How often does the Skycure app communicates back to the cloud server?Based on a number of variables the app decides on the best times to perform these interactions to ensure maximum security, longest battery life, and low data plan consumption. Read more about our low footprint, and how we measure ourselves, in our blog.
Do you offer REST API for SIEM integrations? What kind of information can be exchanged?We currently have a REST API designed for partners and integrations. This API can be made available to customers upon request and adapted to specific requirements. The API can be used to push data into tools such as HP ArcSight, RSA enVision, IBM QRadar, Splunk, Storm and others. For example, you can receive updates about device and OS statuses, compliance level, incidents that happen to employees, etc.
Can you provide more details on the methods you use to identify threats?Skycure’s solution is built to address a variety of threats. We have found that different threats are best addressed in separate layers, so our solution is engineered with a multi-layered approach. Some issues, such as SSL communication manipulation, are identified through the Skycure app. Others, such as rogue networks or malicious apps, are addressed by combining client-side logic with our Crowd Wisdom Engine.
Can Skycure run indefinitely in the iOS background? Will it timeout at some point?Skycure runs in the background by utilizing approved Apple APIs. When the user changes environment (such as by connecting to a Wi-Fi or cellular network), Skycure seamlessly probes the network and identifies threats on the device by leveraging patent-pending, on-device logic along with the Skycure Crowd Wisdom Engine. The app does not timeout, and operates in the background with a tiny footprint regardless of whether the device is using another app or is idle.
What kind of permission did you need to get from Apple in order for Skycure to be in their store? Do you use a standard API or something more than that?Our app uses standard APIs. Combining this with our patented technology helped us get approval by Apple and Google to be included in their app stores. In fact, Skycure is the ONLY advanced mobile security app that is listed and is distributed via the Apple app store.
There are known attacks that allow access to inbound text messages on iOS. Do you offer protection for these kinds of attacks?Like most apps in AppStore, there are some text-messaging services that are susceptible to interception by attackers through Malicious Profiles attacks. This is something Skycure handles for the organization. Read more about Malicious Profiles in our blog.
Can you share more information on the integration with Exchange from a deployment and protection perspective?Skycure’s Exchange integration fulfills two different purposes. The first is ease of deployment. By integrating with Exchange, Skycure can be automatically deployed in the organization without the need to define users in the Skycure system. Email account details are imported directly from Exchange, and users are created, triggering the deployment process.
The second is policy enforcement. Information about the security state of a device can be leveraged in order to enforce a policy across the organization, such as “Devices that connect to forbidden networks lose email access”. This acts as a mobile Data Leak Prevention solution and automatically protects sensitive information from leaking.
Can you share more about the methods you use to detect threats without infringing on privacy?We’ve engineered Skycure to use a multi-layered approach. Some issues are identified through the Skycure app., others are addressed by combining client-side logic with data from our server. In all cases private information is never sent from the device to our servers. We do not intercept, decrypt or analyse the content of the device’s communications.
I’ve seen an alert related to a known public WiFi network vendor (e.g., Boingo). Is this a real incident?Though surprising, it is true. If you received an alert then the network in question tried to decrypt the encrypted traffic coming from your device. As a result, sessions and passwords could be seen in clear text.
There are two types of threats here, and both can lead to email theft, access to other corporate resources, device lock down, user impersonation, and in some cases even phone tapping.
- Sensitive organizational data including passwords is sent to an external service provider in clear text. If their public routers are compromised (a very easy task), your data is at risk.
- We have seen many cases where malicious groups created networks that were named Boingo, AttWiFi, etc. The attackers leverage the fact that users will auto connect, and hence will be vulnerable to attacks.
We take such threats seriously, and will continue to address them on a regular basis. One other unique advantage of Skycure is to secure this communication without compromising connectivity.
I’m using a corporate MDM that is deployed on my mobile device. Isn’t that a sufficient security solution?MDM, i.e. Mobile Device Management, is a great tool for IT to manage mobile devices (configuration, deployments, etc.), while Skycure is designed for security purposes (Network Security, Malicious profiles and apps, Application Security & Privacy, etc.). Security is our core DNA, and this is where we concentrate all our efforts.
Skycure management console provides visibility to all security threats, together with “general” information provided by MDM solutions, such as device and user lists, their status, compliance, performing remediation actions (such as remote wipe), installation of specific configuration profiles, and more. There is some overlap between the basic management capabilities of MDM & Skycure. However, Skycure is firmly focused on features that bring security value to our customers. This is not a focus for MDM solutions. Skycure also integrates with many leading MDM solutions such as AirWatch.
