HackGuard Features Overview
Provides critical technology that protects apps against hacking and malicious threats. In addition, AppVision also provides app publishers with unprecedented visibility into their worldwide installed base.
See at a glance all of the most important health parameters of your installed base. Conveniently arranged graphical widgets enable you to instantly get a handle on the current status, emerging trends and specific areas of concern. Just drag, drop, enlarge or rearrange the placement of the widgets to easily create your own favorite layout.
Standard widgets include:
- Incoming App Launch, Install and Alert Speed Charts
- Comparative Rates for Last 10 Minutes, 60 Minutes and 24 Hours
- Realtime Gauges display current App Launch, Install and Alert velocity
- Line graphs enable you to quickly see outliers and trends in the last 2 weeks
- Rolling report with details of the latest 25 App Launches, Installs and Alerts
Realtime Attack Monitoring and Alerts
Is your app under attack right now? Of course it is.
Because all important apps are CONSTANTLY under multiple forms of attack.
- How to Hack a Mobile App: It’s Easier than You Think!
- Mobile Apps – the New Favorite for Hack Attack
- Gartner Says More than 75 Percent of Mobile Apps will Fail Basic Security Tests
- iOS apps aren’t secure — what Apple needs to learn from hacking history
But here is the truly critical question — Are any of the attacks SUCCEEDING?
And if so:
- Is the attack ISOLATED to just one or a few targeted users?
- Does the attack appear to be GROWING wider, possibly even systemic?
- Could the attack possibly cause damage to your entire installed base, representing an EXISTENTIAL THREAT to your company?
Obviously, you need the answers to these questions as quickly as possible. It could be the key to starting corrective action in time, before an emerging issue mushrooms into an uncontrollable problem.
This is exactly the information that HackGuard Professional provides — instantly, in realtime, 24x7x365. Your entire worldwide installed base is constantly MONITORED and you can choose to be ALERTED instantly at the first sign of trouble.
HackGuard Professional can deliver Alerts in multiple ways:
- Graphically on its system Dashboard (viewable anywhere by secure Web)
- Via detailed Datagrids that are sortable, searchable and filterable
- By Email delivery and also by SMS (carrier dependent)
- Additionally, users can choose Triggers and Thresholds to intelligently manage the alert flow
Rapid Attack Vector Analysis
Bad news — you just learned that your app installed base is under serious attack.
- WHEN did it start?
- WHERE is it coming from?
- WHY is the attack working?
- HOW big might this attack grow?
- WHO in my installed base may be affected?
- WHAT can be done to mitigate damage?
Don’t panic — HackGuard Professional will provide you with quick, accurate answers to these critical questions.
Here is how HackGuard helps:
- Search, filter and sort your Alert Log Datagrid to quickly see exactly WHEN the attack started, and to see if it is still continuing.
- With a single click, see the initial attack’s source IP and pinpoint its geo-location on a map. Then view the Alerts by Country map to see WHERE a persistent attack is coming from.
- Use intelligent Datagrids to search, filter and sort your detailed installed base demographics. Typically, you will see that only targets with certain characteristics are under attack. This makes it much easier to determine WHY the attack is working.
- Use intelligent Datagrids again to quickly filter your installed base demographics for the key characteristics you found earlier. Now you know HOW big the attack may grow.
- If you are using HackGuard Enterprise, you can even determine exactly WHO within your installed base is at risk. Now you can efficiently focus your communication, mitigation and resolution efforts.
- Check your HackGuard Dashboard for any related System Messages and check the Community Forum to see if other apps are also under similar attack and WHAT can be done to mitigate damage and stop the attack.
While all of these tools may not instantly turn your challenging day into a cakewalk, you are certainly in a much better position than simply “flying blind”, waiting for more and more end users to call your support line, then slowly putting the pieces of the puzzle together over several days or weeks.
Application Code Resilience
Protecting your app’s executable code — there is nothing more important or
more fundamental to security.
- Gartner, Forrester, OWASP and other experts have identified the critical need for BINARY PROTECTION for all sensitive and high-value mobile applications.
Yet in the current app environment, mobile Anti-Virus cannot perform this vital task.
A compromise of an app’s executable code is the most dangerous type of hack, because the user is often unaware that their favorite, trusted app has now been weaponized against them. When the unsuspecting user launches the compromised app, vital personal information can easily be stolen. If the attack is malicious enough there are even worse scenarios, including the compromise of all other apps on the device, the loss of confidential data, and the use of rogue encryption to implement ransomware.
