Zimperium: Acting as the Intel-Inside of Smartphone Security

Date:   Tuesday , August 23, 2016

The wider smartphone adoption has triggered the spread of mobile malware. In light of this rapid growth, there is a pressing need to develop effective solutions. But due to the lack of understanding about emerging mobile malware, our defense capability is largely limited. Attacks that proved successful on PCs are now being tested on unaware mobile users to see what works. But with the number of mobile devices with poor protection soaring, mobile devices have become a haven for hackers, where they hunt the weakest point and then hone in on the most successful scams.

Since mobile security is different from traditional PC-based security, the real problem for people was that no company offered a solution to this gigantic issue, and ignorance about malicious acts complicated the situation further. Oblivious to the fact that attacks happen from different sources and not just applications, people simply screen their apps to find the malware. Looking at the problem from a broader angle, Zuk Avraham (Founder, Chairman & CTO of Zimperium) created a product called zIPSthat eliminates the entire issue,not just the application piece of the puzzle and without eating too much of the mobile battery. Unlike other applications that steal your private data with or without your permission, zIPS sits on the mobile device just like any other app without violating the privacy of the user.

Bringing Power to Your Hand

Last year, Verizon\'s Data Breach Investigation report stated that mobile devices are not yet a preferred vector in data breaches and have a less than 1 percent infection rate. But in the blink of an eye, the statistics have changed. The recent Ponemon Institute report stated that a single mobile device infected with malware can cost a victim organization an average of more than $9,000. CompTIA raised the alarm further in its report, stating that nearly three out of four organizations have been plagued by at least one security breach or incident in the past year, with about 60 percent of breaches categorized as serious - all thanks to BYOD.

Born to address this market, Zimperium created a platform that delivers continuous and real-time threat protection to both devices and applications. With Zimperium, leaky enterprises can protect devices against known and unknown cyberattacks and generate self-protecting applications from a single platform to boost mobile productivity, while safeguarding their data. Serving global enterprise-leaders at scale, the company\'s award-winning solution is based on its disruptive, on-device detection engine that uses patented, machine learning technology to protect against the broadest array of mobile attacks.

\"We need to be able to detect if something is getting attacked,whether it is focused on the enterprise or on consumers, even though the approach will be different,\" asserts Shridhar Mittal, CEO, Zimperium. \"For instance, if a consumer detects a malicious act by clicking a mail or a message flagged as malware, he or she has to take the action immediately before the malware takes over the device within no time. On the other hand, for enterprises, the same detection will happen, but in that case the enterprise will take remedial action by quarantining the device until it is safe. Zimperium is busy building the solutions that suit both the enterprise and consumers alike\".

Powering clients\' products, Zimperium co-brands with them, just like the \'Intel inside\' model. For instance, the company just launched a product (ST Protect, powered by Zimperium) for SmarTone in Hong Kong under SmarTone\'s banner.

zIPS - Jack of All Trades & Master of All

It took Zimperium three years to build zIPS. The company\'s flagship product is no less than an elixir for those who worry about smart device security breaches, whether it is iOS or Android. It sits and runs on any smart device, catches all kinds of known and unknown attacks from all the different sources - all without consuming battery. The machine learning based approach that allows Zimperium to do all its detections on the device itself helped the company take a lead over the competition, who are still juggling to build one solution fit for all mobile security concerns.

\"Our competition is architected very differently in two categories. They solve just one piece of the problem at a time, like application malware, and are not on the device, like streaming information through a VPN to the cloud to do the analysis. And if that is not enough,their approaches consume battery life, put latency in the solution, violate privacy and have a whole host of other issues that come out when put into action,\" explains Shridhar.

