Page 123 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 123

No Single ‘Magic Bullet’ Solution

            As expected, and for good reasons, financial services organisations comprise one of the best protected
            sectors  against  digital  threats.  However,  there  is  no single ‘magic  bullet’  solution  to  do  it all. Mobile
            presents numerous disparate threats, requiring different technologies, solutions and processes. Mobile
            app security requires a multi-layer approach to secure the whole protocol stack but, despite this being a
            large issue, it is not uncommon for discussions about mobile banking apps to focus on the small set of
            externally provided safeguards such as device fingerprinting, multifactor authentication and encryption to
            protect sensitive data.



            Rethinking Mobile App Security

            A new approach has been introduced which provides three transformational benefits for securing mobile
            banking apps:

                 The first benefit is to prevent reverse engineering and tampering, which could lead to breaches
                   and app data theft, by hardening mobile apps after code is complete with a system of embedded
                   safeguards
                 The second benefit is stopping API compromises and theft of intellectual property or personal
                   identifiable  information  with  comprehensive  data  and  key  encryption  using  white-box
                   cryptography
                 The final benefit is that security teams can stay ahead of app threats and vulnerabilities with the
                   ability for each protected app to “phone home” and provide real-time threat visibility and analytics
                   data.

            This new approach adds security functionality and mobile code hardening just once, after the code is
            finished. By doing this, zero trust is assumed in all devices running the app whether inside or outside the
            traditional perimeter. Code segments, known as ‘guards’, provide a high level of security awareness,
            detection, protection and security event data collection for analytics when an app is attacked. Once the
            guard network is created, follow-on protection for further app releases will need minimal effort due to the
            automated re-deployment of app hardening and safeguards to each new revision of code.



            Real Time Visibility and Analytics

            There is now valuable intelligence into what happens to an app after it’s deployed into the wild.  This
            actionable data means that an app’s behavior can be changed whilst under attack. A positive element of
            this is that it has the ability to identify the most common attack vectors and target help developers and
            business stakeholders so that they make better decisions regarding how and when to adapt their app’s
            security.










                                 123
   118   119   120   121   122   123   124   125   126   127   128