Organizations have become increasingly reliant on mobile security vendors to protect devices, and there are several types of mobile security approaches that can help them optimize their mobile defense.
The first line of defense in keeping malware off mobile devices is to use approved app stores for iOS and Android. However, even mobile apps in legitimate app stores can harbor malware. Apple Store and Google Play are battling to keep these malicious apps out of their stores, but administrators can minimize their risk by limiting unknown mobile downloads from users.
Organizations should also deploy a managed environment from an enterprise mobility management or unified endpoint management platform that helps administrators address the basic security profiles of mobile devices.
These profiles enable IT to install a mobile security agent on a device. IT can also activate embedded enhanced security tools that may be available on the device itself, such as Samsung Knox in the Android Enterprise program.
Deploying an add-on mobile-specific security tool from a variety of vendors -- such as Lookout, BlackBerry Cylance, Zimperium and Symantec -- can provide additional defense against malware. No mobile security tool is 100% effective, but they are an important step given how much sensitive corporate data is available on mobile devices these days.
There are four different types of mobile security models used by vendors.
Traditional signature file antivirus approach
The traditional signature file antivirus model creates a signature file on the device that all apps and documents are compared to. This doesn't work very well for mobile devices, however. Today, many organizations employ the hybrid-AI approach noted below.
Hybrid-AI cloud security
This type of mobile security tool studies the files users download and install on their devices. It's a similar model to search engines where the community contributes samples that improve the overall experience.
Analyzing these files and applications in the cloud helps security tools identify the warning signs of malicious intent. Once AI identifies any malicious files, it prevents users from downloading and opening them. The tools enforce these policies through a local app that updates with the latest information about the safety of files.
This cloud-based analysis approach works very well for mobile devices because it doesn't require large amounts of local processing. With relatively fast connections, the lag in checking a file type against the files on a cloud server is minimal.
However, this type of mobile security approach isn't great at finding zero-day attacks due to the time lag inherent with gathering data, testing and returning intelligence to the on-device agent. The next type of security model also uses the cloud and essentially acts as an intermediary service.
Intermediary cloud approach
Under this model, any files a user receives or downloads to the device are automatically uploaded to the cloud service for testing and comparison to determine if they're malware or security threats. The files are loaded to the device only if these files are approved.
This intermediary approach also works well for mobile devices, but it can sometimes cause a lag in performance if the mobile devices are on a slow network. Fortunately, the general availability of fast 4G, 5G and LTE makes this less of an issue.
For mobile security vendors, this approach means they can run very fast and extensive processes on high-powered cloud servers, eliminating the restrictions of on-device resources. The following type of mobile security monitors the behavior of the apps or files on the device.
Mobile behavioral analysis
With this approach, an AI-based preloaded app prevents malicious activity by flagging suspicious behavior. There is still a cloud-based component to this approach; the agent occasionally downloads new suspicious behaviors to flag on the device, but most of the work is done locally.
Mobile behavioral analysis is the best way to find zero-day exploits. This approach uses crowd sourcing to obtain and test files, but it is more behavior-based than the simple penetration testing associated with a traditional signature file antivirus approach.
How vendors employ different types of mobile security
Many tools are hybrids of these types of mobile security models, and they aren't purely signature-, AI- behavior- or cloud intermediary-based. In fact, many argue that combining models can provide superior security compared to the use of a single model.
Unfortunately, threat actors are becoming more sophisticated even as mobile security applications gain capabilities. Security add-ons should still be a standard practice for users -- especially enterprise users with sensitive corporate data.