ProofPoint

Targeted Attack Protection Mobile Defense - Protects organizations from dangerous mobile applications

With TAP Mobile Defense, IT administrators can detect and control apps with risky behaviors that may lead to advanced persistent threats (APTs), spear phishing attacks on employees, and other information security risks within the enterprise.

  • Combines comprehensive, correlated threat intelligence across multiple data sources with an adaptive engine to assess app risk
  • Looks for anomalous apps and risky app behaviors, allowing enterprises to detect side loading and suspicious enterprise-signed apps such as those delivered by the WireLurker and Masque Attack family of iOS malware
  • Three levels of privacy controls keep employees’ apps and content completely private
  • When used in tandem with MobileIron’s mobile device management (MDM) solution, IT administrators can restrict network access from mobile devices running risky apps
  • Provides a high level of control for Android and iOS devices in BYOD environments
  • New apps found on users’ devices are put to the front of Proofpoint’s analysis queue

Situational Awareness

Mobile Apps Expose Enterprises to Loss of Sensitive Data

The explosive use of mobile devices connected to enterprises allows cybercriminals, hackers, and hostile governments to target users as entry points to corporate networks. Apps may legitimately access proprietary data and contact information, however once information is exposed to the Internet it may be exploited for attacks on enterprise networks.

  • Both Android and iOS apps pose significant risk to enterprises
  • More than 30 percent of Android apps are capable of leaking users’ private data
  • Most iOS apps are vulnerable to the top 13 mobile security threats identified by Proofpoint
  • The iOS malware family known as WireLurker and Masque Attack infects non-jailbroken iOS devices through trojanized and repackaged OS X applications, and is the first known malware family that infects installed iOS applications in the same way as a traditional virus.
  • App developers integrate third party libraries of code into apps, but frequently don’t know what data is collected or where it is sent

Consumer Apps on BYOD Devices Put Enterprises at Risk

Riskware are apps that may behave well for consumers, but expose enterprises with bring-your-own-device (BYOD) programs to high risk.

  • Riskware frequently has passed security reviews by Apple and Google
  • But riskware can expose enterprises to data loss, transferring contact and address book information to third party servers, privacy violations and regulatory compliance violations
  • Enterprises need to control the risk of mobile apps with behaviors that can compromise data security

Features and Benefits

App Intelligence and Defense in BYOD Environments

Proofpoint’s app analysis engine powers TAP Mobile Defense, with a database of 3.5 million free and paid iOS and Android apps, and publisher reputation scores of 600,000 publishers. Each app is scored against 500 potentially malicious and privacy-leaking behaviors to determine whether it is risky or safe.

  • Each app’s code, behavior, and continuing operating characteristics are analyzed
  • New or unknown apps found on users’ devices are put to the front of the analysis queue and typically analyzed within minutes
  • Tracks the websites, servers, and third party cloud services that apps communicate with
  • Correlates all app traffic with a large, historical global database of malicious sites
  • Identifies apps communicating with sites that host phishing or app phishing sites, bonnet command and control centers, and servers hosted by cybercriminals
  • Once malicious traffic is identified, app may be blocked or flagged for deeper investigation

Enterprise Controls

TAP Mobile Defense offers a high level of control for Android and iOS devices in BYOD environments:

  • Administrative console offers a dashboard view of app risk throughout the enterprise
  • Set new thresholds for risky app behavior, and restrict specific behavior
  • White list, black list, and gray list specific apps

Automated Workflows

Workflows automate your defense with TAP Mobile Defense:

  • TAP Mobile Defense identifies a dangerous app on the employee’s device
  • The employee receives an alert that a dangerous app on their device must be removed
  • If the employee fails to remove the dangerous app in time, TAP Mobile Defense quarantines the device
  • Once the app is deleted, corporate services are reinstated

Employee Privacy

To assure that businesses have the flexibility to comply with a wide range of employee privacy laws and regulations, TAP Mobile Defense offers several levels of control. TAP Mobile Defense may be configured to:

  • Report all apps and specifically correlate apps to a user’s device
  • Report apps anonymously, without correlating to any user
  • Total privacy, where no app information is reported to the enterprise, only whether there is a dangerous app on an employee’s device