In the 90’s, as the home PC market really took off, a bunch of viruses began to appear. Consequently, some companies developed antivirus softwares that would categorized known threats and block them.
Two decades later, mobile devices became the first point of access to the internet and not surprisingly, they started to attract hackers’ attention. To ward off mobile attacks, the first reflex everyone had was to keep using the same kind of protection that was used with PC: antiviruses. But quickly, threats became more advanced and their number kept growing, pushing the mobile security market to renew itself.
Antivirus softwares use a database of malicious signatures to identify threats in order to raise alerts once detected on a device. It allows unknown threats to stay under the radar and offers the same standard protection to every user, regardless of their typology and specific needs. The post-attack analysis approach of antivirus solution and its poor flexibility has rapidly led to its obsolescence.
In the quest towards a more efficient protection technology, mobile security players started to look deeper into the main mobile threat vector: Applications (88% of mobile threats come from Apps – 2017). Indeed, with short development cycles and often non-existent or low security standards, mobile applications are a target of choice for hackers and data privacy worst enemy. As a result, Mobile Application Reputation Service (MARS) emerged in 2011.
The MARS solution estimates the risk level of the applications installed on a device according to different criteria: developer, app reputation, URLs that the app uses, security implementation, the permissions the app requests… Then, it attributes a score to applications and classifies them by typology of threats in a database that references the most popular mobile applications used within enterprises today. When it was launched, the MARS technology scaled up the efficiency of mobile security solutions available on the market embodying the first half-preventive tool to manage threats. It covered a protection requirement expressed by the Enterprise market at that time, until new needs appeared.
As mobile threats are increasingly more numerous and sophisticated, it became no longer possible to ward them all off with antivirus or MARS solutions. Nowadays mobile security solutions must be smart, have a 360° approach, provide real-time analysis, adapt to their environment and be automatic in order to be efficient. This is the advent of the Mobile Threat Defense (MTD).
“Mobile Threat defense tools use a mix of vulnerability management,anomaly detection, behavioral profiling, code emulation, intrusion prevention, host firewalling and transport security technologies to defend mobile devices and applications from advanced threats.” Gartner
Most companies use tools to manage their mobile fleet, such as Mobile Device Management (MDM) and Enterprise Mobile Management (EMM) solutions. The Mobile Threat Defense technology smoothly integrates with these management tools by adding the security capacities they lack. It offers an automatic multi-layers protection to mobile devices from known, unknown and advanced threats. A MTD solution uses an on-device agent to secure the OS level (Detection of jailbreak, root, debug mode, vulnerable OS…), the Network level (Ban of risky hotspot connections…) and the Application level (Enrichment of App blacklists…).
Typically, MTD solutions use the MARS technology to secure the application level, but its precision is limited as it relies on a score-based analysis. In consequence, it can be easily misled.
Pradeo’s MTD technology performs static and dynamic analysis on every app installed on enrolled devices and goes one step further in application security by correlating the data it obtains, to precisely identify their behaviors and vulnerabilities before they do any harm. The alliance of real-time scanning and correlation enables a full protection against all kinds of attacks.
Integrate PRADEO SECURITY to your EMM/MDM: AirWatch, MobileIron, IBM MaaS360, SOTI.