Professional Services


Arxan – or one of the many service partners that we partner with across the globe  – can support service needs in all markets. Arxan’s Professional Services Team provides end-to-end services in support of their implementation of Arxan’s products.

Our Professional Services Team is comprised of experienced protection engineers, security experts, software analysts and computer scientists who have extensive experience in:

  • building software protection
  • discovering system, software and/or application vulnerabilities
  • reverse engineering
  • network security
  • cryptography
  • verification tools and techniques
  • secure protocols. 

Our Team is equipped to deliver a full range of services to provide customers with end-to-end application integrity protection support during initial implementation, release updates or other customized requirements.


Arxan’s customers can select one of the models below, depending on their professional service requirements.

app_integrity_protection_services


Model A: Arxan Turn-key Protection

STEPS DELIVERABLES

Step 1. Risk Assessment
Where is the risk? Arxan will identify the likely points of attack on your target system. The scope of the Risk Assessment will vary per system. The Risk Assessment will provide a basis for the Protection Design to comprehensively address all of the identified risks.

  • Risk assessment report that outlines all identified risks
  • Review of the high-risk areas within the target system

Step 2. Protection Design
The Protection Design is derived from the data gathered during the Risk Assessment, such as compiled assets, critical program information, sensitive intellectual property, threat vectors, etc. The Protection Design will ensure that the customer’s security requirements are aligned with the project’s success criteria. This is achieved through Arxan’s Best Practices methodology.

Best-Practices Methodology for Mitigations

  • Determine security mitigations for each attack vector
  • Combine and layer defenses to create a network of interconnected security controls (Guards)
  • Complete documentation of the Protection Design. This will include:
  • Architectural design recommendations
  • Proper key management practices
  • Guard network diagrams
  • All applicable design information that would enable a complete protection implementation by the customer

Step 3. Protection Implementation

An app protection solution is implemented that meets the identified security requirements of the application. 

Key activities include:

  • Security Consulting
    • Assist with any required updates to infrastructure or application architecture
    • Provide an intuitive, interactive interface to install Guards into the application
    • Implement customized Guard networks
  • Verification and Validity Tests
    • Ensure that the test framework successfully passes any integrity/performance tests
  • Protected executable with a customized, layered approach that may include both software and hardware components
  • Complete documentation for the unique protection scheme
  • Advice on advanced protection-integration tools and technologies

 


Model B: Customer Implemented Protection

Arxan_Protection_Review
Customers choosing Model B, will first be given a complimentary web-based training on the use of Arxan Products. This training, and the associated product documentation, include a detailed introduction of the process of creating a customized protection. The customer will then complete the steps described in the table above to produce a Protection Plan.

After completion, the protected binary will be submitted to Arxan for a final Protection Review by our security experts before deployment to ensure Application Protection Best Practices were used to develop a strong and robust protection.

Additional details of the Protection Review are provided in the graphic to the right.

 
 

Additional Services:

SERVICE DESCRIPTION

 

 

Training and Education

Our security experts provide Informational Overviews, Product Training sessions on all platforms and live Product Demos to help understand security threats and solutions. Onsite or off-site availability.

Informational Overviews:

  • Application Protection Overview
  • “How to Hack” – A basic introduction to hacking and threat modeling
  • Application Protection Best Practices
  • Product Training
  • Product Demos

 

 

Consulting Services

For customers requiring additional in-depth assistance, Arxan Services Engineers are available for onsite or offsite work for a variety of specialized needs. For example:

 

 

 

Protection Update

Best practices dictate that a strong protection needs to be maintained with regular updates to the customized protection. The update process should be incorporated into the standard software development lifecycle (SDLC) to keep the software robust even as it evolves with new release versions. Arxan’s Services Engineers are well-versed in updating and strengthening existing protections, as well as incorporating newer versions of Arxan’s Application Protection Products.

Arxan Services Engineers can assist onsite to rapidly update an old GuardSpec® in terms of both Guard network strength and product feature usage.
Deliverables:

  • Updated GuardSpec security
  • Updated Arxan product installations
Binary Mobile App Assessment

Arxan Service Engineers provide risk assessment of how vulnerable the mobile applications are. Assessment of mobile applications includes the following:

  • Source Code Exposure
  • Function Name Exposure
  • Static Data Exposure
  • Symbol Exposure
  • Jailbreak Detection Exposure
  • Authentication Exposure
  • Cryptography Exposure
  • Licensing Exposure
  • Payment Exposure

Learn_More


 

 

Terms of Use|Site Map

© 2014 Arxan Technologies, Inc. All Rights Reserved.