Blog

27 - 04 - 2021

Quick Guide Through RASP: How to Have Bulletproof Security on Your Mobile Device?

When thinking about your mobile phones, most people do not perceive it as a real threat factor as, in fact, your phone is constantly at significant risk of being a target of hackers. Also, it probably has more sensitive information about you, personal and business data than your computer.

In the attempts to infect your mobile devices, cybercriminals constantly monitor the most popular apps and topics currently in demand and use this as bait for potential victims.  

  • In 2020, 97% of organizations faced mobile threats that used various attack vectors.
  • 46% of organizations had at least one employee download a malicious mobile application.
  • In 2020 there was a 15% increase in banking Trojan activity, where users’ mobile banking credentials are at risk of being stolen

Source: Checkpoint Mobile Security Report 2021

How to act against malicious mobile app software?

In order to adequately protect your mobile phones and data, which is located on the device, you need to act proactively. If you want to be ahead of the game, you need to use RASP. 

RASP is a Runtime Application Self-Protection which means it is software that watches your software run. RASP can see if someone is attacking your mobile apps, and it can do something about it. RASP runs in two modes – diagnostic and self-protection. Diagnostic mode periodically or on-demand monitors calls to the application and activates an alarm if suspicious behavior is detected. Self-protection mode stops the threat by terminating the user’s session by preventing the application from running.

 

RASP integrates with an application or its runtime environment during execution and constantly intercepts calls to the application to check their security. 

RASP configuration can be set up in various modes that are predefined via the RASP portal. This portal also enables modifications on RASP, which are done on the fly when online implementation is selected. If you only opt-in for offline implementation, the RASP portal is not necessary.

Another great benefit of using the RASP portal is that it can collect security events and create reports based on that information.

RASP portal is a solution developed by Asseco that offers a unique user management experience and more RASP configuration options. To take the best out of it for your business, contact us for a consultation call.

 

Many mobile app development teams are asked to prioritize time to market over security - this leaves applications vulnerable to attacks.

 

React and protect!

RASP is different from other security solutions because it keeps track of how your apps are behaving and the context of that behavior. When the app starts having an unusual behavior, RASP immediately stops the application, mitigating all the potential risks, and starts sending alerts to your team and mobile device user. This is done entirely without any human intervention. 

One other thing RASP can do is to distinguish actual attacks and legitimate requests for information - this reduces false positives

RASP can monitor and protect an application even when it is continually updated, and it gives you a complete insight into what is happening within your application.

 

Does RASP affect the design and usability of the application on which it is running? 

The answer is simple – no. RASP operates as a separate and self-sufficient SDK on application run-time. It doesn’t require any changes to your mobile phone applications, and you do not need to worry about slowing them down.

RASP fights of mobile application threats such as:

  • Jailbreak/Root device detection
  • Debugging
  • Hooking
  • Screen recording
  • Emulators/simulators
     

Enterprises need to be sure they have a comprehensive security solution for employee mobile devices in place.

 

How does RASP implementation work?

RASP implementation is smooth and easy, assuring that there is:

  • No downtime.
  • No risk of breaking an app.
  • No major source code changes.
  • No false positives.
  • No routine tuning.
  • No unacceptable performance overhead.

It can be integrated into old, proprietary applications or new ones.

 

You guessed it, we have it all - RASP SDK, RASP web portal. If you still have some RASP questions, we would be happy to help you. Just reach out with zero commitment.

 

We're here to help if you have any questions or doubts. Please leave your contact details and we will get back to you shortly.

Please enter your first name

Please enter your last name

Please enter your company

Please enter your e-mail

Please enter your inquiry

Download datasheet

Please enter your first name

Please enter your last name

Please enter your company

Please enter your title

Please enter your e-mail

Please enter your phone number

Please enter your country/region