kras99 - stock.adobe.com
Determining the best mobile threat defense options
Desktop security products often cannot cover mobile devices enough. Mobile threat defense can come into the picture and supplement an organization's mobile security.
Modern mobile threat vectors require extensive mobile security, so organizations should look beyond basic management capabilities to more advanced mobile threat defense tools.
Mobile device OEMs have done their part to boost device security by introducing high-quality encryption and creating a wall between personal and enterprise apps and data. However, that's not always enough. Organizations need a targeted approach to enhance device and data security, and the best way to implement those is through the inclusion of a mobile threat defense (MTD) product.
What is mobile threat defense?
Established antivirus platforms and signature-based security measures are still prevalent on PC systems, but they never worked very well on mobile devices. MTD platforms provide in-depth mobile security and visibility into the operations on the apps and data moving to and from the device. These products use analytics, in many cases relying on AI, to assess the risk that an operation is malicious. If the platform deems the operation malicious or even suspicious, it prevents that operation from executing.
Most MTD products work on Android and iOS devices, although subtle differences exist because the connectors and APIs available across the two platforms differ. Many MTD products work in an integrated fashion with mobile device management (MDM) and enterprise mobility management (EMM) products.
While MDM products feature some security capabilities, including mobile application management, these products are often insufficient to protect against many modern threats.
Vendors that offer mobile threat defense
There is a large and growing list of MTD products that organizations could consider. It would be nearly impossible to list all of them, so this article will list a cross section of viable enterprise-grade vendors that offer MTD products.
The BlackBerry Cyber Suite is a unified endpoint security suite that prevents, detects and responds to cybersecurity threats. It protects against sophisticated threats with advanced AI and provides a zero-trust security architecture across all devices, ownership models, networks, apps and user types.
This suite continuously authenticates users and adapts security policies without user interruption. Blackberry Cyber Suite integrates with BlackBerry UEM, and it works alongside other UEM platforms from different vendors. Unlike many MTD options that only work on mobile devices, BlackBerry Cyber Suite also works on PCs to provide a more unified security and management platform.
Lookout Mobile Endpoint Security is a security offering for risk management that can secure against app, device and network-based threats. It includes visibility and control for data leakage, which has become a major mobile data breach challenge.
Lookout places major emphasis on finding malicious apps on public app stores and other stores. According to the vendor, its researchers and AI tools have discovered vulnerabilities beyond smartphones, including in Apple watchOS, tvOS, macOS, Safari and Mobile Safari, WebKit, Google Glass and Bluetooth stacks. Lookout's console and administrative functionality display risky behavior of devices and apps, allowing IT to create and deploy granular levels of inspection and enforcement, such as app-level data handling that might violate policies. Lookout also integrates with EMM and security information and event management (SIEM) functions to enhance IT administrators' deployment and automation of security features.
MobileIron Threat Defense protects and remediates against known and zero-day threats on Android and iOS devices, with deployment, detection and remediation to defend against attacks at the device, network and application level. A major focus for Mobileiron's product is anti-phishing. It includes mobile phishing protection in conjunction with the MobileIron UEM policy engine, on-device machine learning and phishing URL lookup. Customers can opt for additional paid features such as cloud-based phishing URL lookup and zero sign-on. Zero sign-on eliminates user credentials, which are the primary target of phishing attacks today.
Wandera uses multi-level cloud and endpoint security to protect users, devices and networks against cyber threats, device vulnerabilities, man-in-the-middle, phishing, malware and risky apps. To accomplish this, Wandera MTD monitors endpoints for vulnerabilities, performs continuous app risk assessments and detects man-in-the-middle attacks. It includes a VPN tunnel to protect against potential connectivity breaches as well.
The core of Wandera's offering, its risk assessment, is powered by a threat intelligence engine that updates between active user sessions. It also assesses the risk of each endpoint before enabling access and will deny access if it rates the device as compromised. It can integrate with a variety of UEM and SIEM solutions to automate risk-based access policies for devices.
Zimperium's MTD platform provides continuous, on-device monitoring and analysis capabilities to detect mobile cyberattacks in real time. A machine learning-based engine detects and classifies zero-day attacks regardless of the entry point. Zimperium was designed specifically to detect and protect against mobile attacks, unlike other security vendors that migrated their products to the mobile platform. Zimperium can identify and defeat man-in-the-middle attacks and integrate with a variety of UEM solutions.
Microsoft Intune (Microsoft Endpoint Manager)
While this is not a traditional MTD product per se, the prevalence of Intune -- and now the rebranded version of Intune as Microsoft Endpoint Manager -- as a device manager in many organizations presents an opportunity for including more protection by integrating an MTD product with the standard Intune management functions.
Intune can integrate intelligence data from an MTD vendor as an information source for device compliance policies and conditional access rules. This can help protect corporate resources by blocking access from compromised mobile devices. Integrations with Intune are available from many MTD vendors identified here, as well as others.
Which MTD option is the best for each organization?
There is no single perfect MTD product or service that fits all use cases and organizations. When IT administrators evaluate an MTD product, there are central factors that organizations should look at, such as the following:
- How does the product identify and manage the threats, i.e., AI, machine learning, intake of threat intelligence information, etc.?
- How do IT admins deploy and integrate the product?
- What platforms does the MTD support?
MTD provides many features and functions that can significantly increase the level of security for mobile devices, whether company-owned or BYOD. Each of the vendors offers somewhat different capabilities, but overall, any would be a major enhancement for organizations that don't currently have MTD in place.