Best mobile antivirus software for the enterprise

How does mobile antivirus compare to desktop antivirus?

There are some significant differences between mobile and desktop antivirus software. This is mostly due to differences in OS architecture, security models and app permission levels. In many respects, mobile antivirus has limited capabilities compared to desktop antivirus.

While desktop antivirus can obtain deep system access in the OS with root privileges, system access is limited for Android and unavailable for iOS. Similarly, iOS doesn't enable any real-time scanning for antivirus software, and Android only allows real-time scanning of apps and files. Desktop antivirus, on the other hand, can scan memory, files and processes.

Both desktop and mobile antivirus software offer anti-theft tools and Wi-Fi security scanning, although specific features vary by product. Desktop systems also have slightly more comprehensive browser protection and malware detection capabilities.

Antivirus software is necessary even if an organization uses MDM and unified endpoint management (UEM) tools. While these tools secure, monitor, manage and support enterprise endpoints, they don't contain all the features of antivirus products. MDM, for instance, usually doesn't offer malware scanning, real-time protection or web protection, while antivirus software does. Conversely, antivirus software might not support device configuration, app management and compliance enforcement, which most MDM tools do include.

Antivirus capabilities for iPhone vs. Android

While iPhones and Android phones both include built-in security features, they have fundamentally different security models. Because of this, the two OSes require different approaches to third-party antivirus software.

Integrating antivirus with iPhone security

Apple has a closed ecosystem, so the company tightly controls iPhone hardware and software. As a result, there is no dedicated antivirus feature, with Apple relying on architectural security.

Apple develops iOS and all the devices it can run on. With full visibility over all its device models, the company is able to quickly send out updates and patch vulnerabilities. Additionally, all apps must meet strict requirements before they become available in the App Store. This blocks users from downloading malware.

Traditional antivirus software isn't available for iOS since Apple won't give third-party apps the low-level access necessary for scanning. However, it's possible to instead use MDM software and security apps that protect against phishing and provide data breach alerts, VPN services and parental controls.

Integrating antivirus with Android security

Android has some of the same native security features as iOS, but it's open source. Android's various OEMs can make custom modifications and control updates. It's also easier to sideload third-party apps on Android. While the introduction of Google Play Protect has made it easier to stop the spread of malicious apps on the platform, threats persist.

This means Android phones are more susceptible to attacks and benefit from third-party antivirus software more than iPhones do. Plus, Android can grant antivirus apps the moderate level of access they require to scan for threats.

4 best mobile antivirus tools for the enterprise

Organizations can choose from an array of mobile antivirus tools, and many of them provide Android and iOS offerings. Due to the architecture differences between Android and iOS, the available features for antivirus products vary based on the device they're running on. For instance, malware scanning isn't possible on iOS, so that feature is only available for antivirus software on Android devices.

To prevent viruses on all enterprise endpoints, organizations should consider popular antivirus software for Android and iOS. The following list was chosen based on industry research into enterprise-grade antivirus tools that support both OSes. It is not ranked and instead appears in alphabetical order.

1.     Avast Business Security

Avast offers a few options to secure mobile devices. An organization can subscribe to the Essential, Premium or Ultimate tier of Avast Business Security. IT administrators can then manage cybersecurity through the Avast Business Hub, which is a limited UEM platform.

The Avast Mobile Security app is another option on end-user devices. The free versions have several useful features and are ideal for SMBs on a tight budget. Features on the Android app include the following:

• Real-time malware scanning.
• Web protection.
• Wi-Fi security scanning.
• A password-protected photo vault.

Additional features, such as VPN and email protection, are available with premium subscriptions.

The iOS version of the app contains many of the same features, but malware scanning isn't possible due to OS restrictions. The app instead scans for security issues in the phone's settings, such as jailbreaking or lack of password protection.

2.     Bitdefender GravityZone Security for Mobile

Bitdefender's endpoint security platform, GravityZone, has a strong antivirus component. The mobile product offers app control, mobile device policy enforcement and detailed reporting. Key features include the following:

• Malware detection.
• Phishing protection.
• Web content filtering.
• Integration with MDM.

From the GravityZone console, admins can deploy the GravityZone Mobile Threat Defense app to BYOD and corporate-owned endpoints. Once users download the app, IT has in-depth visibility over mobile security, and the software provides protection against a range of threats.

3.     ESET Protect

For a cloud-based platform with enterprise-level UEM features, organizations can consider ESET Protect. It has a lightweight design, reducing the software's drain on system resources and device performance. In addition to antivirus features, it offers device monitoring, remote management and automated patching.

Security management through the platform looks different for Android and iOS. The ESET Endpoint Security app functions as an Android antivirus app, with real-time malware scanning, anti-theft tools and SMS and call filtering. From the ESET Protect console, admins can enroll Android devices and prompt users to download the mobile app.

Since the iPhone's security restrictions don't allow for scanning, ESET doesn't offer a traditional antivirus app for iOS. Instead, admins can manage an iPhone's security by enrolling the device in ESET Protect and installing a configuration profile onto it. This process also takes place in the ESET Protect console. Once the profile is on the device, admins can set security policies to protect against mobile threats.

4.     Trend Micro Mobile Security for Enterprise

Another option for organizations is Trend Micro Mobile Security for Enterprise. The MDM and antivirus product includes a social media privacy scanner, a QR code scanner and an app permission manager with enhanced privacy controls.

Like other mobile antivirus offerings, the tools' capabilities vary between Android devices and iPhones. On Android, Trend Micro supports real-time scans, automatic security updates and SMS and call filtering. On iOS, only manual scans and social media scans are available, and some other features are limited. Still, the platform provides strong security features for both OSes.

Gary Olsen has worked in the IT industry since 1983 and holds a Master of Science in computer-aided manufacturing from Brigham Young University. He was on Microsoft's Windows 2000 beta support team for Active Directory from 1998 to 2000 and has written two books on Active Directory and numerous technical articles for magazines and websites.