A mobile security strategy must take into account a wide range of potential risks -- many of which enterprise mobility management doesn't address. IT should use mobile threat defense in conjunction with enterprise mobility management to secure mobile devices effectively.
Unlike enterprise mobility management (EMM), which focuses on device administration and policy enforcement, mobile threat defense provides on-device protection from cyberattacks. It incorporates machine learning and other artificial intelligence (AI) technologies to accurately detect and respond to possible threats.
Types of mobile threat defense
In-depth mobile threat defense should include more than just antimalware or threat detection; it should also provide the ability to remediate threats. A comprehensive mobile threat defense platform addresses threats at three levels.
Device level: The mobile threat defense platform checks for issues such as whether end users can enable lock screens or encryption, have the ability to install apps from unknown sources, or root or jailbreak the device. In addition, the platform might check whether developer mode or USB debugging is enabled, as well as look for anomalies such as battery drain caused by malicious apps.
On Android devices, the platform might also determine whether the device is protected by Verify Apps, or it might call the Google SafetyNet API to check the device's authenticity.
Application level: A mobile threat defense platform can analyze app code, examine app URLs, review how security is implemented, and uncover data leakage and privacy issues. This process also includes a review of the developer's and app's reputations, which is why it's often referred to as mobile app reputation services (MARS). Mobile threat defense and MARS were once implemented as separate services, but many mobile threat defense products now incorporate MARS capabilities.
Network level: The mobile threat defense platform sends and receives data over the network to look for possible threats such as man-in-the-middle attacks or Secure Sockets Layer stripping, a process of downgrading an HTTPS connection to a nonsecure HTTP connection in order to capture sensitive data.
An important component of most mobile threat defense platforms is the analytics engine that examines user and application behavior to identify anomalies that might indicate a threat. Using data collected from the monitored devices, the engine incorporates machine learning algorithms and other AI technologies to uncover deviations at the device, application and network levels, making it possible to distinguish normal behavior from abnormal. The engine also provides detailed forensics that admins can use to take more targeted remedial actions.
How to incorporate a mobile threat defense platform
There are a variety of mobile threat defense tools, including Check Point SandBlast Mobile, Zimperium zIPS and Symantec Endpoint Protection Mobile (SEP Mobile), formerly Skycure Mobile Threat Defense. Like most of the major players, these products use machine learning to analyze behaviors and uncover anomalies that might indicate potential threats. They also integrate with a number of existing EMM platforms.
- SandBlast Mobile integrations include VMware AirWatch, MobileIron, IBM MaaS360, BlackBerry Enterprise Server/Unified Endpoint Manager (UEM) and Citrix XenMobile.
- Zimperium zIPS integrations include AirWatch, MobileIron, BlackBerry UEM, XenMobile and SAP EMM.
- SEP Mobile integrations include AirWatch, XenMobile, MobileIron, BlackBerry UEM and IBM MaaS360.
Seamless integration between mobile threat defense and EMM makes it possible to protect devices from a wide range of risks, while also enforcing policies that can help ensure that devices remain protected. IT should use mobile threat defense to extend EMM and to provide a critical component to secure mobile devices. The better the integration between the two platforms, the more effectively mobile threat defense can protect those devices.
Many organizations have yet to incorporate mobile threat defense as either stand-alone systems or into their EMM, but this will no doubt change as cybercriminals carry out more sophisticated attacks against mobile devices and their users. It won't be long before mobile threat defense becomes as common as EMM, with the two merged into a single, comprehensive platform.
Part two of this two-part series will delve into the mobile security risks that necessitate mobile threat detection.