Digital Shadows expands visibility into mobile app risks
New capability will protect businesses from the threat posed by mobile apps
Digital Shadows has announced new enhancements to its SearchLight digital risk management service.
The new improvements will help organisations better detect and respond to mobile application threats against their employees and consumers, says the cybersecurity firm.
SearchLight now offers identification of malicious and unsanctioned applications in official and third-party application stores. This new capability also identifies impersonated or spoofed mobile applications that could damage an organizations’ brands or compromise sensitive information. The new capability around mobile application protection extends the capabilities of Digital Shadows’ flagship service which monitors the Internet to identify digital risks to organizations, including cyber threats, data leakage, and reputational risks.
“Mobile is no longer a niche or isolated part of an organisations’ digital footprint. New devices and applications are the status quo and organizations must be able to identify the digital risks associated with them,” said Alastair Paterson, CEO and co-founder of Digital Shadows. “But we know that a large percentage of mobile applications will fail basic security tests and this digital risk presents enterprises everywhere with brand protection and data risk threats. In an increasingly mobile-first world, our customers now have the ability to precisely account for evolving threats jeopardizing irreplaceable reputations and information. “
Digital Shadows says has been trialling the new service with some key clients and within one week, identified 39 incidents of mobile applications posing a risk to just one financial services client. This included mobile apps with malicious code, impersonation and unauthorized use of the company brand. While many of these came from third party application stores, some were from official stores.
With Digital Shadows’ mobile application monitoring, customers can detect a wide range of threats including: Suspect application behaviour and code, such as self-signed certificates or the presence of malware; versions of application that have been modified by a third party; copies of application on stores that are not actively managed; impersonating or spoof application that mimic brands and affiliate links that mislead or confuse users. Monitoring even extends beyond customer mobile application, to internal company mobile apps.
Last year, the US Federal Trade Commission warned that ‘as more consumers are shopping with mobile apps, fraudsters are following the money. There are fake phone apps popping up that impersonate well-known retailers to steal your personal information. Their names were like well-known brands, and their descriptions promise enticing deals or features.
Updates to SearchLight and Digital Shadows’ capabilities include,
- Mobile app monitoring: Identifies malicious mobile apps and analyses the application’s code to classify the level and type of threat it poses – including intellectual property infringement, malware delivery and phishing
- New asset registration of mobile apps: Ensures an application is accounted for and actively managed, including company-specific recommendations.
- Improved dashboards for executives and security teams: Intuitive visualizations provide faster, actionable at-a-glance views of data exposures and other risks from Digital Shadows’ unique “attackers’-eye-view” perspective, ranked according to severity.