NowSecure® today announced NowSecure Intelligence™, a cloud SaaS solution that continuously monitors the security status of mobile apps published on the Apple® App Store® and the Google Play™ store. NowSecure Intelligence is part of the NowSecure mobile app security testing platform and provides deep security visibility into all mobile apps used within the enterprise and consumer apps on employee-owned devices that could threaten enterprise security. Interested parties can request a demonstration of NowSecure Intelligence at Black Hat USA 2017 or apply for early access by visiting https://www.nowsecure.com/solutions/mobile-app-vetting/.
Keeping up with the rapidly expanding mobile app attack surface is a challenge for global 2000 enterprises and government agencies. In the Department of Homeland Security’s April 2017 “Study on Mobile Device Security,” the agency stated that organizations need visibility into mobile apps that gather privacy-sensitive information, exploit vulnerabilities, or access enterprise networks and data. NowSecure Intelligence addresses that challenge by automatically and continuously performing security assessments of published iOS and Android™ apps so that security teams can make informed decisions about approving those apps, and subsequent updates, for corporate use.
“Our automated app testing framework and unmatched dynamic analysis capabilities for iOS and Android apps set NowSecure Intelligence apart from first-generation mobile app vetting products currently in the marketplace,” said NowSecure CTO David Weinstein. “NowSecure Intelligence uniquely combines static and dynamic analysis to identify critical risks such as sensitive data in transit, network traffic destinations, code flaws, forensic data, and third-party components. The data feed also becomes a reference point to track app and developer changes over time.”
Security and mobility teams looking to plug the NowSecure Intelligence data feed into existing systems—such as risk monitoring dashboards, enterprise mobility management (EMM) software, and other tools—can leverage open APIs.
“This critical addition of NowSecure Intelligence enables NowSecure to provide continuous, automated app analysis for every single mobile app that touches a client’s infrastructure,” said NowSecure CEO Alan Snyder. “NowSecure Lab Automated automates security analysis of custom-developed apps and NowSecure Lab Workstation enables security analysts to perform their own deep-dive analysis on any app whether it be commercial, internally developed, or outsourced. NowSecure is the only solution that delivers complete testing coverage for all mobile apps.”
NowSecure Intelligence continuously downloads and performs static and dynamic analysis of new apps and updates published to the official app stores. NowSecure takes a unique approach to dynamic analysis by installing a target app on a physical Android or iOS device, as opposed to an emulator. The method includes logging into the app and exercising it as a user would, which results in deeper analysis, more accurate results, and more thorough inspection of third-party libraries, app components, and server connections.
NowSecure Intelligence makes it easy to diagnose and prioritize mobile app security risks based on a risk score developed by the renowned NowSecure research team. Risk findings also map to trusted industry standards such as: Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE™), National Information Assurance Partnership (NIAP) mobile app vetting requirements, and Open Web Application Security Project (OWASP) Top 10 mobile risks.
To learn more about how NowSecure Intelligence can help your organization reduce mobile app risk and ensure compliance with regulations and corporate policy, visit booth #1759 at Black Hat USA 2017 on July 26 and 27 in Las Vegas or visit https://www.nowsecure.com/solutions/mobile-app-vetting/.
As recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS), and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, and NIAP, and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.