Security specialist FireEye launched Mobile Threat Prevention, a cloud-based platform designed to address threats from the mobile vector for devices running Google’s Android operating system.
The platform, which will become widely available at the end of the year, is designed to detect and report mobile threats and also provides concise assessment of an application’s behavior, including hidden malicious and unwanted functionality.
“Enterprises aren’t just concerned about the smartphones and tablets they procure and issue to employees, but they are also dealing with employee-owned devices and the realization that they must secure their own content, data and applications on a majority of devices they do not own,” Charles Kolodgy, research vice president of security products with IT analytics firm IDC, said in a statement.
Rather than relying on malware signatures—which are considered less effective against today’s fast-moving, constantly changing threats, the platform detonates Android apps within the company’s Multi-Vector Virtual Execution (MVX) engine to provide automated mobile threat assessment.
“Today’s cyber-criminals are using all the resources at their disposal to compromise an organization and steal intellectual property,” Dawn Song, FireEye fellow and associate professor of computer science at UC Berkeley, said in a statement. “These blended attacks encompass various vectors: email, Web, file and increasingly the mobile vector. Traditional security defenses fail when advanced malware gets increasingly complicated and dynamic. FireEye Mobile Threat Prevention has a unique approach to address these problems.”
In addition, the platform uses contextual analysis to connect disparate actions designed to form a full picture of the app’s unwanted behaviors and uncover the hidden malicious behaviors embedded deep within the app. On-demand threat assessments for both custom apps and apps are available in public or enterprise app stores.
Other features include an app threat database containing detailed app behaviors for more than 1 million apps and play-by-play analysis of suspicious apps to enable security professionals to dissect detailed app behaviors.
Rounding out the package are application programming interfaces (APIs) to connect with mobile management and endpoint solutions for integration, and threat intelligence sharing through the company’s Dynamic Threat Intelligence (DTI) cloud for multiple threat vectors such as Web, email and files.
More than three-fourths of businesses had a mobile security incident in the past year, and the costs are substantial, according to the findings of a study from security specialist Check Point Software Technologies. The June report found mobile security incidents cost 42 percent of businesses six figures, with 16 percent putting the cost at more than $500,000.
Google’s Android operating system was the mobile platform with the greatest perceived security risks, the study found. Android was cited by 49 percent of businesses as the platform with the greatest perceived security risk (up from 30 percent last year), a far higher percentage than those of Apple, Windows Mobile and BlackBerry.