Mobile Security & Enterprise Mobility Blog

Don’t be caught on the wrong side of an attack

Using only cloud sourcing as the basis for mobile threat defense is the wrong side of an attack.

We respect the boldness of a competitor’s CEO taking on the leader in his market. In a very literal sense, he laid his and his company’s cards on the table. This is very good for current and potential customers because it gives them a chance to carefully consider those cards. And being the thinly-veiled target of his blog and follow-up blog, it only makes sense for us to lay our cards down as well.

The apparent purpose of the CEO’s two blogs was to justify their approach and question ours. Unfortunately, he spent an inordinate amount of time talking about the benefits of cloudsourcing generically without much depth on how it could deliver complete mobile threat defense. We agree that cloudsourcing certain aspects of the solution is critical (more on that later) but not the complete solution. When you’re a one trick pony though, you ride that pony to exhaustion.

At Zimperium, we leverage every technique necessary, including both cloud and on-device Machine Learning, to provide the most complete MTD in the market.  What drives our design to incorporate cloud or on-device is risk management vs active threat defense. Our z3A, for example, leverages cloud to perform an application analysis for risk (permissions abuses, “leaky apps”) that would be impossible to fully implement on a mobile device.

But we are 100% steadfast in our belief and have been proven right countless times that on-device detection of active threats is the only real solution. Here is why the cloudsourced solution doesn’t work:

  1. It would be impossible to send enough data to the cloud to defend every possible way to attack the device and it would consume way too much bandwidth if you tried
  2. In the race against time, the MTD will lose the race with the hacker when the compromise occurs.  Consider this, while the cloud based MTD is trying to determine friend or foe, the bad guy has already disabled network access to the MTD and goes about his dirty business while your device is left unaware that it is under attack.
  3. Your mobile device is really your most personal computer, and the privacy concerns of sending so much personal data to a cloud service is a show-stopper.
  4. The solution is hopelessly historic — it can’t protect against as-yet unknown (or zero-day) exploits.

It is particularly odd to hear a debate on the merits of our Machine Learning techniques themselves since they are the envy of our market.  Of course, the proof is in the pudding, as they say.  Here’s the most obvious and real example of the pudding proof. The day that they disclosed Pegasus they also had to release a new version of their software so that existing users would know if they were already infected by it.  Let that sink in for a second. No really. Let that sink in and really understand it as it’s foundational to their approach. Zimperium users did not need any update to be protected. Our z9 engine has detected and provided protection for every zero-day exploit (including Pegasus) that was found in the wild.  Even to this day, well known, documented, and downloadable exploits such as Stagefright and P0’s iOS 11 exploit will not be detected by any other MTD on the market but Zimperium.  Again, a good time to stop and let that sink in. In general, if the exploit is not already known and delivered as an app, it is very unlikely to be detected by any solution except Zimperium.

Despite the above, there is one thing we agree on. We agree that the larger the installed base of sensors you can deploy, the greater the opportunity for learning to occur. And as you plot our growth trajectory, we are on our way to having the largest MTD installed base in the world this year. This leadership position will only expand our lead in advanced data science and Machine Learning.

You’ll be interested to learn that because of the on-device detection choice we made, the exact same protection (our z9 engine) is available for the apps our customers develop using our zIAP SDK. When an organization develops a consumer-facing app that includes sensitive customer data (like a banking, insurance, or healthcare app) and makes transactions on their most critical systems in the data center, they need an MTD that can make their app self-defending. Only zIAP can provide in-app exploit detection.

There is another point the CEO’s blog asserts. He implies that one of the reasons on-device detection is inferior to cloud is because it’s a “challenge” to deal with the access limitations Apple and Google make on their platforms.  This is true. But it’s also irrelevant with regard to our approach vs theirs.  It’s true for both solutions. Nonetheless, think about how ridiculous the claim is that they have more access to the device from the cloud than we do on the device itself.  And again with proof, Zimperium’s coverage is superior to them on every iOS and Android platform in use. 

One other point: not so fast on the fast updates from the cloud comment.  Security companies have been playing whack-a-mole for years with detection only after discovery techniques.  That is not the Zimperium model.  Recall from above that we have detected as-yet undisclosed exploits without updating our software.  If you need frequent updates to your app or cloud to improve protection, you aren’t really protected at all!  Enterprises and government organizations are not safe when protected only from old, known issues.  They have to be protected from the countless exploits that are sitting in the inventory of hacking organizations that will not be detected by how-big-your-cloud-is type techniques.  That’s why we are so proud of our approach at Zimperium.

And finally, your mobile security is only as good as your technology and your security research team behind the technology. The zLabs team is unparalleled in the industry. They discovered more vulnerabilities in the last two years than all of our competitors combined. In fact, take a look at the security notes on the most recent iOS update and you’ll see our researcher credited by name with two vulnerabilities just on this update. In other words, because of our world leadership in mobile security research, Apple released the iOS 11.2.5 update.

But, even though we really do know what we’re talking about, don’t take our word for it. Invite us in and we’ll demonstrate that there is only one right way to deliver complete mobile threat defense. In fact, invite us and the competitor CEO’s company in. You’ll be amazed what you see when tested side-by-side. Your and your organization’s future depend on it. For a free demo, visit us here.