alphaspirit - Fotolia
Many IT admins use enterprise mobility management platforms for security, but they should also use mobile threat defense to properly address growing mobile device security risks.
Mobile devices are susceptible to attacks from websites, text messages, email messages, app stores and rogue networks. Plus, devices might not be properly patched or could be lost or stolen. In some cases, an organization might not even recognize a compromised device until it's too late.
Some of the common mobile device security risks include malware, phishing, public networks and malicious apps and services.
Malware: Mobile malware is at historic levels, and it is likely to get worse. Malware can include everything from non-threatening spam to serious threats, such as ransomware, spyware, Trojans and zero-day attacks. As the number of mobile devices has proliferated, so have the efforts to compromise those devices, along with the sophistication of attacks.
Phishing: Like malware, phishing attempts against mobile devices are on the rise. Cybercriminals attempt to trick users into revealing personal and corporate information using text messages, email, social media or any available attack vector.
Public networks: A mobile device's very nature makes it likely that users frequently connect to public networks to carry out business and exchange confidential data. Many of these networks are unsecured, leaving users susceptible to threats such as man-in-the-middle attacks or hackers trying to access corporate resources.
Malicious apps and services: App stores can prevent malicious apps from making it onto user devices, but they're not infallible, nor can they prevent users from visiting risky websites or sideloading apps. Careless user behavior often represents the biggest threat to security.
Why EMM isn't enough
Enterprise mobility management can do little to protect against these mobile device security risks, especially when the devices operate outside the corporate network. More than ever, mobile devices require a mobile threat defense tool to help ensure that the majority of threats are addressed.
Mobile threat defense continuously monitors and inspects devices and provides ongoing analytics that can help assess and mitigate risks. For example, if the platform detects that Secure Sockets Layer stripping might be occurring, it can automatically enable a VPN session to prevent data from being compromised. Or if a user connects to an open network, the tool might start encrypting the network traffic.
By tracking and analyzing data at the device, app and network levels, mobile threat defense can precisely identify mobile device security risks and carry out the necessary remediation, providing real-time protections against known and unknown threats.
Part one of this two-part series discussed the types of mobile threat defense tools and how to integrate them into an enterprise mobility strategy.