What Is Mobile Threat Defense?Gartner defines mobile threat defense (MTD) as:Threat defense tools [that] use a mix of vulnerability management, anomaly detection, behavioral profiling, code emulation, intrusion prevention, host firewalling and transport security technologies to defend mobile devices and applications from advanced threats.In this definition, “advanced threats” refers to threats that require mobile security solutions beyond traditional EMM (enterprise mobility management) and MDM (mobile device management) solutions. MTD extends EMM/MDM with additional security capabilities as it travels with devices and proactively protects them against a plethora of mobile cyber attacks:
- Device/Physical Threats: MDM and EMM solutions are a great way to manage devices, enforce passcodes, remotely wipe them in case of a compromise and enforce a rich set of BYOD, security and compliance policies. MTD helps EMM/MDM solutions by adding active threat detection and risk-based mobile management for a more educated policy enforcement.
- Network Threats: Mobile devices connect to 10 to 100-fold more networks than traditional PCs. Attacks such as traffic MiTM (Man-in-the-Middle) leading to re-direction/decryption and can steal sensitive information by exploiting vulnerabilities in WiFi networks. Device owners may not realize that even if their WiFi is turned off, their devices may still join a malicious network (for example, fake cell towers) and leak sensitive corporate information.
- Malware: Traditional EMM/MDM does not monitor apps and protect devices from malicious downloads, especially, in regards to apps downloaded from third-party app stores outside of iTunes or Google Play. It is difficult, if not impossible, to enforce mobile security policies regarding downloading apps on employees’ BYO devices. Even company-owned devices are subject to “shadow IT”.
- Unknown Threats: While traditional EMM/MDM security tools may be able to access signature databases that can flag certain telltale signs of known attacks, high-value data is prone to zero-day attacks unlisted in any database.
- Vulnerabilities: Given the pace of mobile innovation and low barrier to entry for creating a mobile app, both apps and operating systems are full of vulnerabilities. In the recent past, Skycure researchers have discovered and disclosed a multitude of these vulnerabilities such as “No iOS Zone”, Malicious Profiles, Invisible Malicious Profiles, HTTP Request Hijacking and LinkedOut. Devices without the most up-to-date versions of OS and apps are naked to attackers, who can search out such devices. Containerization is also prone to hacking, exposing vulnerabilities in EMM security tools themselves.
For more information on the latest mobile attacks, view the on-demand webinar on “Four Horsemen of Mobile Security”.What Are the Benefits of Mobile Threat Defense?Traditional EMM/MDM is no match for the range of mobile vulnerabilities, threats and attacks described above. But that doesn’t mean that IT and security departments need to reinvent the wheel: mobile threat defense can and should be paired with EMM/MDM to efficaciously evolve an organization’s traditional EMM into next-generation EMM that can stay ahead of attackers and stop threats anywhere in the world.Instead of reacting to attacks after the fact, MTD enables organizations to proactively protect devices and automate remediation. Here are some of the benefits that MTD brings to the table:
- Predictive Intelligence: As an always-on app running on devices, MTD turns devices into sensors that feed data to powerful analytics tools that can extract insights for predictive security that can greatly reduce risk and remediation times—resulting in much higher corporate resilience.
- Visibility: Strong corporate security posture requires reporting, data visualization and easy-to-use dashboards for security snapshots on both PCs and mobile devices. Most SIEM and other event monitoring tools lack visibility on the mobile front. Only MTD can travel with devices and deliver the needed visibility to organizations. Without visibility into all devices, traditional EMM can leave IT and security/risk professionals in the dark about impending calamities and the presence of mobile threats. Visibility also provides organizations with the ability to enforce security policies across all (even BYO) devices.
- Proactive Remediation: Mobile malware solutions do too little, too late. MTD should work above and beyond the application layer to prevent attacks before they make it into the enterprise/device. This requires detection and protection at the network layer which allows enterprises to stop attacks before it is too late.
If EMM security tools are the body of an organization’s mobile security, mobile threat defense adds a head to the body—or more like many heads, each traveling with any and every device that somehow engages an organization’s sensitive data.