Arxan – or one of the many service partners that we partner with across the globe – can support service needs in all markets. Arxan’s Professional Services Team provides end-to-end services in support of their implementation of Arxan’s products. We offer turn-key packages that provide specialized training to your infosec and development team, assess your mobile and IoT infrastructure so you can plan out your security roll-out, and help you stay on top of your ongoing code changes with dedicated resources to help you configure your self-protection rules.
Our Professional Services Team is comprised of experienced protection engineers, security experts, software analysts and computer scientists who have extensive experience in:
- building software protection
- discovering system, software and/or application vulnerabilities
- reverse engineering
- network security
- verification tools and techniques
- secure protocols.
Our Team is equipped to deliver a full range of services to provide customers with end-to-end application integrity protection support during initial implementation, release updates or other customized requirements.
Arxan’s customers can select one of the models below, depending on their professional service requirements.
Model A: Arxan Turn-key Protection
Step 1. Risk Assessment
Arxan will identify the likely and high risk points of attack on your target system. The Risk Assessment provides a basis for the Protection Design to address all of the identified risks.
Step 2. Protection Design
Using the data from the Risk Assessment, The Protection Design ensures that your security requirements are aligned with the project’s success criteria. Our best practices lead us to:
- Determine security mitigations for each attack vector
- Combine and layer defenses to create a network of interconnected security controls (Guards)
Step 3. Deliverables
- Architectural design recommendations
- Proper key management practices
- Guard network diagrams
- All applicable design information that would enable a complete protection implementation by the customer
Step 4. Protection Implementation
Then we’ll implement an app protection solution that meets the identified security requirements. This includes:
- Security Consulting
- Verification and Validity Tests
- Confirmation that the test framework successfully passes any integrity/performance tests
- Protected executable with a customized, layered approach that may include both software and hardware components
- Complete documentation for the unique protection scheme
- Advice on advanced protection-integration tools and technologies
Model B: Customer Implemented Protection
Customers choosing Model B will first be given a complimentary web-based training on the use of Arxan Products. This training, and the associated product documentation, includes a detailed introduction of the process of creating a customized protection. The customer will then complete the steps described in the table above to produce a Protection Plan.
After completion, the protected binary will be submitted to Arxan for a final Protection Review by our security experts before deployment to ensure Application Protection Best Practices were used to develop a strong and robust protection.
Training and Education
Our security experts provide Informational Overviews, Product Training sessions on all platforms and live Product Demos to help understand security threats and solutions. We offer both onsite or off-site services.
- Application Protection Overview
- “How to Hack” – A basic introduction to hacking and threat modeling
- Application Protection Best Practices
- Product Training
- Product Demos
For customers requiring additional in-depth assistance, Arxan Services Engineers are available for onsite or offsite work for a variety of specialized needs, like:
- Priority onsite assistance
- Creation of custom Guards
- Advanced build integration assistance
- Cryptographic architecture review
- Penetration Test for Binary Risks
A strong protection needs to be maintained with regular updates to the customized protection. The update process should be incorporated into the standard software development lifecycle (SDLC) to keep the software robust even as it evolves with new release versions. Arxan’s Services Engineers are well-versed in updating and strengthening existing protections, as well as incorporating newer versions of Arxan’s Application Protection Products.Arxan Services Engineers can assist onsite to rapidly update an old GuardSpec® in terms of both Guard network strength and product feature usage. Deliverables:
Binary Mobile App Assessment
- Updated GuardSpec security
- Updated Arxan product installations
Arxan Service Engineers provide risk assessment of how vulnerable the mobile applications are. Assessment of mobile applications includes the following:
- Source Code Exposure
- Function Name Exposure
- Static Data Exposure
- Symbol Exposure
- Jailbreak Detection Exposure
- Authentication Exposure
- Cryptography Exposure
- Licensing Exposure
- Payment Exposure