Zimperium has also created zIAP, an In-App Protection SDK that enables self-protecting apps. With zIAP, users can get the same detection engine embedded into their applications. For instance, if a bank creates an app and deploys it to millions of its customers, zIAP will ensure skintight security of its product to reduce fraud. To do so, the bank does not need to ask its consumers to download another app to use its product. Without thinking twice, the bank can just embed Zimperium\'s detection engine directly into its application to get all-round protection and create auto-response workflows to take remediation actions immediately when needed. The company currently works with several financial institutions to put zIAP into their applications - both mobile banking and mobile payment applications.

Imagine a person using the Wi-Fi connection of a cafe to transact through a banking app. Someone could start intercepting that user\'s traffic and insert malware on the device, which would gradually take it over. The malware could then start stealing sensitive information from the app like credentials, bank balance, passwords and more. Created by the best research team in the world of mobile security, who brainstorm wearing hackers\' hats, zIAP detects if something has gone wrong or when malware is on the device that is actively stealing your data. zIAP informs the host app that there is a malicious act happening and the host app can remediate. It deletes all the confidential and personal information immediately from the device and then informs the bank about the attack, so if the user tries to log in again, the bank asks for an additional level of authentication to verify that the user is an actual human, as opposed to malware that has taken control of the device.

Enlightening the Ignorant

With partial awareness about the little facts on mobile security and major concerns associated with it, ignorance is still the roadblock that needs to be dismantled immediately. Zimperium teams up with global telecom partners like Deutsche Telekom in Germany, Airtel in India, SmarTone in Hong Kong and Telstra in Australia, amongst others, to inform the world about this real problem and its consequences.

Gearing for Customer Delight

\"What we really love about this job is it is cutting-edge. We take great pride in not only coming up with the latest and greatest cutting-edge techniques in leading the market, but in also delivering a product that absolutely delights our customers,\" opines Shridhar. Many times Shridhar has told his development team to pause on adding new innovation, until they have made sure what they already have is completely working and delights the customers. \"I will never let the hunger for innovation compromise our ability to delight our customers,\" asserts Shridhar.

The approximately 100-people-strong company recently raised $25 million in series C, led by Warbug Pincus, a large global private equity fund that has invested more than $50 billion in technology, along with participation from Telstra Ventures and Sierra Ventures. This brings the company\'s total capital to $45 million in three rounds from nine investors. With its plan to reach more than 1 billion devices by 2020, the company has strengthened its direct sales model and is creating a strong channel partner relationship globally. \"The core product is there and now we have to keep innovating and adding new features and functions, see how rapidly we can sign new channels and get them successful,\" explained Shridhar.

Zimperium plans to apply its technology and security to the next generation of products in IoT, connected cars, connected healthcare devices and connected homes, most of which are already under development and will soon be converted into product by 2017.


The Birth Story

When Zuk Avraham began his career as a security researcher in the Israeli Defense Force, little did he know that he would soon become the catalyst of change for the mobile security domain. Working day-in and day-out in the security sphere, his love to chase security issues grew exponentially. He then joined Samsung Electronics where his job was to attack all kinds of smart devices to check if they were vulnerable. But in the long run, he realized the huge threat that mobile devices were expecting,due to the BYOD trend, which is growing at a tremendous rate. Finding such a huge gap that needed immediate attention, this world-renowned white-hat security researcher, fathered Zimperium as one of the leading enterprise mobile threat protection providers.

The first two years of the company went into building the product, while bootstrapping the company through services. The product was finally released in 2013 and Shridhar joined the company a year later to take charge of it as the CEO. Built on two traits - original, deep security experts who breathe security and a management team who are security-oriented and have experience building successful enterprise software businesses - the company has far exceeded customers\' expectations.

Key Management

Shridhar Mittal, CEO

While at Zimperium, Shridhar has led the product to market, built a sales and marketing engine and ecosystem and educated people about mobile hacking. Prior to this, he acted as the general manager of the application delivery business unit at CA Technologies.

Office: California (HQ)

- Solutions - Zimperium for AirWatch, Zimperium for BlackBerry, Zimperium for MobileIron & Zimperium for SAP
- Products - zIPS Device Protection, zIAP In-App Protection & zANTI Diagnostic