Strategic partnership provides automated defense against malicious bots and scripts for web and mobile applications by combining Approov and PT Application Firewall
Positive Technologies and CriticalBlue today announced a strategic partnership to provide an integrated mobile and web application security offering for companies looking to defend against the growing threat from malicious bots. The partnership between the two companies will see Positive Technologies combining their advanced web application firewall, PT AF, with CriticalBlue’s mobile API and app protection solution, Approov, to deliver multichannel security.
The joint approach automates protection from the growing number of scripts that use vulnerable web and mobile applications and APIs to significantly impact business revenue by scraping and stealing data, breaching networks, onboarding fake accounts, and delivering fraud campaigns. All of these activities increase processing costs. Alongside the rising volume of such attacks, complexity is also increasing, with attackers using advanced obfuscation techniques such as hiding within genuine user sessions, clever IP rotation to avoid blacklisting, and running on emulators to appear like legitimate traffic.
Both companies are highlighted by Gartner as effective countermeasures to such threats. For the third year running, Positive Technologies was highlighted as a visionary in the recent Gartner Magic Quadrant for Web Application Firewalls and CriticalBlue featured in the 2017 « Cool Vendor » report on Mobile App Development (subscription required).
CriticalBlue’s Approov product enables dynamic software attestation for mobile apps. It allows your apps to uniquely authenticate themselves as the genuine, untampered software images you originally published. Upon successfully passing the integrity check the app is granted a short lifetime token which can then be presented to your API with each request. Your server side implementation can then differentiate between requests from known apps, which will contain a valid token, and requests from unknown sources, which will not. With today’s announcement, the back-end token validation function is also now built into PT AF, allowing it to authenticate software calls without the need for server side integration. Approov does not require a static secret to be stored in the mobile app, is easy to integrate via a drop-in SDK, simply to deploy and has no impact on the end user experience.
PT AF is a response to the increasingly complex application security landscape. Combining true machine learning with heuristic analysis of vast datasets, it is an effective automated countermeasure against zero-day attacks. This, combined with the fact it auto-generates virtual patches, allows security teams to « set and forget » the technology.
David Stewart, CEO of CriticalBlue commented: « We’ve been working with Positive Technologies for a while now and we know them to be knowledgeable and capable security professionals backed up by a portfolio of leading edge products. We’re really looking forward to the next stage of our partnership as we deploy our solutions together, delivering peace of mind to our joint customers that their businesses will not be impacted by the application layer activities of unscrupulous actors. »
Andrew Bershadsky, CTO from Positive Technologies said: « We have created a world where every company now has an unmanageable multitude of connected applications. Each and every one presents a point of risk, something which hackers are trying to exploit at scale through automated scripts which crawl the web looking for malicious opportunities. »
« We believe this joint approach with CriticalBlue takes the protection we can provide companies to the next level, allowing bots to be challenged and blocked across both web and mobile. »
To read the original article: