The mobile threat landscape has evolved significantly: the number of threats has grown exponentially, and there are now exploits for many attack vectors. Using Mobile Device Management (MDM) platforms alone is no longer sufficient protection for businesses against this new range of attacks on mobile devices. Colm Warner of eir Business mobile partner CWSI provides insight into how businesses can protect themselves against these threats.
Since November 2016, mobile devices have officially accounted for more internet traffic than any other platform, and the trend shows no signs of abating. Remote work and the need to access corporate information beyond the LAN perimeter is now commonplace. MDM initially provided protection of the device, allowing encryption, tracking and remote destruction of data, but this assumed that the mobile device was carrying the information.
Attackers now targeting application layer
As bandwidth has improved, phones and tablets are now used to access data in the cloud rather than carry it, which means that cybercriminals have shifted their focus from gaining physical access to intercepting traffic and attacking the device at the application layer. This means that while MDM is still essential, it is no longer sufficient on its own in protecting against the variety of threats encountered by today’s remote worker.
Maintaining app whitelists and blacklists has been possible through MDM for some time, but each approach is a compromise to either security or end-user experience. Apps are developed at such a rate that maintaining a comprehensive blacklist is an impossible task for administrators to perform manually, and while allowing a limited whitelist certainly works from a security perspective, it diminishes the experience for users, driving many to carry a second personal phone or to attempt to circumvent security restrictions. Preventing use of new apps can also keep business processes from advancing and streamlining, not being able to make the most of new technology for productivity.
Move protection to the application layer
By implementing app analysis and threat detection at the application layer, it is possible to enable users to install a wider range of apps without the inherent risk that this could otherwise entail. Instead of administrators having to keep an eye on their entire app inventory across their estate, it is possible to allow users to install apps at will, or at least within the boundaries of the organisation’s Acceptable Usage Policy, and only flag those apps which pose a risk to the organisation, based on unwanted behaviour (such as transmitting contact lists) or identified threats.
Cloud-based intelligence enables the detection of zero-day threats, so that companies can benefit in real-time from the research of dedicated security analysis. Malicious apps or profiles can be immediately detected on devices, and remediation can be automated by bringing the power of the MDM platform to bear. Devices can be restricted or quarantined as appropriate to the detected threat, with different automated playbooks being put in place ahead of time so that administrator intervention is not required when a threat is encountered.
Use MDM and threat prevention platforms together
With some solutions it is even possible to collect threat data without installing software on the mobile devices, as MDM integration allows the device app inventory to be collected by the existing MDM, and then shared with the threat prevention tool. This means no rollout, no end user action required, and no lengthy projects. Simply grant API access between the MDM and threat prevention platforms, and assign MDM policies to event categories to automate security playbooks. Of course, best results are achieved when an app is deployed, as this can enable the detection of off-device threats such as network attacks and SMS phishing.
Off-device threats can be detected and remediated, so that users can use public Wi-Fi hotspots and the organisation knows that incoming connections to corporate resources are secure. Man-in-the-middle (MitM) attacks can be detected, and users can be prevented from connecting to sources that attempt to re-route data or strip away any security. When detected, these attacks can prompt user alerts, MDM policy enforcement, or any combination of the two, to ensure that users operating beyond the traditional corporate IT perimeter do not pose risk to the organisations they represent.
For a complete wrap-around protection, we suggest that organisations bolster the protection of their mobile devices by considering not just MDM, but also tools to protect against network attacks (especially since the recent publication of WPA2 hacks for Wi-Fi), and even protect against the users themselves, who often install apps without considering the source of their application or what functions an app might be performing in addition to what it claims to do.