Driven by exponential growth in the consumer market, new mobile devices (smartphones and tablets) are now entering the world of governments and companies. They open up opportunities to develop new applications on very large targets for citizens, customers, and already the first connected objects. The advent of this new equipment is largely due to the success of application stores (Apps Store, Google Play, Windows Store ...) and very large scale deployments of of micro-applications. These Apps fully exploit the interactive capabilities of the mobile devices. They enable new way to use smartphones and tablets. Most importantly, they are free, simple to use and efficient. For administrations and corporations, if these developments are a source of opportunity, they generate, at the same time, new needs in terms of security and confidence because the mobility services expose organizations, their employees, partners and customers to new threats. The origin of these threats lies in several points: 1. The nature of the new terminals, more open and communicative, are used for business purposes but also private 2. App stores are more or less secure, 3. Apps are easy to copy, clone or divert for hackers, 4. Consumers are not inhibited by the risk of downloading malicious apps, 5. Conventional antivirus solutions are inadequate with the reactivity of hackers, their exponential production of clones and other malware. 6. Users do not control personal or professional data handled by Apps: Phone numbers, SMS, agenda, payment and card details, health data, professional and personal files, pictures, recordings, etc. The threat increases when apps establish connections and perform actions on the mobile device, often without control regarding the compliance of the security policy of corporate information systems with which the device interconnects. The "Apps + Store" model induces new constraints on the IS and extends the scope and the security issues. In the field of mobile security, Pradeo has designed and developed a behavioral analysis engine for mobile application, called "Trust Revealing". For a given application, the engine reveals exhaustively actions performed by the application: 1. What connections the devices establishes, 2. What data the manipulates: user data (SMS, pictures, calendars, contacts, files, etc..), device data, application data, 3. What operations it performs: Sending data to a remote server, sending automatic SMS payment over unsecured connections, etc… Thanks to Trust Revealing technology Pradeo offers to its customers a securing apps promise and a protection against attacks by cybercriminals made through mobile applications available on public stores.
1 New generation of security solutions dedicated to mobile and connected items apps Mobility and security needs … Driven by exponential growth in the consumer market, new mobile devices (smartphones and tablets) are now entering the world of governments and companies. They open up opportunities to develop new applications on very large targets for citizens, customers, and already the first connected objects. The advent of this new equipment is largely due to the success of application stores general public (Apps Store, Google Play, Windows Store ...) and very large scale deployment of the concept of micro-application. These Apps fully exploit the interactive capabilities of the mobile devices. They make appear new way to use smartphones and tablets. Most importantly, they are ready to use, simple and intuitive. For administrations and companies, if these developments are a source of opportunity, they generate, at the same time, new needs in terms of security and confidence because the mobility services expose organizations, their employees and their customers, to new threats. The origin of these threats lies in several points: - The nature of the new terminals, more open and communicative, used for business purposes but also private, - Public app store more or less secure, - The Apps are easy to copy, clone or divert for hackers, - Some gullible consumers without inhibition or restraint against the risk of downloading malicious apps, - Conventional antivirus solutions inadequate with the reactivity of hackers and their exponential production of clones and other malware antivirus solutions. - Sensitive local, personal or professional data, handled through Apps, uncontrolled by the user: phone numbers, SMS, diary, mobile payment, health data, professional and personal files, photos, etc. As part of professional practice, the threat increases as the Apps established connections and perform actions on the mobile device, often without control regarding the respect of the security policy of the Information System. The "Apps + Store" model induces new constraints on the IS and extends the scope and the security issues.
Transcript
1
New generation of security solutions
dedicated to mobile and connected items apps
Mobility and security needs …
Driven by exponential growth in the consumer market,
new mobile devices (smartphones and tablets) are now
entering the world of governments and companies. They
open up opportunities to develop new applications on
very large targets for citizens, customers, and already the
first connected objects.
The advent of this new equipment is largely due to the
success of application stores general public (Apps Store,
Google Play, Windows Store ...) and very large scale
deployment of the concept of micro-application. These
Apps fully exploit the interactive capabilities of the mobile
devices. They make appear new way to use smartphones
and tablets. Most importantly, they are ready to use,
simple and intuitive.
