Among today’s diverse computing platforms, mobile and tablet apps and packaged or embedded software are all exposed to hacking attacks such as reverse-engineering, tampering, insertion of malware/exploits, repackaging, fraud, intellectual property theft, and piracy.
With that background in mind, IBM has looked to provide both its cloud and traditional customers with Arxan Technologies’ software security solutions that protect the mobile app economy.
The Arxan Application Protection for IBM Solutions offering enables run-time protection, self-defence, and tamper-resistance inside mobile applications that run on all major platforms (including Apple iOS, Android, Windows Phone, Blackberry, and Tizen) by defending, detecting, and reacting to attacks and exploits.
Its Guarding technology enables sensitive or high-value applications to proactively guard their own integrity by defending, detecting, alerting, and reacting to hacking attacks through a risk-based, customized protection.
Enterprises and application developers will now be able to leverage IBM’s security solutions portfolio to build and keep applications secure using the seamless integration of App Hardening and Run-Time Protection into their mobile application security strategies.
In contrast to centralised web environments, mobile applications live `out in the wild,’ on a distributed, fragmented, and unregulated mobile device ecosystem. Binary code in mobile applications can be directly accessed, examined, modified, and exploited by attackers, if not properly protected. This new environment attracts a number of new threats that are addressed by Arxan’s proprietary, binary-level `guard’ technology.
The combination of IBM AppScan and Arxan, brings a ‘Scan and Protect’ strategy for mobile application security, thus enabling a consistent, scalable approach to securing sensitive applications holistically. The Arxan solution is available via IBM’s standard customer purchasing programs, such as IBM Passport Advantage, as well as through IBM sellers and business partners. Support will be provided by IBM (through its first-line support offering, IBM Elite Support) and Arxan.
“Blocking hacking attacks on mobile applications requires a new layer of proactive security,” said Mike Dager, CEO, Arxan Technologies. “Traditional application security practices alone, including safe coding practices, are no longer sufficient to protect mobile applications from these new binary vulnerabilities, as even flawless code can be reversed, modified, manipulated at run-time, or repackaged and distributed. With so much riding on pristine execution of applications, and so small a barrier for hackers to compromise the integrity and confidentiality of the applications, businesses are at significant risk for brand compromise, intellectual property loss or financial damage unless they include App Hardening and Run-Time Protection in their security approach.
“Arxan’s App Hardening and Run-Time Protection serves a crucial role to protect applications from hackers and malicious exploits,” said Caleb Barlow, Director of Application, Data and Mobile Security, IBM. “With the addition of Arxan, we offer clients a more integrated approach to security with a comprehensive solution portfolio from one vendor (IBM) to secure mobile applications. With IBM AppScan, we help clients build safe code during development and with Arxan, we help keep applications protected after their release and deployment out into the wild.”
Arxan Application Protection is available from IBM in two versions. The `Consumer and ISV’ version is for protecting external-facing applications, such as business-to-consumer (B2C) and business-to-business (B2B) applications, as well as packaged software applications produced by independent software vendors (ISVs). The `Enterprise Internal` version is for protecting internal-facing applications for employees and contractors of an enterprise (B2E applications).
Application security specialist, OWASP, has identified `Lack of Binary Protections’ as part of its Top Ten Mobile Risks announcement in 2014. Moreover, recent research found that 78 percent of top mobile apps have been turned into hacked versions, showing how the hostile environment is now `the new normal’ for unprotected apps.