Security Experts:

BlackBerry Teams With Zimperium on Mobile Threat Protection

BlackBerry and mobile security firm Zimperium have announced that Zimperium's zIPS threat protection system now integrates with the Blackberry EMM, which comprises Good Technology and BES12 enterprise mobile management systems (EMMs).

Because EMMs do not generally include protection against malware and hacker threats, users typically require a separate threat protection system to run with the mobility management system.

Following BlackBerry's purchase of Good Technology and Watchdox , "This is part of a continuing drive for us to provide a complete security solution for the mobile ecosphere," BlackBerry's CSO David Kleidermacher told SecurityWeek. "We do not believe that enterprises should have to shop around for bits and pieces of the solution, but should be able to come to a single supplier for a complete integrated solution."

zIPS is a behavioral analysis system. "We look at three areas," said John Michelsen, Zimperium's Chief Product Officer: "the device, the network, and the applications that run on the device." zIPS continuously monitors for aberrant behavior. "We're checking to see if there has been any exploitation or device tampering; whether there is a network attack in progress such as a man-in-the-middle attack or problems with SSL; or whether there is any malicious activity from any of the apps."

The process is 99% about behavior. "We're the only vendor in mobile," claimed Michelsen, "that had already discovered, had already detected, every fundamental device exploit -- whether it came over Safari payload in iOS, like Trident/Pegasus did; or whether it was StageFright, which was exploited by a maliciously crafted multi-media file sent to an Android device; or malicious apps that download and detonate on the device -- we are the only software that could detect every one of those before they were identified and disclosed."

But being able to detect malicious behavior does not in itself protect against that behavior. Consider ransomware -- detecting the encryption process and determining it is malicious is not enough; the process needs to be stopped immediately. While zIPS itself is primarily behavioral analysis, "There are a number of things we can do on the device immediately," said Michelsen. "We have a cloud-based configuration system called zConsole." It provides security teams with visibility across all devices; and it is where the admin defines what he wants zIPS to do in the event of bad behavior. 

"In many cases," he continued, "we have the ability to do lots of good things without any help from third party software. But it's not complete -- especially in the enterprise context." Here the enterprise will have sensitive data on the users' phones, including company information, company apps and company connectivity. Depending on what activity zIPS detects, the enterprise might for example want to remove the user's entitlement to SharePoint because the hacker could use the phone to read the entire SharePoint repository that the user is able to access. 

"So one of the things the enterprise will want to do that we cannot do ourselves is remove that entitlement. That's why," he added, "we integrate with the EMMs like BlackBerry, and why we integrate to ecosystems like Good. Good gives us the integration between the zIPS app and the Good Technology platform that allows us to trigger remediation immediately in the Good ecosystem."

zIPS has support for all of the major EMMs. The primary ones, said Michelsen, "are BES, AirWatch, Citrix and MobileIron -- with Microsoft improving." The advantage of working with BlackBerry is the market range it covers. "Good itself is not a management system per se," he added: "it's a containerization system." This is particularly attractive to companies that get privacy push back from staff -- Good co-exists on the user's device rather than takes over the management of that device. BES is more of an EMM. Customers, however, can have Good or BES; or both -- and zIPS integrates with whichever configuration.

Gartner recently rated BlackBerry as a top EMM solution currently available. If BlackBerry without zIPS was good, BlackBerry with zIPS is even stronger.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.