Busy Winter Times in Malwarelytics: Azure Cloud, RASP banner and APIs
There was no rush and no rest at the same time during winter times in the Malwarelytics product. We have changed our cloud service provider, added more data and features to the console and introduced new API endpoint. We have just delivered what we planned to deliver.
From Heroku to Azure
It was like yesterday when we started with the Malwarelytics product. We have used cloud computing services from the first moment and our initial choice was the Heroku platform. We have enjoyed almost three years of running and providing our services there.
It is now almost a year ago when we started to look for a more adult and more capable cloud computing service. The main reasons behind were:
- to be ready for an exponential growth, our end-user base is few millions already
- the ability to base our service in almost any part of the world easily
- automate, monitor and tune up our resources and services
The final choice hit on the Microsoft Azure platform which matched all our needs, passed the initial tests and performed very well on our simulated production load. We are happy to be there and we are looking forward to provide our service to the world in an unlimited manner.
RASP Banner on Device Card
We have refactored and polished the device card to bring more important values there. The most remarkable change is two visible banners. The first ne indicates the level of threat caused by an installed application (Android only). The second one shows the highest device security weakness.
The threat banner on a device can work in several modes from now on. Those modes combine or prefer following threats:
- Threat Flag - Highest flag among all RASP detections
- Threat Level - Highest threat among all installed APKs
There is always a default mode for a view, but a user can change it to a preferred mode.
Malwarelytics API
We have moved all the APIs to our new dedicated endpoint Malwarelytics API. The documentation of the published APIs can be found in the developer portal. Besides that there is also a swagger documentation available. It can be accessed with an integration role user or any of the Malwarelytics console users.
Security Changes as Events
Collecting security events from devices or the secured banking application is one of the data feeders to provide a successful protection. We have extended our events with gathering important milestones of an end-user device and the secured banking application:
- OS version changed
- Malwarelytics SDK version changed
- Client user identification changed
Level Up on Statistics
The old good statistics are gone. Instead of providing global stats over all devices and mixed platform data, which was not bringing enough value, we redid the section to be per-customer and thus filtered by the selected origin applications.
It now shows platform distribution share and separate sections for each of the supported platforms.
Android
- operating system versions share and trend
- top device vendors and models
Apple
- operating system versions share and trend
- top device models
Special Flags on Console Users
There were added two special flags to the console users list:
- 2FA enabled/disabled
- Password reset pending (displayed when a user has not activated the account or not changed the account password yet)
Next to this a warning bar can be enabled on an organisation to push all users without enabled 2FA to activate it.
