Appthority Portal Helps Assess Mobile Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
News
5/31/2013
02:48 PM
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Appthority Portal Helps Assess Mobile Risk

Appthority Portal gives customers greater granularity in determining and responding to mobile risk factors.

Appthority sprung to life early last year at RSA with its mobile app screening and risk assessment product for the enterprise, and has been racking up partnerships within the enterprise mobility ecosystem ever since, including a recent alliance with Mobile Iron, one of the market leaders in mobile device management. Today the company announced the Appthority Portal, which lets customers see mobile app risk data directly, understand more precisely the factors that influence particular risk scores (or Appthority Trust Score), and customize those scores on a per-company, or even per-department, basis.

The outcome: IT can write mobile policies at an increasingly fine-grained level, based on application behavior.

When introducing Appthority initially, CEO Anthony Bettini said the company's approach was more about "bring your own software" rather than "bring your own device," arguing that it wasn't necessarily the device that created risk, but the applications and the resources and information they could access once the device was connected to a corporate network. Appthority co-founder and president Domingo Guerra says the company's database now contains 1.2 million unique applications. Until now, those were all iOS and Android apps, but the company just launched support for BlackBerry 10 apps, and has plans for Windows Phone apps later this year.

Appthority's screening technology is hosted on Amazon Web Services. Partners have accessed app "scores" and underlying behavioral data via APIs -- these Appthority partners include development shops like Appcelerator, enterprise application stores like Apperian and Happtique, and MDM companies like MobileIron, Fixmo, Boxtone and Marble Security. The MDM technologies use Appthority data as the basis to write the policies that get enforced upon end users. The partners can upload apps to Appthority's cloud, or they can query the system based on the meta data of the app, and the reports generated get fed directly to that partner.

With the new Appthority Portal, the end-user customer can see the data directly, including very detailed app behavior explanations to help them make better policy decisions. Corporate developers can also upload their apps directly now, Guerra says. The scanning takes only a couple of minutes.

The data Appthority discovers in its screening process runs the gamut from detecting malware, to understanding its origin (for example, that the software was developed in the Ukraine or in China, or even the reputation of the developer), to uncovering what the app has access to (like a contact database or the user's location), and more. Guerra says that Appthority disassembles the binary file and performs both static and dynamic analysis, running the file through more than 3,000 rules based on the API calls that the OS manufacturers make available. This includes Android apps ported to BlackBerry 10 -- Guerra says that Appthority's technology understands not only what each mobile OS allows, but also what the application is trying to do, meaning any extra calls the application makes outside of the standard APIs.

Understanding application behavior lets an organization do things like block the use of DropBox based on the location of a user, for instance, but also block other apps that might make direct use of DropBox as well. Portal users will access data via a single screen that breaks down apps by OS and by app category, with those apps ranked by risk. Diving into the apps provides not only a risk score, but details on key behaviors, like whether the app tracks user location by sending map coordinates unencrypted. End user shops can write policies based specifically on that sort of fine-grained understanding of app behavior.

Guerra says that Appthority is seeing more than one million queries per day for app analysis, from 137 institutions, including customers and partners, and across a variety of vertical industries. The solution is available in seven languages. The portal has been in private beta, and is available this month. The list pricing: $2.50 per user per month, plus $2.50 per user per month for having scores exposed in the Mobile Iron console, but if you buy both Appthority and Mobile Iron together (via either company's channel partners), the total cost is $4 per user per month. Guerra says there are discounts based on volume usage.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Achieving Techquilibrium: Get the Right Digital Balance
Jessica Davis, Senior Editor, Enterprise Apps,  10/22/2019
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll