Veracode’s cloud-based solution helps mobile teams achieve the correct balance between innovation and control. We help effectively manage the security risk posed by the mobile apps that your organization builds, buys or downloads. Our solution provides the intelligence to protect against attacks and verify compliance with corporate risk and privacy policies.
Veracode’s mobile application security solution combines automated code assessments with expert remediation services that enable IT teams to rapidly secure mobile applications in agile development environments — without slowing innovation.
Behavioral analysis inspects all application actions in real-time, in a controlled sandbox, to expose risky and malicious behaviors such as exfiltration of sensitive data to unknown entities. To determine a risk rating, these results are then compared against millions of known applications, both malicious and safe, in Veracode’s reputation knowledge base.
The application is also assessed using binary static analysis to identify hidden malicious capabilities and common coding vulnerabilities such as buffer overflows and information leakage. Plus it integrates seamlessly with agile development processes and tools including IDEs such as Eclipse and Visual Studio; build servers like Jenkins and Team Foundation Server (TFS); and issue tracking systems like JIRA and Bugzilla.
Veracode’s cloud-based app reputation service enables secure BYOD (Bring-Your-Own-Device) by providing enterprise mobility platforms like MobileIron, AirWatch MDM, and IBM Fiberlink Maas360 with automated app blacklisting. The app reputation service is an instant on, continuously updated intelligence source that evaluates all mobile applications on enterprise managed devices against policies designed to keep corporate information secure. The service taps information about hundreds of thousands of mobile applications that have been assessed using Veracode’s unique behavioral analysis technology. Using the app reputation service, organizations can roll out a BYOD program that includes both preventative and corrective controls to keep corporate data safe from risky mobile applications.
Automated Cloud-Based Assessments
Behavioral Analysis is a security assessment methodology for mobile apps that provides insight into the risks posed by mobile app behaviors. It compliments traditional static and dynamic assessment methodologies which find security flaws and weaknesses in the application’s code. Behavioral Analysis is designed to inspect mobile applications during operation for risky or malicious behaviors—such as exfiltrating and transmitting sensitive data to unknown entities. An app’s risk rating is quantified in comparison to millions of data points from public applications.
This cloud-based directory and policy-management service, accessible via APIs, provides detailed security intelligence about the most popular Android and iOS applications. This intelligence has also been integrated with widely-used Mobile Device Management (MDM) solutions to enable enterprises to enforce corporate policies regarding their employees’ mobile devices.
How we reduce mobile risk
Submit: Applications are auto-submitted using APIs or interactively via a simple web interface to our cloud-based platform.
Analyze: Dozens of analyses are performed, both statically, to identify how the application works and dynamically as the application runs in a sandbox, to identify hundreds of code vulnerabilities and risky app behaviors.
Quantify: Advanced machine learning technology generates a risk rating for each application by comparing its behavioral profile to millions of data points from known applications, both malicious and safe.
Inform: Our static and behavioral intelligence informs your policy development process, an important step for mobile application security programs. Our policy engine provides administrators with the ability to design and test rules before they are deployed for business units, geographies or workgroups.
Enforce: Integrate intelligence from our cloud-based platform with leading MDM solutions such as IBM/Fiberlink, MobileIron and VMware/AirWatch, or with custom in-house solutions via APIs, to enforce policies on end-user devices and enterprise app stores.