Mobile Threat Defense (MTD)
What is Mobile Threat Defense (MTD)?
Mobile Threat Defense (MTD) software is meant to protect organizations and individual users from security threats on mobile platforms.
MTD protects against attacks made specifically for mobile devices and operating systems such as Apple iOS and Google Android. Hackers may also use malware, phishing or network attacks to compromise a user's device, which could then be used to steal data or to purposely cause a negative business impact. MTD's goal is to protect users from such occasions.
MTD software should be able to continually protect mobile devices, both online and offline. MTD can also block threats, alert users, quarantine devices, and detect and remediate issues such as zero-day vulnerabilities.
Why is mobile threat defense important?
The popularity of mobile devices has made them a favorite target of cybercriminals. While many organizations use mobile device management (MDM), mobile application management (MAM) and unified endpoint management to secure mobile devices, such tools are somewhat limited in their security capabilities.
Mobile device management, for example, may be able to apply various security policies to mobile devices and to apply mobile operating system patches as they become available, but it generally lacks attack detection capabilities or the ability to respond to cyber attacks. In contrast, MTD software can give an organization greater visibility into the cyber threats being directed at their mobile fleet of devices. MTD software is an important tool in mitigating mobile security risks while also adhering to an organization's compliance mandates.
How mobile threat defense works
Mobile threat defense typically addresses threats at three levels: the device, the application and the network levels.
At the device level, an MTD tool checks for issues such as whether devices require lock screens and encryption. An MTD platform may also check for any device-level anomalies, such as a battery drain that could be caused by malicious apps.
At the application level, an MTD platform aims to detect data leakage and other privacy issues. Data leakage often occurs when apps have access to data in other apps. This can be particularly problematic when data crosses between personal apps and business-approved apps on a device. Some MTD tools can also prevent the installation of certain apps based on what IT has approved.
At the network level, MTD can monitor network packets to look for known threats or anomalies. This includes detecting man-in-the-middle attacks or Secure Sockets Layer (SSL) stripping. SSL stripping occurs when an HTTPS connection is downgraded to an unsecure connection, enabling attackers to collect sensitive data. MTD software may also automatically encrypt traffic when connecting to an open Wi-Fi network.
Modern MTD platforms use machine learning to detect anomalies in device, user or application behavior to identify threats.
What are the benefits of MTD?
The main benefit to adopting MTD is that doing so can improve an organization's overall security posture. An MTD tool analyzes the organization's mobile devices and provides IT with actionable insights that it can use to address any vulnerabilities that may exist. Additionally, the platform monitors devices on an ongoing basis to detect threats and to take corrective action if necessary. By monitoring devices and addressing known vulnerabilities, organizations lessen their chances of suffering a ransomware attack or a security breach.
What are the challenges of using MTD?
One of the biggest challenges associated with MTD software is that there are any number of device types that a user could potentially be working from. To be effective, an MTD tool needs to support all of the mobile devices being used throughout the organization.
Another challenge is that a poorly developed MTD tool may get in the user's way or consume too much battery power, for example, leading the user to disable the software. Ideally, MTD software should work silently in the background without placing an excessive load on the device.
In addition, MTD is only effective if it is accurate. Most administrators have probably seen network monitoring tools that generate a large volume of noise alerts or that create false positives. As such, an organization might be reluctant to deploy MTD until it is convinced that MTD will provide accurate and useful information without overwhelming IT with annoying alerts.
MTD and enterprise mobility management
MTD can be and often is used in conjunction with enterprise mobility management (EMM) software. EMM software allows an organization to apply security policies to mobile devices, manage applications and apply updates. EMM focuses on device administration and policy enforcement, while MTD provides protection from cyber attacks.
In general, a mobile security strategy should consider a wide range of potential risks. However, EMM doesn't cover all of those potential risks on its own. So, an organization that uses EMM can also implement MTD to make its mobile devices more secure. In this case, IT teams might think of MTD as an extension of EMM.
Tools for mobile threat defense
There are a variety of MTD tools. An organization typically assesses its needs and goals before identifying an MTD tool; some tools may perform different actions and integrate with different EMM platforms.
An organization should first ensure that the tool it chooses matches with the issues or gaps in mobile security it has as a business. The MTD software should also provide more than just general antimalware; it should provide protection at the device, application and network levels. The MTD platform should also be able to analyze user behavior to detect anomalies and vulnerabilities, as well as have the ability to remediate any threats. An organization that already uses EMM or MDM should also ensure that its choice of MTD software can integrate well with its established technology.
Most MTD software is deployed through a cloud portal and orchestrated with MDM. Gartner recommends that organizations implement MTD software gradually -- deploying it first to devices that could most benefit from increased security.
Some MTD options include the following:
- Check Point Harmony Mobile
- Zimperium zIPS
- Broadcom Protection Mobile
- Proofpoint Advanced Threat Protection