Mobile apps security
Our connected lives are mobiles. So are threats. Defensive Lab Agency is the guardian of your mobile transformation: our solutions help prevent counterfeit apps and manage your mobile end-points.
Counterfeit and phishing-in-app protection
Malicious copycats of your app are straightforward to create. Those are increasingly available on notorious app stores - which do little to ensure an app is legitimate. Counterfeit and fake apps have been identified as dropping malware or in phishing-in-app schemes. Thankfully, app stores remove the incriminated apps once someone has warned them of the wrong-doing.
However, this is not the most optimal way to address the challenge. Are you an app developer? Your account may well be shut down. Alternatively, your app's reputation tarnished. Whichever the case, you can save yourself the hassle by addressing the situation before it even occurs: we identify your app as 'legitimate' and monitor the app stores for any illegitimate versions, counterfeit or otherwise.
Mobile end-point security
Let's face it: attacks keep coming and become ever more sophisticated. No matter what mobile platform you use, you will find yourself wondering, "Is this app safe?" Although many users have grown accustomed to the idea that desktop software can be ill-intentioned, many still struggle to understand that mobile apps can do the same thing.
Your organisation monitors desktop workstations and servers - but how good is your knowledge of your mobile fleet? The answer is Defensive Lab Agency's secure management product. We have developed a solution that goes way beyond the hope that users will follow your company's recommended precautions. Our management tool gives your administrators the ability to set and enforce security policies for mobile end-points in real-time.
Connected coffee mugs, "smart" washing machines... However we choose to name them, everyday connectivity-enabled objects are increasingly pervasive. Have you secured the ones you provide?
Building secure IoT ecosystems
More and more devices have some sort of connectivity: they are Internet-enabled, Bluetooth-powered, you name it. Products and appliances that have traditionally been offline are now connected and need to be designed to withstand cyber threats. Huge time-to-market pressure and lower market entry barriers enable more and more startups with little to no technical expertise to bring IoT to the end-user. Whom, often naively, entrusts their personal data to an increasing number of such connected devices and services.
The security of those so-called "smart" devices is thus becoming a growing concern. Defensive Lab Agency brings together widely considered good practices and a renowned IoT analysis software suite, aimed at improving the security for internet-connected devices.
Ensure security and privacy in your IoT's lifecycle
You are aiming your product at children, households, people with specific needs,... What happens once your device is out there? How do you ensure that customers' data is secure? What happens should a security researcher, or a data protection authority reach out to you with requests and vulnerability disclosure reports? What happens when an investor withdraws their interest because of your product's poor security?
Those are all situations we have dealt with. Of course, the question is not for you to solve all security challenges associated with IoT. Defensive Lab Agency's objective is to support all parties involved in the development and manufacturing of IoT with guidance on securing their products and protecting consumers data. We audit the attack surface of products, provide analysis of the firmware of products to see whether it is possible to extract (sensitive) data, help you implement vulnerability reporting and enable sustainable culture change within your organisation.
Visibility & investigation
A growing number of services connect to the Internet, sometimes despite your decisions. Are your strategic data on sale on the darkweb? How about apps' unexpected behaviours or hazardous personal data leakage?
Your assets' exposure and vulnerabilities
Vulnerabilities arise from many assets: the app’s source code, the dependencies it relies on, the APIs it uses to communicate with distant servers, etc. SOC teams are yet to come to speed with mobile- and IoT-specific threats and vulnerabilities. The growing body of regulatory requirements, however, is not exactly waiting for developers and threat hunters to learn.
We at Defensive Lab Agency understand those challenges and have developed sustainable approaches to addressing them. Our research team has a hawk eye for unwanted actions caused by third-party libraries or negligent development between testing and production.
(Personal) data is the new soil
Is your mobile app GDPR compliant? An IoT companion app or a standalone service, data protection is a fundamental requirement. Getting the legalities right is important; ensuring they are properly implemented in your products and services is essential.
Defensive Lab Agency's expertise is uniquely focused on helping organisations ensure that their services, IoT and mobile products are compliant with GDPR and other relevant requirements (PCI DSS, HIPAA,...). Our comprehensive and wide-ranging compliance assessments address, among others, testing the communication to and from devices, compliance to country-specific security requirements and extensive audit of the possibilities to exfiltrate data.