For administrations and companies, if these developments
are a source of opportunity, they generate, at the same
time, new needs in terms of security and confidence
because the mobility services expose organizations, their
employees and their customers, to new threats. The origin
of these threats lies in several points:
- The nature of the new terminals, more open and communicative, used for business purposes but also private,
- Public app store more or less secure,
- The Apps are easy to copy, clone or divert for hackers,
- Some gullible consumers without inhibition or restraint against the risk of downloading malicious apps,
- Conventional antivirus solutions inadequate with the reactivity of hackers and their exponential production of clones and other malware antivirus solutions.
- Sensitive local, personal or professional data, handled through Apps, uncontrolled by the user: phone numbers, SMS, diary, mobile payment, health data, professional and personal files, photos, etc.
As part of professional practice, the threat increases as
the Apps established connections and perform actions on
the mobile device, often without control regarding the
respect of the security policy of the Information System.
The "Apps + Store" model induces new constraints on the
IS and extends the scope and the security issues.
2
The company and its innovative solutions …
3 major products based on:
History Pradeo is an innovative French company founded in 2010, specialized in the field of mobile devices security and mobile application security.
The particularly innovative nature of our products has been recognized and praised by many professionals invested in the field of mobility. Pradeo has earned many prices:
- In 2010 and 2011, twice in a row winner of the competition to help create innovative enterprises of the French Ministry of Research.
- In 2011, winner of the Innovation Award at the Digiworld summit.
- In 2012, winner of the prestigious "Venture Capital" of the French Senate contest, and the prize for the internationalization of the CCI (Chamber of Commerce and Industry) in Paris.
More recently, the Gartner analysis demonstrates the global reach of our technology and confirms the relevance of our solutions. Thus, Gartner recognizes Pradeo as "visionary" on mobile applications security (ref: Magic Quadrant "Apps Security Testing" - Joseph Feiman & Neil MacDonald - 1 July 2014)
A structuring innovation … In the field of mobile security, Pradeo has designed and developed a
behavioral analysis engine for mobile application, called "Trust
Revealing". For a given application, the engine reveals exhaustively
actions performed by the application:
- What connections it establishes,
- What data it manipulates: user data (SMS, photos, calendar, contacts, files, etc..), Device data, application data,
- What operations it performs: sending data to a remote server, sending automatic SMS payment over unsecured connections, etc…
Thanks to this technology which is the foundation of our products
and service, Pradeo offers to its customers a securing apps promise
and a protection against attacks by cybercriminals made through
mobile applications available on public stores.
Products targeting Apps security
Pradeo’s products are positioned on the apps value chain for contributing to mobile application security.
The value chain is composed by 3 key links:
- Application production provide by the company and/or its partners
- The distribution of applications, through a private store (for employees) or public stores (for customers)
- Their "consumption" from mobile devices users.
Pradeo secures the implementation of the Apps value chain within companies.
SaaS or “on Premise” platform, where an
editor, consultant or company may submit
a mobile application, with one click, and
get a security audit of an application.
THE Solution for companies to secure
their smartphones and tablets by taking
control of applications security level. This
solution unifies in a single product of the
security services and the services of
traditional management: MDM (Mobile
Device Management), MIM (Mobile
Information Management), MAM (Mobile
Application Management).
API version of CheckMyApps, dedicated to
companies that develop critical mobile
applications (payment, healthcare,
defense, etc...). CheckMyApps API is
integrated into their critical application
and check that the others applications
installed on the smartphone environment
are safe in order to guarantee the
execution of the critical apps.
3
The way Pradeo support companies in developing their own Apps value chain …
… and the key differentiators of Pradeo on the the IT mobile security market
■ Manage and protect a fleet of mobile devices
■ Real time control of downloaded apps and mobile fleet exposure to security risk
■ Prohibit the use of applications
that do not comply with the
security policy of the company
■ Audit with one click the behavior of a mobile application
■ Deliver a trust and security mark base on the behavior of an app
Trusted mobile services
and Secured use of mobile
devices…
On the entire apps value
chain…
■ Protect the execution of a critical mobile application
■ Real time control of downloaded apps
■ Block the execution of the critical apps in case of major risk
Production Consumption
App App App App
App App App App App
App App AppApp
App AppAppApp
App AppAppApp
App AppApp App AppApp App
App AppApp App AppApp App
Distribution
Corporate Store
Public Store
■ Manage a Corporate store dedicated to employees
■ Manage public or business list of apps recommended by the company
■ Manage whitelists and / or blacklists of applications thanks to our world database of apps audit
