Mobile Runtime Application Self-Protection (RASP)
Mobile apps are an easy target for on-device exploitation as they run on devices outside the enterprise’s perimeter and control. The app binaries and the inspection tools necessary to find exploitable vulnerabilities are freely available, allowing attackers to build and deploy targeted malware, phishing, and network attacks to steal confidential data on the device. In the absence of mobile runtime application self-protection (RASP) capabilities, attackers have repeatedly shown the ability to exploit mobile apps on the user’s device to commit financial fraud and data theft.
How Your App is Being Exploited On-Device
Use screen overlay attacks to steal credentials
Man-in-the-middle attacks to eavesdrop and redirect sensitive data
Abusing app permissions to record all keystrokes
Abusing inter-app communication to exfiltrate PII
Fake devices/emulators to impersonate real users
Use compromised devices to divert traffic to malicious destinations
How zDefend Secures Mobile Apps
Zimperium zDefend offers an outside-in approach to mobile in-app protection. It’s an SDK that enables the host application to detect and proactively protect itself by taking actions on the end user’s device, even without network connectivity. The SDK leverages z9, Zimperium’s patented machine learning-based threat detection engine. The on-device actions are configured within the application. They can be updated in real-time without publishing a new version making it practical and scalable across large install bases. zDefend’s mobile RASP capabilities allow continuous monitoring, protection, and effective threat modeling within the mobile DevSecOps life cycle.
Key Detections to Prevent Runtime Exploitation
Rooting Detection Evasion
Privilege Escalation Detection
Device Security Disabled
Why Zimperium for RASP Mobile Security?
Advanced machine learning-based
Restrict access & disable
features when risk is unacceptable
Update in-app protection
policies in real time
SDK optimized for size and
Minimal app permissions to
No PII data taken off the
Learn how our customers are leveraging zDefend to proactively prevent fraud and theft
Anti-Malware To Prevent Account Takeover Fraud
A Fortune 500 bank was looking to protect their customers and bankers from malware-driven fraud on their mobile devices. Existing traditional fraud platforms were siloed and provided little threat visibility and protection against fraud attempts via the mobile app. Within the first six months of embedding zDefend in their digital banking apps, they realized that their app was running on 18,000 devices with malware, 120,000 compromised machines, and 2 million risky devices. They are deploying zDefend’s on-device actions to prevent users from accessing and conducting high-risk transactions in untrusted environments to minimize fraud risk and exposure.
Contact Us to Learn More
Prevent Mobile Banking Fraud With Compliance Grade Security
A Fortune 200 bank in Europe was concerned that their current mobile applications security posture was insufficient. Banking regulations mandated anti-malware protection, and they realized signature-based protections were impractical. The enterprise began by embedding zDefend into iOS applications that serve over 5 million customers. In the first six months, they gained visibility into 500+ app tampering attempts, 30,000+ malware infected devices, and 25,000+ risky devices running their apps. They are employing zDefend to embrace compliance-grade security and systematically reduce risk.
Contact Us to Learn More
“Through 2022, mobile application security failures will be the biggest mobile threat for enterprises.”
– The Gartner “Avoid Mobile Application Security Pitfalls” Report
(Refreshed 27 January 2022, Published 27 July 2020; Dionisio Zumerle)