OPSWAT Announces the Gears Mobile Security App

In the wake of Stagefright 2.0 and the XcodeGhost malware, securing mobile devices is a growing need for consumers, SMB, and Enterprise.

OPSWAT today announced the launch of the Gears mobile app for iPhone® and AndroidTM. The Gears platform already provides enterprise-wide monitoring and management for the security and posture of desktops, laptops, virtual machines and servers. The addition of the mobile app now positions Gears to meet the needs of both consumers who want to improve the health and security of their mobile devices and organizations attempting to provide security and device attestation for an increasingly mobile workforce.

Enterprise Need

According to Adam Winn, Senior Product Manager for Gears, the app was designed in cooperation with some of OPSWAT's largest customers in the financial services sector, a vertical where BYOD adoption is complicated by regulatory compliance. He went on to say, "The ability to check the security state of BYOD devices is a missing piece of the security puzzle for many organizations, from small businesses to enterprises. Many MDM and EMM solutions solve the problem with a heavy hand, leading to low user adoption rates and distrust. By contrast, Gears works in total transparency, without the need for enterprise app stores, DEP, or other complex provisioning techniques. In this way Gears benefits both individual users, as well as groups and companies looking to set simple policies that allow easy identification of infected, risky, or vulnerable devices before they can cause problems."

Winn was quick to emphasize that the Gears app is not an Mobile Device Management (MDM) solution, which he sees as a benefit when organizations are attempting to view all of their devices "under one pane of glass, with a focus on security. We set out to create a product that provides device visibility and security posture without difficult provisioning and administration. Conversations with our customers have revealed that managing and enforcing traditional MDM deployments have led to low coverage rates post-purchase, especially for personal devices, so our approach is to provide a unique alternative or supplement to a traditional MDM that allows the security of mobile devices to be managed alongside all the endpoints in the network. MDM still has a place, but there are situations where it simply doesn't make sense — Gears now solves that problem."

When asked about the inspiration for the app, OPSWAT's CEO, Benny Czarny, said that "The notion of securing the corporate network is forever changed. Everything is moving to the cloud, so the posture of devices is much more important than it has ever been before. There is a direct connection between devices and data, and the key thing is to protect corporations from threats coming in, regardless of the device type or operating system. What's unique here is that we cover five major platformsâ€”Windows, Mac, Linux, and now Android and iOS. This consistency in visibility is very important to us. Ease of distribution was also a major focus during development. Simultaneous development against the policies of two app stores was a challenge, and we're proud that the features in the mobile app are very consistent between the two operating systems."

Czarny went on to discuss the challenges of enterprise mobile device security: "Mobile security settings are very advanced at this point, but the 'human factor' is where much of the danger lies. The best security settings in the world won't help your network security if your employees don't have a password for their tablet, or they don't have remote memory wipe set up in case a phone is lost or stolen. I looked for apps that could meet this need and there was nothing! It's a unique app, meeting a unique need in the market, and we're excited to see what our customers do with it."

Consumer Need

Between the recent emergence of Stagefright 2.0 vulnerability, which is said to put over one billion Android devices at risk, the XcodeGhost malware, which is now thought to facilitate phishing for iCloud passwords, consumers are more aware than ever before of the need to secure their devices, but they often aren't sure where to start. This is evidenced by data collected during the beta period for the Gears Android app, during which Winn reported that "30% of Gears beta users on Android devices didn't have their devices password protected. That really surprised us, and it emphasizes the need for a tool that can detect both basic and advanced security settings. The Gears mobile app gives those new to mobile security the ability to make sure that the basics, like password protection, are taken care of, while providing enough advanced features to keep infosecurity buffs happy as well."

How does it work?

Designed for unmanaged and personal devices, the app performs a rapid audit of common security settings and provides a report including numeric scores for security and health status, information on issues with the device, and clear instructions on how to remediate any problems. The app also provides detection for common mobile security risk factors, including rooted or jailbroken devices, unset passwords, and lack of storage encryption — features that often require the deployment of an MDM.

In addition to the configuration checkup mentioned above, it offers a unique take on malware detection by looking at the actual IP addresses a device is connected to, where they are located, and if they are identified as suspicious by any of the twelve IP reputation sources provided by Metascan Online, OPSWAT's free online anti-malware multi-scanning service. Connections to suspicious IP addresses can be an indicator of potential malicious intent, including data theft and unwanted tracking.

According to Winn, IP reputation assessment can also be helpful in identifying connections to command and control servers from a compromised device, a common symptom seen after a vulnerability like Stagefright or XcodeGhost is exploited.

Download Gears to Secure and Manage your Devices

The Gears app is now available to download for iPhone and Android. For businesses and other groups, the app provides easy integration with existing management features of Gears, which are free for up to 25 devices with subscriptions available from 26 to 100,000+ devices. A device can be associated with an account for monitoring simply by entering a unique registration code; no profile or certificate is required.

Future Development

In the very near future, scanning for infections is planned for the Android app, where Android package files (APKs) will be scanned against the 40+ anti-malware engines in Metascan Online, bringing the app into alignment with the features currently available in Gears for Windows, Mac, and Linux. The app is also available as a software development kit; interested parties should contact gears.sales@opswat.com for more information.

About Gears

OPSWAT Gears is an enterprise device security and compliance solution that inventories and assesses the security posture and risk for managed and unmanaged endpoints, with a focus on Open APIs for easy integration. This visibility and protection follows the endpoint and acts regardless of where the device is located, how it is connected, or which security software is installed. IT administrators can assess, manage and bolster their enterprise-wide security posture, meet regulatory compliance, detect infections and reduce risk without increasing operational overhead.

About OPSWAT

OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and helps organizations protect against zero-day attacks by using multiple anti-malware engine scanning and document sanitization. OPSWAT's intuitive applications and comprehensive development kits are deployed by SMB, enterprise and OEM customers to more than 100 million endpoints worldwide.



Apple, the Apple logo, and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.

Android is a trademark of Google Inc.