Mobile security software as a service (SaaS) provider Lookout is betting on its cloud-based big data analytics capability to attract enterprise customers.
“We use machine intelligence to analyse new apps every day and make correlations with every other app we’ve seen to protect mobile users,” said Aaron Cockerill, global head of enterprise products at Lookout.
“Lookout has done full breakdowns for around eight million apps since 2007 to provide protection for more than 60 million consumers.”
Now Lookout has 20 businesses beta testing its enterprise products ahead of the official launch and availability this summer.
“We now have enough understanding of the mobile software ecosystem and enough statistically relevant data on mobile threats to expand to the enterprise market,” said Cockerill.
He was attracted to Lookout after an 11-year career at Citrix focusing on mobile development by the SaaS provider’s unique approach to identifying mobile threats.
“Lookout’s approach is to secure the mobile ecosystem by setting up mechanisms to examine all the code in that ecosystem for malicious behaviour,” said Cockerill.
Read more about mobile security
- Free apps could be providing hackers with a backdoor to gain access to sensitive user data
- Attacks on mobile devices are among Verisign’s 10 predictions for biggest cyber security threats in 2015
- Mass mobilisation calls for next-generation security tools
- Only one in 20 UK workers are given guidance on mobile app security, a study has shown
Cloud system checks for malicious code
Mobile app stores use Lookout’s application programming interface (API) to submit code to Lookout’s cloud-based systems, which respond with an initial assessment in ten seconds.
These systems analyse between 10,000 to 40,000 pieces of mobile software added to mobile app stores every day, and correlate that with its existing database.
“Many of these are updates, but because mobile operating systems tend to rip and replace code, updates need to be treated as new binaries,” said Cockerill.
The systems break down the apps to examine all the components and meta data, including the digital cryptographic hash used to confirm that software author and guarantee the code has not been corrupted.
Full analysis can be done within minutes and includes executing the code to examine how it behaves and “fingerprinting” each component for comparison with previously seen malicious code.
Benign appearance app proves method
The effectiveness of this method was proven when an app was published – because it looked and behaved benignly, and appeared backed-up with customer support and a website – despite Lookout’s recommendation not to.
“Our systems had identified that three chunks of code were similar to previously seen malicious code and had a private code signer in common. Within a month of release, it began displaying malicious behaviour and had to be withdrawn,” said Cockerill.
Although Lookout emphasises the importance of education and understanding about mobile threats, he said some of the exploits they see could spell very bad news if used against enterprise targets.
“We have seen one piece of mobile malware that piggybacks on cellular networks until it can find a way into a Wi-Fi network – and another that uses SSL encryption to hide what it’s doing,” said Cockerill.
Risk settings and corporate policy
In the enterprise market, Lookout will alert customers about areas of concern that need to be investigated.
Enterprise users will be able to set central risk and behaviour policies depending on their industry vertical and role of the individual users.
For example, financial services may choose to set a higher level of risk for threats that appear to target client contact lists.
The device client will alert enterprise users that apps they intend to download may be malicious. If they go ahead anyway, the client will pass a message to the company’s mobile device management system.
“This will enable companies to set policies for handling such alerts through whatever mobile data management system they are using,” said Cockerill.
In-house apps pose biggest threat
Lookout believes apps developed in-house by enterprises or their systems integrators could emerge as one of the biggest threats to security.
“Typically these apps are developed quickly, by inexperienced mobile developers using cross-platform tools, and they are not properly security vetted,” said Cockerill.
“This is especially a risk for enterprises using iPhones, because the custom apps are not subjected to the Apple security review processes and can open up a path for attackers into a previously closed system.”
For this reason, the Lookout API used by online app stores will also be available to enterprise customers to test the security of all custom-built apps.
The API will also give enterprises using Android devices some protection against malicious software introduced into the enterprise through apps not subjected to the rigours of testing by Google Play.
“Many of those companies beta testing our enterprise products share our concerns about custom-built apps and apps not sourced from official Apple and Google app stores,” said Cockerill.
Route to market through channel partners
The enterprise product is designed to analyse mobile operation system configurations and flag any that could be exploited by attackers.
Lookout plans to take its enterprise product to market exclusively through channel partners.
“Enterprises prefer to buy security products from trusted advisors who can explain the options and guide them through proof of concept deployments,” said Cockerill.
Lookout will announce its channel partners in the run-up to the launch of the enterprise product.
The company hopes to attract enterprise customers through its big-data approach to mobile security to compete against signature and behaviour-based technologies for which attackers are able to develop evasion techniques.