TrustDefender Mobile Technical Brief

Similar documents
WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

ThreatMetrix Persona DB Technical Brief

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

WHITEPAPER. OFAC Compliance. Best Practices in Knowing Where and With Whom You Are Conducting Business

Five Trends to Track in E-Commerce Fraud

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Combating Cybercrime A Collective Global Response

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

WHITE PAPER Moving Beyond the FFIEC Guidelines

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Protect Your Business and Customers from Online Fraud

WHITEPAPER. Real Time Trust Analytics Next Generation Cybercrime Protection

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Deploying Management and Security Agents to Mobile Devices. Deploying Mgmt and Security Agents

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Symantec Mobile Management 7.2

Symantec Mobile Security

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

10 Things Every Web Application Firewall Should Provide Share this ebook

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Adobe Experience Manager Apps

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Fraud Threat Intelligence

Introduction to the Mobile Access Gateway

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Beyond passwords: Protect the mobile enterprise with smarter security solutions

IBM Endpoint Manager for Mobile Devices

Selecting the right cybercrime-prevention solution

End-to-End Application Security from the Cloud

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Advanced Configuration Steps

Device Fingerprinting and Fraud Protection Whitepaper

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

CA Service Desk Manager - Mobile Enabler 2.0

Secure Your Mobile Workplace

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Symantec Mobile Management for Configuration Manager 7.2

ForeScout MDM Enterprise

End-user Security Analytics Strengthens Protection with ArcSight

SAS Mobile BI Security and the Mobile Device

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Mobile Security Solution BYOD

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Securing Office 365 with MobileIron

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Securing mobile devices in the business environment

Enterprise Apps: Bypassing the Gatekeeper

Junos Space for Android: Manage Your Network on the Go

The Cloud App Visibility Blindspot

Samsung SDS. Enterprise Mobility Management

Workday Mobile Security FAQ

Strengthen security with intelligent identity and access management

Improving Online Security with Strong, Personalized User Authentication

Administrator's Guide

Mobile Device Management Version 8. Last updated:

Symantec Mobile Management 7.1

Feature List for Kaspersky Security for Mobile

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

ThreatMetrix Cybercrime Report: Q1 2015

VasonaLink TM Product Introduction

Administering Adobe Creative Cloud for Enterprise with the Casper Suite v9.0 or Later. Technical Paper October 2013

Entrust IdentityGuard

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Copyright 2013, 3CX Ltd.

... Mobile App Reputation Services THE RADICATI GROUP, INC.

Getting Started - MDM Setup

Enterprise Mobile Security. Managing App Sideloading Threats on ios

How To Use A Microsoft Mobile Security Software For A Corporate Account On A Mobile Device

Mobile Ad Tracking Impacts. App Marketing Results. How. Comparisons, advantages and limitations of today s ad tracking technologies

Rashmi Knowles Chief Security Architect EMEA

How To Protect Your Mobile Device From Attack

Security strategies to stay off the Børsen front page

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Powering Security and Easy Authentication in a Multi-Channel World

Securing Corporate on Personal Mobile Devices

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Making Your Mobile Workforce More Efficient

DUBEX CUSTOMER MEETING

Google Identity Services for work

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

An Overview of Samsung KNOX Active Directory and Group Policy Features

RFI Template for Enterprise MDM Solutions

How To Support Bring Your Own Device (Byod)

BYPASSING THE ios GATEKEEPER

Transcription:

TrustDefender Mobile Technical Brief Fraud Protection for Native Mobile Applications

TrustDefender Mobile from ThreatMetrix is a lightweight SDK library for Google Android and Apple ios mobile devices. The library can be integrated within mobile applications, enabling legitimate mobile users to connect easily and securely to web applications protected by the ThreatMetrix TrustDefender Cybercrime Protection Platform. In addition to improving the user experience, TrustDefender Mobile protects businesses from fraud committed via mobile devices. TrustDefender Mobile works in conjunction with, and is 100% integrated with, the ThreatMetrix TrustDefender Cybercrime Protection Platform, which was designed specifically to protect web applications. When users connect to a protected web application via a native mobile application, TrustDefender Mobile profiles the mobile device and provides a comprehensive security and fraud assessment to the TrustDefender Cybercrime Protection Platform. Using that assessment data, along with the business s specific policies and information from the shared Global Trust Intelligence Network, the TrustDefender Cybercrime Protection Platform generates a risk score. Good scores result in positive context-based authentication, triggering instant access or transaction approval, which provides legitimate users with a frictionless and positive experience. Questionable scores may result in additional review or step-up authentication. Bad scores, depending on the organization s policies, will generally cause the session or transaction to be terminated. How TrustDefender Mobile Works Organizations use ThreatMetrix to detect and prevent fraud by invoking TrustDefender Mobile to protect key interactions typically during login, payment, and account registrations. When users perform these actions, the TrustDefender Mobile code embedded within the app provides an advanced and detailed threat and risk assessment of the mobile device. The device is uniquely identified and analyzed for the presence of malware. Additionally, numerous attributes are gathered to indicate whether the device is configured normally, or has suspicious settings or other anomalies indicating risk. When executing on Android-based systems, TrustDefender Mobile also verifies the integrity of the application in which it is embedded to ensure it has not been modified or infected. What s more, the system analyzes every installed application to determine its reputation and detect the presence of malware. Mobile device profiling provides information and services such as: Persistent Device Identification: Identifies individual mobile devices on both ios and Android platforms, even if they have been reset or the application has been reinstalled. 2