These common attacks targeting an app’s executable code are EXACTLY what HackGuard protects against. HackGuard serves as the last, final, and most important security layer. And here is better news — HackGuard is effective REGARDLESS of the specific attack vector used. Whether an attacker uses any of the literally thousands of hack techniques already in the wild, or even if they use a new, zero-day technique — HackGuard still protects the app’s executable code from compromise.
Proactive Zero Day Protection
Zero Day vulnerabilities are the most feared attack vector — for a very good reason.
- Definition – What does Zero-Day Threat mean?
- Check Point Research Reveals a Rise in Zero-Day Attacks on Mobile Devices
- Hackers Win Big With Zero-Day Attacks
Because a Zero Day vulnerability has never been seen before, standard Antivirus technology simply cannot recognize it. It is effectively invisible.
So any sort of REACTIVE response will never be triggered. This leaves the hackers free to take full, unimpeded advantage until their Zero Day is eventually discovered and a fix is developed, delivered and installed. A process that often takes several months.
How can you possibly protect against Zero Day vulnerabilities? The answer is to be PROACTIVE instead of REACTIVE.
And when is the critical time to be PROACTIVE? At app launch! Each and every launch. Every time, with no exceptions.
This is exactly what HackGuard does — proactively inspecting your app for any sign of tampering BEFORE it runs.
Using its patent pending technology, HackGuard performs a complete inspection of all of your app’s executable code in just a fraction of a second. It can then (optionally) also provide your end user with a POSITIVE ASSURANCE on-screen message at app launch.
Now end users can relax and use your app with confidence, knowing that their confidential info is no longer at risk. No Piggyback Trojans, no Malicious Wrappers, no Masque Attacks, not even one single line of malicious code lurking in a hidden Code Cave. Because HackGuard has checked every single byte of executable code to ensure that absolutely nothing has been compromised.
Deployed App Environment Discovery
Great news — another copy of your app was just deployed somewhere in the wild.
But what kind of environment did it land in?
A nice, safe spot — or mired in quicksand and surrounded by dangerous predators? (Perhaps on a rooted or jailbroken device running an outdated operating system with multiple open vulnerabilities.)
- Over 27.44% of Android Users Root Their Phones
- Nearly 1 Million People Jailbroke Their iPhone or iPad Over the Weekend
Now you will know, because HackGuard automatically provides app publishers with accurate information about each and every end user device and the specific operating environment within which their app is running.
Publishers can now enjoy detailed visibility of their app’s usage across:
- Device Brand
- Device Type (smartphone, tablet, etc.)
- Device Model
- Operating System Version
- Rooted or Jailbroken Status
- Memory Size
- Screen Resolution
- and more…
This information is valuable not only for understanding the installed base and development planning, it also enables publishers to pinpoint and resolve emerging threats to their installed base much more quickly.
By the way — a publisher with 1,000,000 installs would pay about $600,000 annually for a paid product to deliver this information. Or they can use HackGuard Professional to get the same (or even better) information for free.
Worldwide Installed App Base Visibility
Do not settle for seeing only HOW your app is running in WHAT technical environment.
It is also critical to know WHERE your app is running.
HackGuard Professional will show you the geographic distribution of all your app installations — enabling you to easily:
- Pinpoint the exact current location of any individual app install
- See aggregate information of total installations by country
But HackGuard Professional’s reporting is not limited to just app INSTALLATIONS — because we understand that app ENGAGEMENT is a key success factor that all savvy publishers must monitor closely.
- The One Thing That Will Make or Break Your Mobile App’s Success
- Measurement of mobile app engagement can give you a marketing advantage
- Next-Generation Mobile Apps – 7 Critical Success Factors
So HackGuard Professional will track, report and analyze app LAUNCHES too:
- Analyze how often users launch your app
- Learn how this behavior varies by geography
- Measure the ratio of app launches per app installations
- See how this vital ratio is trending over time
Via a wide range of Datagrids and Charts, HackGuard Professional provides you with the ultimate in Worldwide Installed App Base Visibility.
App Base Demographics
Understand your installed app base as never before, with both detailed and summary reporting from multiple perspectives.
- See all the Types and Brands of devices that are running your app.
- See all the OS Types and specific Versions used by your installed base.
- Take advantage of the Analysis Matrix to discover fine details, such as memory sizes, screen sizes, etc.
- See where your app has been installed, and where it is currently launching from.
- Use this detailed demographic knowledge to guide your development planning, and to minimize your regression testing expenditures.
|Detailed Datagrids||Summary Charts|
|Analysis Matrix||Installations by App|
|Installations by App||Installations by App-Version|
|Installations by App-Version||Installations by OS Base|
|Installations by OS Base||Installations by OS Base-Version|
|Installations by OS Base-Version||Installations by Brand-Type|
|Installations by Brand-Type||Installations by Country|
|Installations by Country||Launches by App|
|Launches by App||Launches by App-Version|
|Launches by App-Version||Launches by OS Base|
|Launches by OS Base||Launches by OS Base-Version|
|Launches by OS Base-Version||Launches by Brand-Type|
|Launches by Brand-Type||Launches by Country|
Monitor, measure and analyze app installation and launch frequency over an unlimited time, with daily, weekly, monthly resolution.
- Visually track trends in your installed base growth.
- Use intelligent datagrids to analyze changes in base demographics over time.
- Visually track trends in app usage by your installed base over time.
- Automatically track historical “usage intensity” — the ratio of launches per install.
|Detailed Datagrids||Summary Charts|
|Installations – Last 10 Minutes||Installations – Current Trend|
|Installations – Last 1 Hour||Installations Daily|
|Installations – Last 24 Hours||Installations Weekly|
|Installations Daily||Installations Monthly|
|Installations Weekly||Installations Annually|
|Installations Monthly||Launches – Current Trend|
|Installations Annually||Launches Daily|
|Launches – Last 10 Minutes||Launches Weekly|
|Launches – Last 1 Hour||Launches Monthly|
|Launches – Last 24 Hours||Launches Annually|
|Launches Daily||Launches per Installations Daily|
|Launches Weekly||Launches per Installations Weekly|
|Launches Monthly||Launches per Installations Monthly|
|Launches Annually||Launches per Installations Annually|
HackGuard Enterprise easily INTEGRATES with these popular Security Information and Event Management (SIEM) platforms:
If your SIEM platform is not on the list above, we can custom tailor it to provide the information flow you need via:
- Common Event Format (CEF)
Customized Functionality for Your App — Just tell us what you need!
We recognize that not all apps are alike. What special requirements do you have? Describe everything necessary to ensure that your app is properly deployed, running optimally, and that any problems are diagnosed quickly and easily. We transform this information into a detailed specification that you approve, and then we build it for you.
Rely on our proven core technology to deliver super strong executable code protection and secure Web access to your installed base monitoring and reporting from anywhere in the world.
Security and Scalability
The default platform for your customized system’s back end is Google’s Cloud Services. Every HackGuard Enterprise customer is provisioned with their own private, secured, encrypted database for the ultimate in data security and privacy. All application data is replicated, backed-up and ready to be instantly scaled to accommodate hundreds of millions of your installed app instances, while maintaining lightning-fast performance and 99.999% uptime.
QA & Testing
We work closely with your team during both Alpha and Beta Testing stages. AppVision can perform full regression testing to ensure that any new, customized functionality does not negatively impact your app’s functionality.
The entire process, from initial design specification, through coding, build-out, testing, documentation and finally full commercial release can be accomplished in as little as just a few weeks. The actual time required will depend on our project backlog and the amount of custom development required.
Individual Endpoint Risk Scoring
Endpoints are a critical part of an organization’s attack surface. Mobile endpoints, in particular, have proven to be especially vulnerable – easy prey for hackers and often the initial entry point for sophisticated attacks.
Just how vulnerable are these mobile devices? To answer this question, our security engineers recently tested the top 25 mobile apps in three important industry sectors, to determine their actual susceptibility to attack. You can view the full results of the testing here:
The bottom line – the vast majority of these industry-leading mobile apps were positively proven to be susceptible to attack. On average, 84% of the apps could be (and in our testing lab actually were) compromised after no more than 15 minutes of effort. Note: their susceptibility was not caused by flaws in the apps themselves – these apps were quite simply victims of the inescapable vulnerabilities that are deeply rooted in today’s mobile operating environment.
