By Roy Urrico
Redwood City, Calif.-based Appdome, which provides a mobile-centric cyber-defense automation platform, released what it calls “its next generation ThreatScope product,” delivering extended detection and response (XDR) in native mobile channels such as mobile banking apps.
"The time had come for XDR in the native mobile app experience,” said Chris Roeckl, chief product officer at Appdome. “Before ThreatScope Mobile XDR, the mobile app channel was a blank screen, with no picture and no sound. Threat-Scope solves that and leapfrogs all the early problems faced with SIEM (security information and event management) and other solutions for web, delivering best-in-class XDR for mobile applications for the first time, today.”
ThreatScope Mobile XDR is pre-integrated with Appdome’s Cyber Defense Automation platform for Android and iOS apps. According to Appdome, it gathers thousands of threat signals from mobile app security, hacking, fraud, malware, cheat, and bot attacks from inside deployed mobile apps, and translates that data into brand-relevant views that cyber, fraud and business teams can use to evaluate and respond to mobile threats and attacks in real time. There is no need for an additional app, coding, or a software development kit (SDK).
“We’re a platform, a tool that sits inside the CI/CD (continuous integration and continuous deployment) pipeline and allows organizations to deliver security, anti-fraud, anti-malware, anti bot type protections into mobile apps,” Tom Tovar, co-creator and CEO of Appdome, told Finopotamus.
Tovar also provided additional insights into the Appdome XDR product and the challenges mobile-based fraud presents to credit unions and other organizations.
Fixing a Mobile Blindspot
Tovar suggested most native mobile channel fraud and threat detection solutions contain a blind or empty spot. "The XDR light has been turned on in the mobile app channel,” said Tovar. “ThreatScope Mobile XDR offers brands the first out-of-the-box power to see, organize, investigate and respond to the entire range of cyber and fraud attacks impacting the mobile brand, apps and users, instantly.”
Prior to ThreatScope Mobile XDR, he noted that cyber, fraud, and development teams had no practical means to gather, share or use data from siloed and fragmented cyber and fraud systems. “With ThreatScope Mobile XDR, brands finally have a way to see and defend against threats from in the native mobile channel.”
Tovar maintained, “Our new mobile XDR capability allows brands and credit unions to gain visibility and insight into the attacks and threats impacting their mobile apps, their mobile users.” He added this visibility and telemetry offers awareness on what the bad guys are doing, where and how they are attacking, and allows for rapid response to attacks and threats in real time.
“The exploit economy is in full swing and it is targeting members of credit unions (or mobile consumers),” Tovar told Finopotamus. He warned most of the time these threats result from an application that does not have enough protection. “You're leaving the keys to the kingdom in the clear so that the attacker can grab an API (application programming interface) endpoint, tokens and cookies, et cetera, and then just piggyback on whatever session is there, to leverage credential stuffing or ATO (account takeover) attacks.”
Tovar indicated there are many new classes of malware and exploits that hackers and fraudsters either deliver in a standalone method onto a mobile application, or hidden inside of seemingly legitimate mobile apps. “(Hackers) do things like present overlays on top of financial services applications or do keylogging, or keystroke injection, auto injection, auto clicks and things like that. We have seen the state-of-the-art shift from your brute force credential stuffing class, to much more sophisticated, automated distributed (fraud attacks).”
What Makes ThreatScope Mobile XDR Different?
Tovar pointed out:
· There is no agent. “With other XDR offerings, you either have to have another application on the device, or you have to install an agent on the device. That's just not appropriate for a consumer, facing implementation.”
· The threat response is automated. “Appdome contains all the logic and enforcement in the application itself. So, the application is autonomous, it operates independently and responds to whatever threat or attack is being carried out against the mobile application.”
· It is not a device level attestation. “It is really looking at the attacks and threats that are impacting the mobile app and impacting the mobile app user or mobile member. The XDR capability is much more granular and closer to the user experience and it also offers a lot of different enforcement options.”
· Coverage. “We simply just cover a lot more than your classic XDR.” Tovar explained basic protection guards against basic exploits like Jailbreak in iOS and Root in Android, which unlock operating systems and disable security functions to attack mobile apps. ThreatScope Mobile XDR, he said, protects against, “Thousands of attack vectors for any particular application, We just simply cover a broader range.”
“These things really make it a groundbreaking evolution in the XDR landscape,” said Tovar.
Fraud Data from the Source
Tovar explained “Most credit unions, or financial services organizations, today have some kind of SIEM but that platform doesn't have any source data from the mobile channel.” The monitoring platform usually is fed from the web or the cloud environment. What Appdome customers would do, he explained, is add XDR to the mobile application, and then deploy as they would normally install it via the Apple App Store or Google Play.
The end result is the credit union gets a live data feed from their own production environment for mobile apps and can use that data to adjust their protection models, collaborate internally, and prioritize protections in each release, according to Tovar. “So, the normal use case would really be to add agility and responsiveness to defend credit unions, members and your business. All without an agent, all without additional servers or backend. But leveraging advanced telemetry from within the application itself.”
In addition, Appdome offers a standalone analytics platform that allows organizations to view data in real time, even before they integrate with the SIEM, allowing them to “drill down” and create views. “To really eliminate noise and zero in on the attacks and threats that matter most to the business,” said Tovar.