Organizations race to adopt new controls protecting data, business systems and Intellectual Property
Published on October 14, 2016 by Sebastian Holst
Released on September 31, 2016, Dotfuscator Professional 4.25 includes, for the first time, the ability to inject real-time detection, defense, and notification of unauthorized debugger use against production applications.
40 companies in 14 days
Within the first two weeks of availability, 40+ development organizations kicked-off projects to implement these controls. While the pace of adoption is unprecedented, it’s the composition of this first wave of adopters that is especially significant.
Charting early adopter industry sectors and their respective industry focus
The first chart divides early adopters by their industry sector. While it may not be surprising to see 66% identify as ISVs, the fact that equipment manufacturers make up the remaining portion of the private sector at 24% is certainly noteworthy.
The second chart divides the early adopters by their industry focus, e.g. who are their target users? Equipment manufacturing becomes even more dominant in this context as more than half of the public sector and a fifth of the ISVs are targeting equipment manufacturer users as well – bringing manufacturing application development to 45% of the early adopter community – the largest by far.
Half of the ISV community (29% overall) develop business applications and services – which, while not as striking as manufacturers, is still a greater percentage than all of the other (non-manufacturer) categories combined.
What do business systems and manufacturing applications have in common that make debugger hacking controls particularly important?
Let’s start with what sets debugger hacking controls apart from Dotfuscator’s current set of application security controls such as obfuscation or Dotfuscator’s ability to inject feature and exception monitoring.
Debugger hacking controls are unique in that they:
- Expand Dotfuscator’s risk management profile beyond any one application: Debugger hacking is used gain unauthorized access to data and systems beyond the application being hacked. Modifying dynamic SQL queries, altering credentials and security profiles, accessing keys, etc. can turn a safe application into a backdoor to an entire enterprise;
- Combine real-time defense with monitoring and analytics: applications defend themselves in real-time while feeding one or many application and system monitoring platforms including those from Microsoft, Google, New Relic, and (of course) PreEmptive Solutions. Traditional PreEmptive Analytics are only consumed by PreEmptive endpoints;
- Ensure reliable, scalable, and automated implementations; seamless ALM and DevOps integration ensures that application behavior, quality, and governance is effectively managed across existing development, staging, and deployment platforms and methodologies. This is not new for Dotfuscator, but has not been a priority for RASP vendors. If implementing real-time controls is too complex, risky, or unpredictable – the control can often be worse than the risk.
What do manufacturing and business applications have in common?
Manufacturing and business applications are most likely to:
- Process high-value information,
- Play a material role in effective, ongoing operations (down-time is expensive),
- Operate in highly regulated environments,
- Contain and manage Intellectual Property and Trade Secrets.
- Be especially vulnerable to debugger-hacking exploits as these applications are deployed globally under disparate legal systems and out of direct control of application owners,
- Include both modern (mobile, cloud) and traditional PC-client and server components – all of which can be vulnerable to this exploit.
It doesn’t really matter if you develop manufacturing or business applications, if your applications share any of the above traits, we would recommend taking a much closer look at both the risk that this kind of exploit may pose to your organization and the extent to which the debugger-defense controls now available in both Dotfuscator Professional for .NET (AND DashO for Java and Android) can help mitigate those risks.
For more information, visit Top 5 reasons why Dotfuscator’s new anti-debugging and anti-tamper technology is changing the way developers manage risk. NOTE the opportunity to download a white paper from that page as well.