web access management,) and then expand your implementation to other use-cases, such as mobile security.

For a summary of Security Access Manager 8.0’s capabilities, refer to the chart below:

“All-in-one” access management powered by X-Force, Trusteer and QRadar

For further details about IBM Security Access Manager 8.0, visit the following: About IBM Security Access Manager for Web.

Application Security Protection: IBM Security AppScan 9.0

Application Security Protection: IBM Security AppScan 9.0

IBM® Security AppScan® software enables organizations to assess the security of their applications and achieve regulatory compliance by identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.

At the RSA Conference, IBM announced availability of AppScan 9.0. AppScan 9.0’s enhanced security policy management capabilities permit organizations to identify their highest-risk application vulnerabilities, and prioritize those vulnerabilities for remediation. By remediating vulnerabilities early in the software development cycle, they’re much less expensive to remediate.

Enhanced mobile scanning capabilities in AppScan 9.0 help you to identify and fix vulnerabilities in mobile source code, making your organization’s applications less susceptible to malware attacks. In addition, IBM’s business partnership with Arxan Technologies offers you the ability to further “lockdown” applications against potential attacks.

Lastly, the new release permits you to integrate your AppScan and IBM Worklight activities, so you can conveniently expand your overall IBM relationship and enhance security protection.

For a summary of AppScan 9.0’s capabilities, refer to the chart below:

Application Security Protection: IBM Security AppScan 9.0

For further details about AppScan, visit the following: About IBM Security AppScan

To learn how IBM client West Virginia University protected its student data using IBM Security AppScan, consult: How West Virginia University Protects Sensitive Student Data

Share this Article:
Neil Jones

Market Segment Manager for Application Security

Neil currently serves as IBM's world-wide Market Segment Manager for Application Security. He possesses more than 10 years of experience in the IT security space, and has worked in a variety of different roles in the field, including product marketing, sales and even product pricing. He's been a designated Certified Information Systems Security Professional (CISSP) since 2008. In his spare time, he's an avid hiker, traveler and social media fan.