Your browser is not supported. Please update it.

11 July 2019

Verimatrix catches market napping with first dev-focused mobile service

Digital security software specialist Verimatrix has launched its first product since being acquired by rival Inside Secure – with the merged entity since adopting the former’s branding. Rather than the all-guns-blazing campaign we might have expected from the newly fused vendor in the run up to IBC, the launch embodies a more subtle approach to mobile app protection which we are told has taken years of blood, sweat and tears.

Called ProtectMyApp, the service arms developers directly with mobile application security – protecting against rampant reverse engineering and tampering activities which Verimatrix warns can lead to hefty financial losses and data theft. We were inclined to write off the launch as a distinctly mobile banking-focused product and therefore a fading star from the media skyline, until we learned of HBO’s approval.

In what Verimatrix claims is a first-of-its-kind cloud service, all it takes is a simple upload of compiled applications to the ProtectMyApp website and within just minutes a protected application is returned. It encompasses a number of security techniques, automatically setting protection points and using intelligent optimization to harmonize the field between security and performance, keeping self-protection of the device system security level.

It’s an incredibly simple concept with an even simpler announcement which has avoided outlining the specific security techniques applied during the protection and detection processes. Faultline Online Reporter therefore spoke with Verimatrix CSO Asaf Ashkenazi, from the legacy Inside Secure side, who first of all confirmed our suspicions that ProtectMyApp is a pure Inside Secure product with Verimatrix branding.

“Quite often the simplest things are the hardest to develop. If a company claims to have launched something like this in 6 months, I guarantee it has flaws. ProtectMyApp draws from the Inside Secure code base so the foundations were in development long before the acquisition of Verimatrix,” said Ashkenazi.

He did, however, lend credit to the extensive customer base inherited through Verimatrix and there was agreement that the launch highlights Inside Secure’s client technologies marrying well with the server technologies of Verimatrix, although admittedly the merger is still in the teething process.

With Inside Secure’s experience in the IoT ecosystem, the service protects a roster of applications whether designed to be an interface, such as an airline or vehicle app, or an application serving as the actual business interface, such as banking, gaming or medical services.

As well as spanning markets regardless of market vertical, ProtectMyApp has been talked up as a service underscoring where application security is shifting to – changing the game by bringing security expertise to developers of all sizes without breaking the bank.

Ultimately, ProtectMyApp detects potential vulnerabilities through a mix of client security and cloud-based analytics to deliver alerts, allowing developers to terminate application execution when an imminent threat is detected. It says developers can deny access to service for applications running on emulators or debuggers and block cloned or repackaged applications from accessing the service.

“Obfuscation is the first stage of protection which protects against reverse engineering. This makes it difficult for hackers to find the code and even if they do eventually find it, then it is very difficult to understand. Most hackers are lazy and even if you are unlucky enough to get a determined hacker, we can still protect it,” added Ashkenazi.

Ashkenazi was understandably defensive about the years of grueling development which has gone into ProtectMyApp, batting away assertions that Irdeto or Nagra could easily come out with a competing service.

“This is worlds away from CAS and DRM security. It’s hard to believe these competitors could launch something similar,” said Ashkenazi, noting that it builds on Inside Secure’s acquisition of software obfuscation specialist Metaforic back in 2014. Although he confessed that Irdeto has similar capabilities through its acquisition of Cloakware even earlier back in 2007.

The launch of ProtectMyApp comes only a week after Inside Secure completed its transformation into Verimatrix, reflecting the latter’s stronger branding particularly in the US. Certainly the company will have a notable presence at IBC (keep an eye out for the new Morse code inspired logo which we accidentally breezed past at NAB), although our conversation with the company in Vegas steered towards automotive where Inside Secure has earned a decent reputation.

We were also told at the time that going forward there would be a high emphasis on mobile banking apps, which is definitely reflected in this week’s launch. The ProtectMyApp website lists Visa, Amex and Mastercard among the first companies to lend credibility to the ProtectMyApp service, along with Cisco and most interestingly HBO. Verimatrix insisted these aren’t fully fledged clients yet, although the company confirmed to us that HBO uses Verimatrix’s Code Protection tools for its streaming apps.

As for pricing, after getting 14 days free protection for up to 2 apps, ProtectMyApp offers 3 tiers, costing $499 a month for unlimited protection of 2 apps, $999 a month for up to 6 apps, and $1,499 a month for up to 10 apps. All tiers cover commercially deployed apps and includes access to the community forum.

While we will continue to closely follow the new-look Verimatrix as it peruses up and coming market opportunities, with a little scrutiny for good measure, we feel that veering towards the Inside Secure IoT direction is an inevitability and marks the gray area which has formed in the connected device ecosystem.