A look at MTD vendor Zimperium, and their new product suite, MAPS
Zimperium's MAPS provide organizations with a way to protect apps from development to after it hits app stores.
Mobile threat defense vendor Zimperium recently announced a product suite called Mobile Application Protection Suite (MAPS). We’ve covered their mobile malware reports before during my deep dive into available mobile security statistics, but we haven’t really looked at the vendor itself, so we thought with this news, it might be a good time to check them out.
Who is Zimperium?
Zimperium has offered mobile security tools for enterprises since 2010. According to CrunchBase, they have over 100 employees and have raised $72 million in funding, with their latest round in 2018. The MTD vendor was co-founded by Zuk Avraham, who left and founded Zec0ps. He is largely responsible for the FreeTheSandbox initiative and he gets quoted a lot by news organizations whenever a major mobile vulnerability comes to light.
Zimperium acquired cloud security vendor Mi3 Security two years ago, which provided them with the technology to look for apps with privacy risks on endpoints. They also partnered with MobileIron that put their tech into the MobileIron EMM agent without requiring anything additional being installed on a user’s device.
Zimperium offers a variety of MTD products, using their z9 engine for machine learning to help with on-device threat detection, and it doesn’t run in the cloud. MTD apps are sandboxed like any other apps and use a mixture of common techniques and Zimperium’s proprietary technology to determine if there are any malicious apps present. For organizations with managed or corporate-owned devices (but it’s also used with BYOD), Zimperium has zIPS, which provides continuous mobile threat detection.
New offering: MAPS breakdown
First off, Mobile Application Protection Suite isn’t a new product, rather it’s a brand-new SKU containing three pre-existing products aimed at protecting a company’s app from inception through to its release on app stores and beyond. MAPS includes zSCAN (scans code during development), zSHIELD (protects against attackers decompiling app code), and zDEFEND (runtime protection). While all three products are part of MAPS, they remain available separately. However, with MAPS, licensing of all three products is simplified into one per-app deal. Let’s break out each of the three products to look deeper into what each offer organizations.
First, there’s zSCAN, which is designed to scan app code during development, looking for security risks, privacy risks, and regulatory risks. The company decides how often a scan happens, whether that’s fairly often or limited to major versions like alpha, beta, and release candidate. Additionally, companies can configure how deep they want the scan to go—maybe allowing the app to access the clipboard is permissible, while another app should never do so. Whenever an issue is discovered, a ticket (called Findings) are sent to developers through JIRA and other ticketing software. Alongside companies using zSCAN to examine their apps, app distributors also use it to review submitted apps.
The next product is zSHIELD, which adds obfuscation and anti-tampering to the app before it’s released publicly. Obfuscation is used to prevent someone from decompiling the app’s code to determine how it works and potentially copy it while adding their own malicious code into it. Additionally, zSHIELD can detect if someone is trying to open the app on a jailbroken phone or a virtual instance, which can be an indication they’re attempting to figure out how the app works.
The third piece of MAPS is zDEFEND, which provides runtime app protection. zDEFEND is an SDK embedded into the app that helps organizations to see threats on the device (e.g., detecting a man in the middle attack and if malware is present on the device) and reports on them to the same console as zSCAN and zSHIELD. It also adds granular security capabilities to further protect the app and its data, such as seeing if a device is jailbroken. Admins can set it so that if the app detects that the user is on unsecured Wi-Fi, it limits functionality of the app (e.g., a banking app allows the user to see their account info, but prevents any transfers) or even prevents the app from working at all until the user is on cellular or secured Wi-Fi.
On first glance, the easier licensing aspect alone almost makes MAPS worth it (provided you want all three products), since the others have more complicated licensing, such as zSCAN being per scan (which is why some companies might opt to only have major builds scanned).
While MAPS can be used in-house enterprise apps, Zimperium’s focus here seems to be on consumer-facing apps, as they spoke almost solely about banking apps when I spoke with them. They said that a lot of companies don’t have a strong grasp of the mobile threats out there, often thinking obfuscating their code is all that’s needed to protect an app.