Experienced cybersecurity professionals know that mobile endpoints are often the first step in an Advanced Persistent Threat scenario, enabling attackers to establish a “beachhead”, then use dwell time to spread laterally, exfiltrate data and test system defenses in preparation for a much larger attack. That is why understanding the trustworthiness of the mobile endpoints connecting to your systems is so important.
Endpoint risk visibility is exactly what AppVision’s HackGuard provides. Every single device in your app’s installed base is individually analyzed and assigned its own individual risk score.
Here is how the process works:
- It begins with a deep inspection of each and every endpoint in your installed base, to create a unique security profile.
- Each device’s profile is then meticulously mapped against databases of the several thousand known, open vulnerabilities in the mobile operating environment.
- Enhanced analysis by our own proprietary sources and learned heuristics are applied to rooted and jailbroken devices, plus those exhibiting less obvious Indicators of Compromise.
- Risk scoring is further enhanced by our proprietary machine learning system. It is a form of Artificial Intelligence that works constantly to find new security insights – for example, discovering previously unknown relationships between multiple vulnerabilities.
- On an ongoing basis, any changes to an individual endpoint are automatically detected and initiate an immediate reevaluation of its risk score.
- New, emerging threats in the mobile operating environment are constantly monitored and automatically starts a reevaluation of the risk score of all affected devices in the full installed base.
- Finally, to provide the ultimate in visibility, the basis for the risk score of any individual endpoint can be reported. This detailed information is vital, because it is required to enable effective remediation of the endpoint.
Note: because 99.99% of the risk scoring work is performed by our Cloud servers, the performance impact on your app is completely imperceptible.
Installed Base Risk Scoring
Gain visibility of the actual risk inherent in your app’s installed base as never before, with summary reporting from multiple perspectives. Not just your entire app installed base overall, but also segmented by:
- Device Brand
- Operating System Level
- Individual App
This is especially valuable for organizations that have consumer or “public-facing” mobile apps, because your “Attack Surface” becomes vastly greater. In fact, a good rule of thumb for Financial and Healthcare organizations is that the external, uncontrollable endpoints will outnumber the internal, controllable devices by a ratio of 200X. Note: in the Retail sector, the ratio is even higher.
This diagram is scaled correctly. The little green dot is all that you can see, manage, control and secure. The other 99.5% of your Attack Surface is not under your control and even worse, it’s effectively invisible.
So an organization with 1,000 employees will likely have around 200,000 external users of their public-facing app. That’s a huge security concern, because these apps are installed on the mobile devices in the hands of your external users – and these endpoints are invariably among the most vulnerable, unpatched, dangerous platforms on the planet.
That’s hundreds of thousands, and sometimes millions, of smartphones, tablets, and notebooks over which you have no control. Until you have detailed information about the health of the environments your app is operating in, your attack surface is expansive and your security team is blind.
Risk Profile Analysis
Would you like to better understand the risk lurking in your app’s installed base?
Thanks to HackGuard Endpoint Risk Management, now you can:
- See your overall installed base endpoint risk at a glance.
- Monitor this metric as it is updated continuously, providing you with the most current and accurate picture.
- Compare your metric to industry benchmarks. Determine if there is a realistic opportunity for improvement.
- Use automatic base decile analysis to quickly rank and identify the most vulnerable, risky endpoints in your installed base.
- Leverage this relative risk information to enable proactive mitigation and more focused, efficient and effective remediation.
- Gauge the results of your team’s efforts – watch as your metric improves over time.
Realtime Transaction Risk API
By tapping into HackGuard Endpoint Risk Management’s Realtime Transaction Risk API (RTR-API), organizations can effectively gauge the trustworthiness of every mobile app transaction – while the transaction is in-process.
The RTR-API is simple to call, fully secured, and delivers an accurate response in mere milliseconds – even when servicing installed bases numbering over 100M endpoints and with transaction volumes in excess of 10,000 TPS.
With the RTR-API, you have the power to:
Positively detect any compromise to the app itself.
- When compromise is detected, stop the transaction process to proactively eliminate loss from fraud or leak of confidential information.
Recognize if the transaction is originating from a relatively high-risk endpoint with a risk score above a set threshold.
- Significantly reduce losses by invoking additional authentication steps, dynamically lowering transaction limits, increasing transaction scrutiny and invoking other effective security practices.