Busy Winter Times in Malwarelytics: Azure Cloud, RASP banner and APIs

From Heroku to Azure

It was like yesterday when we started with Malwarelytics. We have used cloud computing services from the first moment and our initial choice was the Heroku platform. We have enjoyed almost three years of running and providing our services there.

It is now almost a year ago when we started to look for a more adult and more capable cloud computing service. The main reasons behind were:

• to be ready for an exponential growth, our end-user base is few millions already
• the ability to base our service in almost any part of the world easily
• automate, monitor and tune up our resources and services

The final choice hit on the Microsoft Azure platform which matched all our needs, passed the initial tests and performed very well on our simulated production load. We are happy to be there and we are looking forward to provide our service to the world in an unlimited manner.

RASP Banner on Device Card

We have refactored and polished the device card to bring more important values there. The most remarkable change is two visible banners. The first ne indicates the level of threat caused by an installed application (Android only). The second one shows the highest device security weakness.

The threat banner on a device can work in several modes from now on. Those modes combine or prefer following threats:

• Threat Flag - Highest flag among all RASP detections
• Threat Level - Highest threat among all installed APKs

There is always a default mode for a view, but a user can change it to a preferred mode.

Malwarelytics API

We moved all the APIs to our new dedicated endpoint for Malwarelytics API: api.malwarelytics.com. The documentation of the published APIs can be found on our developer portal. Besides that there is also a swagger documentation available. It can be accessed with an integration role user or any of the Malwarelytics console users.

Security Changes as Events

Collecting security events from devices or the secured banking application is one of the data feeders to provide a successful protection. We have extended our events with gathering important milestones of an end-user device and the secured banking application:

• OS version changed
• Malwarelytics SDK version changed
• Client user identification changed

Level Up on Statistics

The old good statistics are gone. Instead of providing global stats over all devices and mixed platform data, which was not bringing enough value, we redid the section to be per-customer and thus filtered by the selected origin applications. 

It now shows platform distribution share and separate sections for each of the supported platforms.

Android

• operating system versions share and trend
• top device vendors and models

Apple

• operating system versions share and trend
• top device models

Special Flags on Console Users

There were added two special flags to the console users list:

• 2FA enabled/disabled
• Password reset pending (displayed when a user has not activated the account or not changed the account password yet)

Next to this a warning bar can be enabled on an organization to push all users without enabled 2FA to activate it.