New Readers

 
NETWORK PRODUCTS GUIDE IS PUBLISHED FROM SILICON VALLEY IN THE UNITED STATES OF AMERICA
Home Executive Briefings Industry Updates IT Directory IT World Awards Volunteer as Expert Register Awards About NPG
PAST SVUS AWARDS® WINNERS INCLUDE
Why there is a rapid increase in mobile fraud
Metaforic is a leader in software security protection. Metaforic software immunization technology protects virtually any software from subversion, theft, piracy, tampering or other corruption. It is proven in millions of deployed instances, from consumer software to business devices. Only software protected by Metaforic earns the Mark of Security distinction. Offices are located in the United States, Europe and Japan. Further information is available at www.metaforic.com.

Rake Narang: Why is there a rapid increase in mobile fraud? How prevalent is malware threat in the mobile security landscape?

Dan Stickel:
There are three main reasons for the rapid increase in mobile fraud: 1) smartphone adoption has reached levels where it makes an attractive volume target for criminals, 2) consumers are still relatively unsophisticated about protecting themselves on mobile platforms, and 3) mobile devices are more vulnerable than stationary PCs simply because of the varied environments to which they’re exposed. To expound on point #3, mobile devices end up connecting to insecure hotspots, have Bluetooth connectivity vulnerabilities, get lost, and so forth.

Some people like to blame the mobile devices and operating systems themselves, but in truth there’s much more security built into these devices than a standard desktop PC. For example, you cannot run unsigned apps on most smartphones … by default. Of course, once a phone has been “jailbroken”, either by the owner on purpose, or via some drive-by web site visit, or rogue app download, then all bets are off. But manufacturers have been putting a lot of attention into security: it’s just hard, and no one has ever been able to invent the perfectly secure system.

Something like EuroGrabber can be classified as a mobile attack, and it successfully stole more than $47M from bank accounts in Europe, but in truth this was a hybrid attack that penetrated both the user’s PC and his or her smartphone. Some organizations have started to use the smartphone as a security device, and so naturally the hackers went after it.

In fact, criminals usually do follow the money. According to statistics from Juniper Research, the value of mobile payment transactions is projected to reach almost $630B by 2014. This is great for the mobile device industry and also a huge potential for cyber criminals. Security researchers have reported a 155 percent increase in mobile malware in the last 12 months, with a 3325% increase in Android-specific malware.

Rake Narang: What are Advanced Volatile Threats (AVTs)?

Dan Stickel:
Advanced Volatile Threats (AVTs) are software attacks that do not reside on disk or persist for long periods of time, but instead act quickly and dynamically and erase all traces of themselves so that they can be very difficult to detect or defend against.

Some argue that AVTs are nothing new, but what’s happening is that people are getting better and defending against “dumb” attacks, so the hackers are pursuing smarter, more sophisticated approaches. If all you do is scan programs on disk, you’ll never find an AVT. If all you do is periodically scan what’s running in memory, you’ll also likely never find an AVT: either because you happened to miss the window of time during which it was active, or because it has disabled your scanner or hidden itself from the OS.

Moreover, if all your computer were doing was scanning memory, it wouldn’t have time to do any real work. One could imagine a parallel architecture where you had double the CPU power for whatever you needed, but it’s not clear that such an approach is practical or would even work. Some organizations try to protect their critical processes and applications against all attacks, including AVTs, by hardening those processes and applications so that they can defend themselves in real-time, without waiting for external scanners to happen to notice something awry. This can be a tricky tradeoff of security versus performance, but there are several leading-edge companies that are pulling this off. This kind of protection can be used for everything from operating a nuclear power plant to defending a mobile banking application on a consumer’s phone, where the bank can’t run a scanner in any case.

Rake Narang: What anti-tamper solutions are available from Metaforic?

Dan Stickel:
Metaforic technology enables software developers to automatically infuse an immune system into their programs so the programs can defend themselves from hackers, pirates, targeted malware, insider betrayal and even hardware errors. This provides end users with better security and ensures the software operates as the creator intended. Metaforic technology is designed to resist persistent hacking attempts over long periods of time, even when the device on which the software runs has fallen completely under control of outside forces.

Metaforic-protected software constantly checks itself for health as it runs, identifying even a single bit or byte that is out of place. Depending on the users need, the software immune system can attempt to repair any problems, report problems, or terminate the execution of the program.

Unlike conventional security products, Metaforic enables apps and programs to defend themselves, rather than relying in vain on system administrators or consumers to ensure that the deployed environment is completely free from threats.   Due to its nature, Metaforic protects against the latest threats, zero-day exploits and hacker intrusions without requiring frequent updates or maintenance.
Metaforic technology includes:

  • Metaforic Core™- The core software immune system; required for the other offerings.
  • Metaforic Authenticator™– Ensures an application is in constant communication with an authentication device or cloud service.
  • Metaforic Concealer™– Hides sensitive data (e.g., encryption keys) and obfuscates sensitive code.
Rake Narang: How does your company team up with software developers and enterprises to mitigate corruption and newer threats?

Dan Stickel:
Metaforic enables organizations creating software (whether for internal or external use) to automatically infuse a software immune systems into their programs so that those programs can defend themselves from real-time (AVT-like) attacks or even offline attacks where a hacker uses a binary editor to try to change the program. In such offline cases, once the program starts up, it will detect that it has been modified and react accordingly (either to try to self-repair, send a message, shut down, or perform some other custom action). Since Metaforic is primarily just ensuring that the software remains unchanged, it doesn’t need to worry about the latest attack vectors or newer threats … however the change was initiated, Metaforic detects the fact (in real-time) that a change has occurred, and reacts accordingly. This makes Metaforic ideal for a variety of deployment scenarios, from back-office servers to embedded devices in the field that rarely get updated, if ever.

Organizations creating software or devices can apply Metaforic during the final stages of the build process. No security expertise is required, developers don’t need to get involved, and once integrated, the process is completely automatic.

Company: Metaforic
560 South Winchester Blvd., San Jose, CA 95128 U.S.A.

Founded in: 2006
CEO: Dan Stickel
Public or Private: Private
Head Office in Country: San Jose, California - United States
Products and Services: Software immune system
Company’s Goals: To enable software to operate reliably even under hostile or imperfectly protected environments … in other words, the real world.
Key Words: Software Security, Cyber-Security, Network Device Security, Mobile App Security, Software Immune System, Self-Defending Software, Software Application Integrity

ADVERTISEMENT
 
ADVERTISEMENT
 
 
 
Interested in an Executive Interview with Network Products Guide?
We are currently interviewing executives from all over the world in the Information Technology industry. If you are also interested in an executive interview with the editors of Network Products Guide, please read more here.
 
TRENDING NOW