Hardened Apps = Harder Target = Reduced Corporate Risk
Published on February 5, 2019 by Alexander Goodwin
There’s an app for that.
Apple’s (now trademarked) slogan is perhaps more telling than the company intended: Organizations rise and fall on the strength of applications — well-integrated, full-featured apps can help drive market success, while offerings more limited in scope and functionality may prove disastrous.
The sheer volume of both external and internal applications has also created a new challenge for companies: Risk management. Cybercriminals are both creating custom code and leveraging tools available on the Dark Web to compromise applications, steal corporate data and wreak network havoc.
Consider: In the first month of 2019 alone, there have already been reports of flaws in mobile file explorers and Mac-based steganography issues — that’s malicious data embedded within an image — along with discussions around the need for new taxonomies for SCADA attacks as these control-level applications and systems come increasingly under threat.
The result? Applications are simultaneously a big company asset and a potential vulnerability. The solution? Turning your must-have app into a hard target for hackers.
For more than two decades, PreEmptive Solutions has led the charge on application obfuscation, hardening and risk management — recognizing the unique balance that companies must strike between innovation and information protection by developing controls to consistently and effectively mitigate and manage material risks.
If that sounds like a daunting task, it is — which is why at PreEmptive we’ve worked steadfastly alongside our clients to develop a multifaceted approach to application protection, one that embraces the need for competitive differentiation without compromising the critical requirements of robust app security.
To limit overall risk, app protection must include controls that span four key dimensions:
- Prevention — By obfuscating application code and processes, PreEmptive’s Dotfuscator quickly frustrates hacker efforts. Our obfuscation techniques include patented renaming, configurable control flow, string encryption and metadata stripping — among others — to reduce total risk.
- Detection — Leveraging anti-tamper and anti-bugging controls help detect hacker activity before apps are compromised.
- Response — Using a combination of real-time defenses, pre-packaged exemptions and randomized crashes, your app responds effectively to malicious attacks.
- Reporting — Know what goes where, when, and how with our robust reporting tools.
Marcel Oosterhof, CEO of CardExchange Solutions puts it simply: “Dotfuscator helps to secure our IP and also to harden our applications and our data in the field.”
Quality by Design
Great controls aren’t enough on their own; high-quality application hardening and obfuscation tools are required to defeat emerging threats across multiple platforms, operating systems and devices. That’s why we conduct rigorous manual and automated testing to ensure broad-spectrum support and leverage our massive infosec community to quickly validate new releases — and why Iceland’s Islandbanki uses PreEmptive Protection to better secure their Android and iOS applications.
Application protection isn’t static. Hackers aren’t content to use last year’s methods or rely on outdated flaws — the recent FaceTime bug shows that even widely-used and well-tested applications can contain previously unknown and potentially devastating vulnerabilities. The result? Companies can’t afford to be caught unaware when new attack vectors emerge.
Consider the work of PreEmptive client ABBF Bausoft AG. This high-quality industrial software development firm needs protection software that can keep up with its rigorous development schedule: ABBF builds their software over 25 times per day, 365 days per year. PreEmptive is up to the challenge: In the last 24 months, we’ve released 28 product updates to address new threat vectors and improve app security. For ABBF this is critical — “Dotfuscator’s quality, reliability, and performance are as critical to ABBF as are Dotfuscator’s security and risk management controls.”
Integration is critical in effective app protection. Corrective controls cannot demand excessive time or extensive expertise and must be designed to limit inter-app friction across multiple IT environments. For Siemens Rail Automation, this kind of low-friction approach is critical: The company manages multiple lines of business and myriad rail technologies to help ensure the desirability of modern, mass-transit railways.
PreEmptive has been an integral component of their multi-layered approach to security, quality and reliability across multiple lines of business since 2003 and has helped reduce overall defensive friction with support for automated deployment, cross-assembly hardening and incremental patching.
Speaking of support, no risk management solution is complete without responsive, on-demand assistance. PreEmptive stands ready to assist wherever, whenever — for application stress testing firm Itexis, this meant assistance with deployment and implementation; CEO Serge Levi has high praise for PreEmptive support staff “who worked with us throughout our development process to ensure that we had the most secure, stable, and performant implementation.”
We’re also here when critical issues arise; our dedicated, live support staff provide on-demand assistance to help apps cross the finish line and avoid unplanned delays.
An Untrusted World
Attackers are pressing their advantage as application that run in untrusted environments are difficult to protect
PreEmptive Protection for .NET, PreEmptive Protection for Android and Java and
provide multilayered protection that combines critical controls, superior quality, evolving protection, streamlined deployment and ongoing support to hardened apps and reduce corporate risk.