My organization uses containers for its corporate resources. Isn’t that a sufficient security solution?We believe containers can bring some IT value, but they do not offer comprehensive security. They also struggle with user experience.
Containers (like dual-persona) solutions, rely on separation, not protection. If the device is compromised the entire model breaks. Hence, the need for a holistic offering, including detection and protection against mobile threats.
In addition to the inherited security gap, there’s an even bigger gap. Business cannot really be contained today: WhatsApp, Linkedin, and many other tools that we use daily for private activities are also great tools for business. Some solutions try to address user experience challenges by creating a bridge between the personal and business personas which opens doors to additional security vulnerabilities and threats.
What management capabilities exist in the product?Skycure offers multiple management capabilities as listed below:
- Flexible deployment with cloud, on premises and hybrid models
- Integration with Microsoft Exchange for deployment and policy enforcement
- Integration with corporate MDM for automated deployment
- Automated enrollment
- Visibility into installation status at the device and organizational levels
- Remote wipe
- Passcode lock
- Automated upgrades/updates to the Skycure app and iOS profiles
- Comprehensive reporting on devices, users and groups
- Complete visibility across:
- Affected devices
- Affected users
- Compliance policy and violations
- Security threats, attacks and incidents
- Suspicious networks
- Incidents based on geographical locations
- OS versions and vulnerabilities
- Security dashboards and reports
- Organizational policy creation and enforcement
- Integration with other corporate solutions for added security and enforcement:
- Virtual Private Network (VPN) solutions (such as Check Point)
- Microsoft Exchange
- Mobile Device Management (MDM) solutions (such as AirWatch)
- Comprehensive activity logs for integration with any SIEM solutions
Does Skycure protect against the latest discovered threats like WireLurker, Masque Attack, SwiftKey and Stagefright?Skycure’s unique approach to mobile security protects not just against these attacks but also against the other known and unknown threats and zero day attacks. As soon as a new attack or a malicious network is detected, it is automatically shared using Skycure Crowd Wisdom engine to offer real-time protection against newly discovered vulnerabilities and threats.
Is the malware problem real? There are many research reports including the Verizon data breach report which says advanced malware rate is less than 0.03%?
These reports seem to imply that advanced mobile security should not be a high priority but they fail to differentiate between malicious code infecting consumer mobile devices versus enterprise devices, attacks other than malware or BYOD devices used for work purposes.
Even with the 0.03% value, a hypothetical enterprise, Acme Corporation, with 10,000 users would see about three employees on average (per week) with advanced malicious code on their smartphones (10,000 x 0.03%).The problem becomes even bigger when factored into the average number of attacks on enterprise mobility beyond advanced malware. At Skycure, for instance, we have consistently seen at least 23% of employees at enterprises being exposed to network-based threats during their first month of deploying Skycure. After three months, the average rises to 40%. At Acme Corporation, 2,300 of their employees on average would face network-based threats in addition to the advanced attacks addressed in the Verizon study.
Do you have examples of where Skycure has been at the forefront of malware threats to the mobile environment?We have identified numerous known and unknown malware in our customer base. So far, we have analyzed more than a million apps and networks. There have been many instances when Skycure was the only solution to identify an app as malware when every other publicly available anti-malware solution identified it as “safe”. We can also demonstrate this using our Android Repackaged App demo which uses our patented technology to identify ZERO-day malware.
- Our malware engine consists of several technologies including client-side analysis, server-side analysis, mobile threat intelligence via crowd-wisdom and many other popular approaches including reputation, static, and dynamic analysis.
- In addition to this, we scan downloaded apps using more than 50 different commercial anti-viruses engines to calculate the appropriate risk score.
- Many issues such as XcodeGhost and other popular vulnerabilities such as Swiftkey were easily identified in real-time at many Skycure customers.
- Many customers have also chosen Skycure for the bare-bone speed of malware detection. In many customer scenarios our detection was not just the most accurate but was also the fastest.
- Skycure goes above and beyond the traditional malware engines and proactively protects customers even before an infection makes it to the device. This is very unique to Skycure and is one of the key reasons why New York Life insurance chose us as their preferred mobile security solution.
- Lastly, we have also successfully predicted attacks to stop threats before it is too late. Last quarter, Allen and Company, a large financial organization out of the US east coast, chose us as their preferred solution because we were able to predict an attack as soon as a mobile device connected to a malicious Pineapple WiFi router.