CISOs and IT security admins are recognizing that the systems they currently have in place do not address the very real cyber threats against their mobile infrastructure – specifically the company-owned and BYO smartphones and tablets that have become a mainstay of today’s business. Mobile Threat Defense is the solution category that has evolved over the last couple of years to fill this gap, but how does one go about evaluating these solutions? Here are some questions to guide this process, and perhaps provide some education along the way.
1. Why are you investing in a MTD solution?
There are a plethora of reasons why you might be considering an investment in a Mobile Threat Defense (MTD) solution, but among those that we hear most from our customers are:
- You want better visibility into mobile exposure to mobile threats.
- Traditional or existing security solutions aren’t cutting it in terms of protecting mobile devices from today’s comprehensive threat landscape.
- Do everything possible to make sure company (and user) data are protected from mobile attacks or breaches.
- Deliver a more comprehensive, more automated mitigation approach to mobile security events.
- Maintain compliance with ever-evolving regulations across the globe for data privacy on mobile devices.
2. Can you trust the vendor? Are they reputable, referenceable, and effective?
When considering MTD solutions, there are a number of ways to validate that a vendor is going to primarily look out for you and the security of your mobile devices:
- Find 3rd party references that detail this vendor’s success record. References might include analyst firms (Gartner, Forrester, Frost & Sullivan) or their existing customers.
- Does the vendor focus on thwarting attacks immediately, or do they hand off incident response for attacks in progress to another entity?
- Is there a dedicated research team within the company whose focus is uncovering serious mobile threats and working with manufacturers to solve them?
3. What are the infrastructure requirements for the solution?
Before a MTD solution can succeed it must be deployed, and it’s important to understand what those requirements (and costs) will be:
- Is there on-premises hardware (servers, storage, networking) that is required, or is it entirely cloud-based?
- How are the mobile device clients rolled out? Must they be deployed, or can they be downloaded from Apple and Google public app stores?
- Is an EMM/MDM solution required in order to remediate threats, or does the MTD solution protect devices independently?
4. Does the solution integrate with other security and enterprise tools?
In most cases, enterprises have already made investments in security infrastructure (e.g. SIEM), and many also have existing infrastructure tools to support management and deployment of mobile devices and mobile apps (e.g. EMM/MDM). A MTD solution should integrate seamlessly with these. For example, IT should be able to continue leveraging MDM and EMM for policy-based management, and the MTD solution should seamlessly share actionable information with them, such as installation health of the MTD or compliance status.
5. What is the impact to user’s mobile devices?
One of the biggest reasons MTD solutions fail is because of the impact that the mobile app has on the user’s productivity and privacy on the device. When mobile productivity is hampered or privacy is compromised, end users will simply delete (or circumvent) the MTD app. That’s why it is crucial to find a MTD solution whose app:
- Does not have a negative impact on battery life.
- Does not slow down the overall operation or performance of the device.
- Runs quietly and seamlessly in the background, only interacting with end users when action is required.
- Can be installed easily from public app stores and only uses public APIs, assuring privacy.
- BONUS – Also provides protection for the user’s personal data and activities on the device.
6. What level of expertise is needed to use the solution?
Ideally, a MTD solution should be able to run unattended once configured and integrated into other enterprise systems, yet have an easy-to-navigate console that makes it easy to investigate incidents, check on deployment and installation health, and produce reports on organizational risks and trends that will be valuable for the IT organization and/or for reporting to C-levels and the board of directors. Sample activities would include:
- Finding devices that are not properly configured for individual follow-up.
- Finding devices that are currently out of compliance and push remediation, if an automated response has not already taken place.
- Run detailed, customizable reports on device activity and attacks.
- Get prioritized recommendations of actions that would reduce overall organizational risk.
7. What types of mobile threats will the solution thwart?
There are four main mobile threat vectors which any MTD solution should protect against:
- Malware, which are apps that intentionally or unintentionally steal data or cause harm in any way.
- Malicious networks, which are designed to steal data, eavesdrop on those who connect, or deliver malicious exploits to the device.
- OS and app vulnerabilities, especially those found in out-of-date operating systems or resulting from incorrect configurations.
- Physical attacks, such that lost or stolen mobile devices can be remote wiped and their sensitive data kept private and protected.
8. How does the solution detect threats to your organization?
Mobile threats are complex and always evolving, which requires a MTD solution that provides comprehensive protection across multiple layers. It has been proven that solutions that focus on device-only methods, or similarly limited approaches are not as effective at protecting from zero day exploits and other advanced attacks, so the following three elements should be considered mandatory for any MTD solution.
- Device-level, for things like current OS version, configuration or profile vulnerabilities, malware installations, and protecting from connection to risky networks.
- Crowd-sourced, so that new threats can be detected worldwide in real-time, and then apply protection against those threats to all other devices. This can be especially crucial for zero-day exploits.
- Cloud-level, for additional threat analysis (so as to not burden the device itself), detailed risk analysis for each device, and aggregation of data for review and reporting.
9. Does the solution prevent threats from executing?
It’s crucial in today’s IT landscape that a MTD solution be able to do more than just detect threats – it must be able to take mitigating action as required to prevent infiltration or loss of data whenever possible. With the proliferation of mobile devices, there are simply too many for any given IT team to monitor and protect device-by-device. A comprehensive MTD solution will rely on machine learning, deep analysis, and crowd-sourced intelligence to automate threat detection, prevention, and mitigation.
10. What response capabilities does the solution offer?
There are a plethora of response capabilities that make a comprehensive MTD solution. Among those we hear are most important from our customers are:
- Automatically stop/prevent malware from being installed or executed.
- Instantly determine if a network is trustworthy, risky or malicious and apply protections.
- When an attack is detected, automatically stop access to sensitive corporate materials and connect to a secure VPN so that all further communications are guaranteed to be encrypted.
- Immediately alert end users when new operating system updates are available (often significantly before the manufacturer would have alerted the users).
- Flexible configuration of end-user and IT admin notifications for education and remediation, as necessary.
11. Does the solution provide CISOs and security teams with essential data and reporting?
It’s important to know what’s going on within your mobile device landscape, so it is important that your MTD solution be able to:
- Perform organized, detailed, customizable reporting.
- Integrate data between MDM/EMM solutions.
- Deliver prioritized alerts for issues that require attention from IT (without alert paralysis).
- Give IT ways to take proactive action when needed directly from the management console.
Mobile security is a crucial component of keeping sensitive company and user information protected, and as you can see there is a lot to be investigated before making a Mobile Threat Defense decision. At Skycure, we’d be happy to answer all of these questions (and more) to make sure an enterprise is confident they’re buying the right MTD solution. If you’d like to learn more about Skycure, be sure to check out our Why Skycure page, or feel free to drop us a line anytime.