Host Application Integrity Check: For Android-based systems, TrustDefender Mobile performs an integrity check of the application in which it is embedded, verifying that it is a genuine and unmodified version. For example, if a bank uses TrustDefender Mobile to protect its online banking application, any infection or unauthorized change would be detected. Malware Detection: For Android-based systems, TrustDefender Mobile analyzes and verifies the integrity of all apps installed on the device. At configurable, strategic points in the mobile application s workflow, signatures of all apps on the device are passed to the ThreatMetrix server. Through a partnership with Webroot s BrightCloud Mobile App Reputation Service, all apps present on the connecting device are analyzed by the ThreatMetrix server and their reputation is reported. Safe and reliable apps are identified as such. Any app that has been tampered with, contains malware, or has a poor reputation is also detected and reported in real-time. ThreatMetrix employs a number of methods to ensure that the malware detection features of TrustDefender Mobile don t degrade mobile device performance. For example, signatures of each app are stored locally on the device itself. This makes the data instantly available averting the need to re-scan each time the user connects. Similarly, all mobile app reputation and other relevant data from Webroot is stored on the ThreatMetrix server. Calls to Webroot are made by the server and only occur when a new mobile app is discovered and its data does not yet exist in the ThreatMetrix server. These technologies make TrustDefender Mobile s malware detection capabilities extremely efficient and effective. Location Services: Gather latitude and longitude information from the GPS hardware, and compare IP address with physical location to detect the use of proxies and VPNs. Rated to be accurate within meters, and can be configured to prolong battery life. Detects Jailbreak (ios) and Rooted (Android) Devices: Dynamic jailbreak and root detection technologies determine when device security controls have been thwarted. New jailbreak and root methods are pulled from the TrustDefender server during each device profile to keep the system up-to-date without requiring new application releases. This feature can report the actual number and method names of the jailbreak and root technologies being used. Anomaly Detection: This feature detects device tampering, attempts to masquerade as a different device, and a number of other anomalies that may indicate fraud. Packet Fingerprinting: Automatically detects device and data spoofing via analysis of the network traffic packet signatures originating from the device. Custom Attributes: TrustDefender Mobile includes five custom-defined local attributes, allowing application designers to pass their own parameters and have them evaluated by the policy engine. 3

TrustDefender Mobile includes powerful dynamic configuration features, which can be adjusted on-the-fly by the TrustDefender server. These features allow organizations to update the intelligence or change the behavior of the system without deploying new versions of the application. Since TrustDefender Mobile is not an MDM (mobile device management) system, elevated permissions and other concerns associated with MDM solutions do not apply. Full integration with TrustDefender Cybercrime Protection Platform TrustDefender Mobile is a fully integrated component within the TrustDefender Cybercrime Protection Platform. TrustDefender Mobile is one of three information gathering solutions that deliver data to the platform for context-based authentication and fraud-prevention analysis. The first is TrustDefender Cloud, which provides these services via a web browser, requiring no client-side application. Second, TrustDefender Client provides secure browsing for all Windows and OS-X based browsers via a small, downloadable application. Third, TrustDefender Mobile provides these same services for native mobile applications. All three mechanisms utilize the same infrastructure within the TrustDefender Cybercrime Protection Platform. An organization that adds TrustDefender Mobile to an existing ThreatMetrix solution will be able to leverage its present TrustDefender Cybercrime Protection API, policies, and policy engine. It is not necessary to alter or add additional policies. Customers may, however, add additional policies or rules specific to their mobile user base, if desired. All reports, alerts, and administration for TrustDefender Mobile are fully-integrated and present within the TrustDefender Cybercrime Protection Platform. Implementation and Integration Overview Implementing TrustDefender Mobile is a relatively simple procedure, and can be invoked via a single function call. If your existing web applications are already protected by ThreatMetrix, deployment can generally be accomplished within a few days. The following diagram demonstrates how TrustDefender Mobile integrates and interfaces with the native mobile application, the protected web application to which the user is connecting, and the TrustDefender Cybercrime Protection Platform. 4

TrustDefender Mobile Integration 1. Customer embeds TrustDefender Mobile SDK library into a native mobile application. 2. When an end user connects to a protected web application, the mobile application calls the SDK library, provides the Org and Session IDs, and initiates a device profile request. 3. After completing the device profile, the SDK library transmits the Session ID, Org ID, any custom attributes, and all device profile results data to the TrustDefender platform. 4. The mobile application transmits the Session ID to the protected web application with which the user is interacting. 5. Using the provided Session ID, the protected web application performs an API call to the TrustDefender Policy Engine to evaluate the session based on the company s policies and rules for the specific application. The TrustDefender API responds with a risk score and detailed information about the device, user, session, and other data from the shared Global Trust Intelligence Network, including Trust Tags and black-and-white lists. Using the risk score and data provided by the API, the protected web application can choose to approve, deny, or initiate further review of the transaction. 5

Compatibility Android Compatible with Android versions 2.3 (Gingerbread) and later. No known hardware incompatibilities with any Android devices. ios Compatible with ios versions 5.1 and later, running on armv7, armv7s, arm64, or i386 architectures. About ThreatMetrix ThreatMetrix builds trust on the Internet by offering market leading advanced fraud prevention and frictionless context based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world s largest trusted identity network. ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes billions of transactions and protects hundreds of millions of active user accounts across tens of thousands of websites and mobile applications. The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance. For More Information: For more information about the TrustDefender Cybercrime Protection Platform, including TrustDefender Mobile, visit our website at www.threatmetrix.com. ThreatMetrix Inc. 160 W Santa Clara St Suite 1400 San Jose, CA, 95113 Telephone: +1 408 200 5755 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Client, TrustDefender Cloud, TrustDefender Mobile, ThreatMetrix SmartID, ThreatMetrix ExactID, the ThreatMetrix Cybercrime Protection Platform, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners. V-6.15 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information