The security researchers and developers at Zimperium have developed and refined z9™, a revolutionary mobile threat defense engine that uses machine learning to detect device, network and application (“DNA”) cyber attacks in real time. The z9™ engine is specifically developed for mobile, to guard against the unique threat vectors of iOS and Android devices. z9™ runs efficiently on smartphones and tablets, without introducing latency or violating user privacy.
Unlike other threat detection systems, z9™ monitors the entire mobile device for malicious behavior regardless of the attack entry point. The device-wide resident approach does not rely on external IDs or malware signatures, and does much more than app scanning. This makes z9™ immune to evasion techniques such as polymorphic malware, virtual machine awareness, download and execute techniques or binary obfuscation, allowing Zimperium solutions to find and protect against both known and unknown threats.
The sheer number of mobile devices in use today, along with their propensity to be outside a controlled network, allows z9™ to serve as an advance early warning threat detection system for malicious attacks. Like Tsunami buoys that alert authorities to an oncoming tidal wave, z9™ mobile sensors alert IT or Security teams to attacks happening both inside and outside the corporate network to prevent a compromised device from turning into a wider outbreak.
z9™ puts the power of expensive intrusion prevention appliances into the mobile device, transforming it from a threat vector to a defensive advantage. This game-changing technological advance enables a company to increase the number of sensors from a mere handful, to tens or even hundreds of thousands across an entire organization for a fraction of the price. The more sensors you have, the better visibility you have into both mobile and non-mobile threats.
Much like a doctor can diagnose an illness by analyzing the symptoms your body is exhibiting, z9™ can detect both known and unknown threats by analyzing the behavior of a mobile device. By analyzing slight deviations to the mobile device’s OS statistics, memory, CPU and other system parameters, z9™ can accurately identify not only the specific type of malicious attack, but also provide forensics associated with the who, what, where, when and how of an attack occurrence.
Zimperium developed the revolutionary z9™ engine by training it over many years on proprietary machine-learning algorithms that distinguish normal from malicious behavior on Android and iOS devices. Unlike cloud-based mobile security solutions that employ app sandboxing or tunnel traffic through the cloud, the z9 engine sits directly on mobile devices. This unique approach detects attacks even when your users are not connected to the network or when facing unknown malware, new threats or zero-day attacks.
The z9™ engine monitors, detects, and protects mobile devices against known and unknown threats, including:
|OS/Kernel exploitation||Man-in-the-Middle (MITM)||Malicious apps|
|Profile/configuration modification||SSL stripping techniques||Known and unknown malware|
|System tampering||Attempt to intercept SSL traffic||Dynamic threats abusing download and execute techniques|
|Device vulnerability assessment||Rogue access points||Potentially unwanted applications (PUAs) from untrusted sources|
|Physical USB exploitation||Reconnaissance scans|