Mobile Security, Powered by
Whole Population Analytics

The Lookout Security Platform stops mobile threats that evade legacy signature and behavioral security. Lookout's Whole Population Security Analytics architecture draws on machine intelligence and continuous security telemetry from over 50 million devices worldwide to identify both evolving and unknown threats.
Explore the interactive architecture below to see how Lookout’s technology works.

Acquisition

Lookout’s Mobile Sentry Network, a worldwide population of millions of mobile devices, maintains global awareness of threats while preserving user privacy.

The Mobile Sentry Network, 50 million strong

With over 50 million devices worldwide, Lookout’s Mobile Sentry Network detects threats that never appear in app stores as well as targeted attacks that affect only a single device. The scale of the network makes the Lookout Security Platform aware of every single piece of code running on the mobile devices it protects, so this code can be analyzed and threat indicators identified in the the context of the entire population. Legacy signature and behavioral approaches only sample the population and do not have the full awareness needed to execute Whole Population Security Analytics.

Protection and privacy

Lookout protects each sentry in the network from attack and simultaneously protects individual privacy by limiting analysis to application binaries and device characteristics, excluding all personal data. Data from the Mobile Sentry Network, combined with data acquired from the Platform API and crawlers, form Lookout’s Mobile Intelligence Graph.

Enrichment

Each app undergoes a unique enrichment process that characterizes how it works and accurately relates it the world of known apps.

Adding context to every app

The Lookout Security Platform enriches each app it acquires by attaching metadata (such as app store descriptions) and reputational data (such as popularity trends) and then passes it through a series of app profiling technologies. These technologies run the app in a simulated environment to probe the capabilities of what it does and analyze its reachable code to determine what it can do. Lastly, these technologies analyze the app’s code genome and build a graph of all other apps in the world that share similar code.

Analysis

To identify zero-day threats and uncover the evolution of known threats, the platform uses Predictive Threat Identification technology to analyze enriched applications against millions of potential threat indicators.

Analyzing each app in the context of the Mobile Intelligence Graph

Using Predictive Threat Identification technology Lookout analyzes the individual attributes of each enriched application against millions of potential threat indicators in the Mobile Intelligence Graph. The platform analyzes multiple dimensions of correlation to determine if an app relates to any known attackers. Multidimensional threat correlation makes the platform substantially harder to evade than signature-based technology because it requires attackers to re-implement their entire malware platform and command and control infrastructure, instead of simply changing the few components that match a signature. The platform also uses machine intelligence to examine the range of information know about each application and all of its relatives to predict and identify zero-day threats.

Protection

The Lookout Security Platform automatically protects cloud-connected devices.

Automatic protection from the cloud

Lookout’s Predictive Threat Identification technology returns dynamic security decisions that identify evolving known threats as well as unique, unknown attacks. The platform automatically issues protection when it detects evolving known threats. When it discovers zero-day threats, it alerts Lookout’s research and response team to further investigate and confirm that protection should be issued, while ensuring that partners and customers understand the threat and any actions they may need to take.

Acquisition

Lookout’s Mobile Sentry Network, a worldwide population of millions of mobile devices, maintains global awareness of threats while preserving user privacy.

Learn More +

Enrichment

Each app undergoes a unique enrichment process that characterizes how it works and accurately relates it the world of known apps.

Learn More +

Analysis

To identify zero-day threats and uncover the evolution of known threats, the platform uses Predictive Threat Identification technology to analyze enriched applications against millions of potential threat indicators.

Learn More +

Protection

The Lookout Security Platform automatically protects cloud-connected devices.

Learn More +

The Mobile Sentry Network, 50 million strong

With over 50 million devices worldwide, Lookout’s Mobile Sentry Network detects threats that never appear in app stores as well as targeted attacks that affect only a single device. The scale of the network makes the Lookout Security Platform aware of every single piece of code running on the mobile devices it protects, so this code can be analyzed and threat indicators identified in the the context of the entire population. Legacy signature and behavioral approaches only sample the population and do not have the full awareness needed to execute Whole Population Security Analytics.

Protection and privacy

Lookout protects each sentry in the network from attack and simultaneously protects individual privacy by limiting analysis to application binaries and device characteristics, excluding all personal data. Data from the Mobile Sentry Network, combined with data acquired from the Platform API and crawlers, form Lookout’s Mobile Intelligence Graph.

Adding context to every app

The Lookout Security Platform enriches each app it acquires by attaching metadata (such as app store descriptions) and reputational data (such as popularity trends) and then passes it through a series of app profiling technologies. These technologies run the app in a simulated environment to probe the capabilities of what it does and analyze its reachable code to determine what it can do. Lastly, these technologies analyze the app’s code genome and build a graph of all other apps in the world that share similar code.

Analyzing each app in the context of the Mobile Intelligence Graph

Using Predictive Threat Identification technology Lookout analyzes the individual attributes of each enriched application against millions of potential threat indicators in the Mobile Intelligence Graph. The platform analyzes multiple dimensions of correlation to determine if an app relates to any known attackers. Multidimensional threat correlation makes the platform substantially harder to evade than signature-based technology because it requires attackers to re-implement their entire malware platform and command and control infrastructure, instead of simply changing the few components that match a signature. The platform also uses machine intelligence to examine the range of information know about each application and all of its relatives to predict and identify zero-day threats.

Automatic protection from the cloud

Lookout’s Predictive Threat Identification technology returns dynamic security decisions that identify evolving known threats as well as unique, unknown attacks. The platform automatically issues protection when it detects evolving known threats. When it discovers zero-day threats, it alerts Lookout’s research and response team to further investigate and confirm that protection should be issued, while ensuring that partners and customers understand the threat and any actions they may need to take.