As the mobile space has grown, so have the threats that mobile devices are susceptible to, whether its zero-day exploits, malware, or malicious networks. The vastness of this environment (and its threats) makes it impossible for any single source solution to be accurate in real-time.
To combat this challenge, massive crowd-sourced threat intelligence has become a crucial component to any mobile threat defense solution. But, it is important to understand the two major components that define the success of a crowd-sourced threat intelligence solution: quantity and quality. You see, having a bunch of sensors that collect the wrong information or having the world’s most thorough sensor in just one location are both equally ineffective.
A robust solution will provide the best of both worlds, by leveraging a vast array of global sensors that collect the information needed to make accurate, real-time threat assessments. With Skycure, this comes in the form of a free mobile app, currently installed on devices worldwide and scanning and analyzing millions of networks and apps on a monthly basis. Importantly, independent users have the same app, collecting the same rich, non-private data, as enterprise customers, instead of a trimmed down and less functional consumer version.
It is crucial to be respectful of an end user’s privacy while also collecting data that is meaningful within the context of mobile threat detection. For that reason, the Skycure app will never capture or store an end user’s private or personal data or browsing history – instead it collects only the non-sensitive data it needs to keep users safe. Here are a few examples:
- App reputation is a way to identify potentially malicious apps. By aggregating global data about app variations, certificates, developer indicators, source origin and a variety of other details about every app, it is possible to determine if a new app is legitimate or suspicious. Does this app match known good apps in every way, or is it the first to show up with a new certificate? For repackaged apps, there will be no obvious indicators to the single device or organization attempting to install it, but in the context of crowd-sourced data, Skycure can immediately flag the app as legitimate or not (even if it differs from the original app by a single byte), often without requiring extensive server analysis.
- Network details are often the key to deciphering a fake WiFi access point. Since mobile devices are programmed to automatically rejoin familiar networks, it is common for attackers to create malicious access points, which look legitimate. Some key details we monitor include the access point’s hardware make and model, MAC address pattern, IP address range, physical location, etc. all of which is publicly shared by the router. When a network is joined that deviates from an expected pattern or demonstrates malicious behavior, the end user is alerted and automated remediation kicks in to protect sensitive data.
- Operating system versions also change frequently as security vulnerabilities are patched, especially on Android where there are a plethora of manufacturers and phone networks which an end user might have. Understanding the upgrade patterns on other devices helps inform users more quickly about updates that they should install to keep their devices secure. Skycure has an OS Upgradability feature that leverages crowd-sourced intelligence to match hardware, configuration, service provider and other variables to alert administrators and end users that an update is available for their device, usually before the operating system vendor does. This means your end users can be safe from exploits days (or weeks) before other users. Administrators have full control over these alerts including customized messaging to ensure OS upgrades do not break any of their existing processes or enterprise apps.
These are just a few data sources that a strong crowd-sourced threat intelligence solution should collect. All of this data (and more) gets passed along to cloud servers to catalog and analyze, and when new threats are detected, end users are alerted and automated mobile threat prevention measures are activated when needed.
For all of these reasons, the combination of quantity (how many sensors) and quality (how extensive is the data being collected) are the keys to a successful solution. Having only one of these two factors yields an incomplete solution that leaves your end users (and your data) unsafe and insecure. This is why Skycure leverages every app across the globe, each collecting detailed, relevant information about that user’s mobile environment so that all Skycure users benefit from reliable, real-time, actionable mobile threat defense.
Watch this quick video to see an attacker steal a user’s data off a malicious network, and then read about Aetna’s CSO, Jim Routh, uses Skycure to protect sensitive information in his large healthcare organization.