Digital Shadows expands visibility into evolving mobile driven risks
Digital Shadows has announced new enhancements to its SearchLight digital risk management service helping organisations detect and respond to mobile application threats against their employees and consumers. SearchLight now offers identification of malicious and unsanctioned applications in official and third-party application stores. This new capability also identifies impersonated or spoofed mobile applications that could damage an organisation’s brands or compromise sensitive information. The new capability around mobile application protection extends the capabilities of Digital Shadows’ flagship service, which monitors the Internet to identify digital risks to organisations, including cyber threats, data leakage and reputational risks.
“Mobile is no longer a niche or isolated part of an organisation’s digital footprint. New devices and applications are the status quo and organisations must be able to identify the digital risks associated with them,” said Alastair Paterson, CEO and co-founder of Digital Shadows. “But we know that a large percentage of mobile applications will fail basic security tests and this digital risk presents enterprises everywhere with brand protection and data risk threats. In an increasingly mobile-first world, our customers now have the ability to precisely account for evolving threats jeopardising irreplaceable reputations and information.”
Digital Shadows has been trialing the new service with some key clients and, within a week, for just one financial services client, it identified 39 incidents of mobile applications posing a risk to the organisation. This included mobile apps with malicious code, impersonation and unauthorised use of the company brand. While many of these came from third party application stores, some were from official stores.
With Digital Shadows’ mobile application monitoring, customers can detect a wide range of threats including suspect application behaviour and code, such as self-signed certificates or the presence of malware; versions of applications that have been modified by a third party; copies of applications on stores that are not actively managed; impersonating or spoof applications that mimic brands and affiliate links that mislead or confuse users. Monitoring even extends beyond customer mobile applications to internal company mobile apps.
Last year, the US Federal Trade Commission warned that “as more consumers are shopping with mobile apps, fraudsters are following the money. There are fake phone apps popping up that impersonate well-known retailers to steal your personal information. Their names were similar to well-known brands, and their descriptions promise enticing deals or features”.
Updates to SearchLight and Digital Shadows’ capabilities include:
- Mobile App Monitoring: Identifies malicious mobile apps and analyses the application’s code to classify the level and type of threat it poses, including intellectual property infringement, malware delivery and phishing.
- New Asset Registration of Mobile Apps: Ensures an application is accounted for and actively managed, including company-specific recommendations.
- Improved dashboards for executives and security teams: Intuitive visualisations provide faster, actionable at-a-glance views of data exposures and other risks from Digital Shadows’ unique ‘attackers’-eye-view’ perspective, ranked according to severity.
Mobile application monitoring is available to customers now. To learn more about the offerings, visit www.digitalshadows.com