The missing link in mobile threat intelligence (MTI) or extended threat detection (XTD) is this – there’s no context.
Consider the works of behavioral economists like Dan Ariely. In his book Predictably Irrational, The Hidden Forces that Shape Our Decisions, Dan illustrates how better decision-making depends on context. Humans, he says, need reference points to evaluate choices and make decisions. Left without context, humans don’t make decisions in a vacuum. Instead, we manufacture context and bias our decision-making in predictable ways, using personal experience, emotion, instinct, and beliefs.
In cybersecurity, personal experience, emotion, instinct, and belief are insufficient to make good decisions. Today, for nearly every class of cybersecurity risk, the level of attack sophistication is rising, the stakes of a successful exploit are higher, and the threat landscape is evolving faster. We face the new every day, and all the worst outcomes of the new I might add. From traditional threats like malware and bots to advanced threats like deep fake videos, deep fake apps, memory dumps, and banking Trojan families/RATs, the variety and sophistication of attacks are unprecedented. We need a data-driven, objective, and continuous context for risk decisioning, threat management, and incident response. Otherwise, even with all the data we get from threat intelligence solutions, we risk underestimating the real threats or, worse, overreacting to the wrong threats constantly.
The Mathematics of Delivering Context in Threat Intelligence
Context, as they say, is everything. But, to provide real-time context in threat intelligence isn’t easy. It requires lots of real-time threat data and computing power. Here’s why:
Imagine a system powered by AI deep learning that processes a fast-growing data stream of billions of threat events per month to calculate the likelihood of attack across 400 unique attack vectors in the mobile ecosystem. As this stream floods in, this system leverages technical markers to classify tens of thousands of unique threats, analyzing the probabilities of successful attack across dimensions such as mobile device manufacturer, type, model, OS version, application characteristics, device permissions, user behavior, geolocation, and threat coexistence. Using neural networks trained on historical attack patterns and real-time threat intelligence, it evaluates the interplay of these factors to predict the risk within any mobile application or ecosystem.
Calculating risk is only one element. To ensure relevance, the same system has to dynamically incorporate the virality of each threat, using factors like the frequency of occurrence of threats, infection rates (how widely threats impact devices and applications), and velocity (how quickly threats spread or escalate over time). To ensure objectivity, it also must use a dynamic, AI-generated severity rank based on the degree of access and control a threat provides to attackers across the total mobile attack surface, including devices, operating systems, networks, data, mobile services, and user activity. The system also has to learn. By parsing the data, the system must be allowed to evolve and rebalance risk as threats evolve and emerge. This enables the system to adapt and consider new factors to enhance its accuracy and predictive capabilities.
And finally, the system has to present this threat context in a human-readable format such as a dynamic risk index, normalized to a scale of 1 to 100, where 1 indicates the lowest risk and 100 the highest. This continuously updating index can then be applied at a business, application, transaction, or event level to empower brands and businesses with continuous, objective context, enabling them to address the most critical and rapidly escalating threats in real-time while maintaining the flexibility to adapt to the ever-changing threat landscape.
Introducing Appdome’s Mobile Risk Index™, Real-Time Benchmarking for Mobile Businesses
We took the first step to provide the needed context in Threat Intelligence by releasing the industry’s first Mobile Risk Index™—a revolutionary benchmark that measures the defense posture of a mobile business or application against a huge data stream of real-time, in-production industry data. For businesses—especially those navigating cybersecurity, fraud, scam, or bot challenges—the ability to benchmark your defense posture in real-time against broad industry or geographic data is transformative.
The Mobile Risk Index allows businesses to see where they sit “on the curve,” mathematically speaking, and measure their position relative to the mean, median, or percentile rank of others in their industry. For example, businesses can integrate the Mobile Risk Index into their websites, Google Play, or App Store presence to communicate their commitment to security and build user trust. This perspective eliminates the need for manual, biased, or abstract risk evaluations and replaces them with automated, data-driven benchmarks that can be used as a firm basis for decision-making. For instance, a company in the 90th percentile can rest assured knowing it is meeting its brand promise to its users. At the same time, it can see which of its applications or geographies is dragging its relative defense posture down and/or test which defenses are likely to improve its position and resilience against emerging threats. Conversely, a company in the 30th percentile knows it’s falling behind and can prioritize security, anti-fraud, and other defense upgrades to match or exceed its industry norms.
The Mobile Risk Index™ isn’t about code-level vulnerabilities; it’s about actively managing business risk. Mobile Risk Index is generated from continuously evaluating detailed threat data from a huge and growing installed base and broad array of mobile industries. Using it, mobile brands and businesses can see which attacks are likely to proliferate fastest and gauge which responses are likely to (re)position them best on the defense curve for their industry or market. In this regard, context or where a business stands on the curve isn’t just about awareness; it’s about prioritization. Companies face tight budgets, limited resources, and short decision timeframes. Armed with context and real-time benchmarking, organizations can make the defense choices that will have the greatest impact every time.
Context is the Future of Decision-Making in Cybersecurity
Honestly, I don’t know how we – in the cyber security industry – ever lived without benchmarks. To think that all this time, we made decisions looking at only “our slice” of the threat data is scary. I believe this step forward to provide the mobile economy with its first live, dynamic, AI-Generated, Mobile Risk Index™ is a game-changer. Not only does it allow businesses to move beyond abstract evaluations of risk and embrace a data-driven approach, but—by knowing where they stand against the real-time threat dynamics of their industry—companies can make informed, strategic decisions to protect their users and their brands effectively.
It’s not just about knowing the rules of the game; it’s about knowing where you stand on the field. And in cybersecurity, that knowledge makes all the difference.
Click the button below to get a live demo of Appdome’s AI-native mobile app defense platform.
Request a Demo