IBM Delivers New Mobile Security Tools
June 12, 2012 Alex Woodie
IBM last week unveiled new software designed to help companies build security into their mobile client interfaces by detecting security vulnerabilities during the development process.
The rapid consumerization of mobile devices, as epitomized with the “bring your own device” (BYOD) movement, has created an urgent need on the part of corporations to secure their applications when accessed on mobile devices, according to IBM.
While security has improved on the PC, thanks to concerted efforts by Microsoft, few today are aware of the security risks of mobile devices and mobile apps. The mad rush to develop and consume apps on smartphones and tablets has created a Wild West mentality, where getting the new stuff in people’s hands is paramount, and security is an afterthought.
Malicious hackers and cyber criminals have noticed this shift to mobile devices, and are moving to exploit it. There are the usual suspects borrowed from the PC world, including viruses, Trojans, and assorted other malware that has been designed for iOS, Android OS, and other mobile OSes. Mobile Web browsers are also susceptible to SQL injection attacks, cross-site scripting attacks, phishing schemes, and other blended approaches to steal your money and your data.
In addition, there are mobile-specific security threats that people should be aware of, such as malicious QR codes that will direct your device’s browser to a malformed website, and maliciously crafted apps that appear to be legitimate because they’re offered in mobile marketplaces, but which will actually steal data from other apps loaded on the device.
Big Blue says it’s addressing this evolving mobile security world with the latest release of its Security AppScan product. AppScan helps developers build more secure applications from the beginning (as opposed to trying to tack security on as an afterthought) by enabling developers to test for known vulnerabilities during the development phase.
With the latest release, Security AppScan gains the capability to scan native and hybrid mobile apps, giving developers a more powerful tool for all the different modes their mobile apps might run in.
Other new features with this release of AppScan include integration with IBM’s QRadar Security Intelligence Platform, the security information and event management (SIEM) solution that IBM obtained with its acquisition of Q1 Labs last year. This release also introduces a new Cross Site Scripting (XSS) analyzer; new static analysis capabilities; and new predefined and customizable security templates.
“Providing clients with the ability to scan mobile applications for vulnerabilities–including applications developed in-house and outsourced–is the next step of our mobile strategy,” stated Marc van Zadelhoff, vice president of strategy and product management for IBM Security Systems. “With more than 120,000 of our own employees accessing IBM’s network through mobile devices, we have had to focus heavily on developing a way for employees to work safely and securely.”