Table of Contents
We covered Zimperium in our December 2018 Landscape Report, and they continue to stand out in their approach and philosophy. Zimperium was early to realize that growth in mobile provided attackers opportunities to exploit it not only because of sheer numbers but because of complexity that arises out of mobile. In the majority of companies, BYOD is encouraged, and even where corporate devices are issued and MDM is deployed, users can conduct personal communications using mobile. These are not limited to email.
As is the case across the cybersecurity spectrum, attackers target the weakest link. With phishing, attackers target users, and with the explosion of mobile, attackers increasingly are turning to attacks that leverage mobile devices. They include messaging apps like Signal, WhatsApp, and SMS. Attackers understand this and, phishing has extended beyond protecting corporate email inboxes.
Mobile devices contain a tremendous wealth of information about their owners and how their owners interact with the connected world. As mobile devices became more pivotal for conducting business, their interactions with connected devices such as desktops and trusted access control mechanisms increases. A mobile device can be infected with malware designed to be delivered and exploited in trusted environments or other systems such as connected cars.
The approach that Zimperium undertook is designed to protect the mobile endpoint from being the point of entry, and their focus on that is what sets them apart. Zimperium deploys to mobile endpoints as an App in Google Play or App Store or with an MDM or their SDK.
Their product is designed to understand the behavior of three main components. The device, the apps installed, the networks it connects to, and the behavior they observe. These all culminate around the Zimperium phishing prevention app. They have a large install footprint of 70mm devices and, in some cases, can retrieve anonymized attack signature data. This information, in combination with their threat research team, trains their engine so it can detect unusual behavior indicative of a compromise.
The approach is driven by threat intelligence behavioral heuristic analysis. This approach is intended to ensure that users’ information is kept private. They do not analyze, nor are they able to view content included in web pages, emails, attachments, or secure messages. Instead, they can observe what resource is being requested and by what and analyze DNS requests and SSL certificates. All of the mobile devices’ network behavior is observed, and they can determine if the device is actually compromised.