History of Mobile Threat Defense solutions
With smartphones and the application model emerging in the second half of the 2000’s, it was just a matter of time before hackers exploited this new media like it happened long ago on computer. Like any new technology, it was at first poorly secured and little attention has been paid to it from software and hardware manufacturers. Naturally, mobile followed the same path as the PC and antivirus tools started to emerge, mainly to protect devices from viruses hidden in applications.
Today, the two main application stores, Google Play and the App Store, implemented automatic security layers (like Google Play Protect). Yet, data theft is still a huge problem for organizations and they cannot only rely on those security features. These standard protection measures are limited to face advanced mobile threats that are targeting enterprise mobility.
To better thwart the cleverness of hackers, Mobile Threat Defense emerged during the last few years. The ecosystem has been reshaped around them, either with integrations or with solutions (like Endpoint Detection & Response) leaning towards them.
Unified Endpoint Management vs Endpoint Detection & Response vs Mobile Threat Defense
Unified Endpoint Management
Historically, many denominations existed like Mobile Device Management, Enterprise Mobility Management, Endpoint Protection Platform… Now, under the acronym UEM (Unified Endpoint Management) are found the solutions dedicated to the management of a mobile fleet (like Microsoft Intune, VMware Workspace ONE). Even if they don’t offer in-depth security and analytics features, they embed administration and protection capabilities.
- Distribute private and public apps
- Lockdown a device
- Monitor data consumption
- Enforce basic security features (open network, outdated OS…)
Endpoint Detection and Response
Named as such by Gartner in 2013, Endpoint Detection & Response solutions are used to protect endpoints, mainly PC’s, and are focused on detecting and investigating suspicious activities (and traces of such). They are more oriented towards analytic capabilities than proactive security features.
- Monitor and collect activity data
- Incident data search and investigation
- Forensics and analysis tools to keep track of potential attacks
Mobile Threat Defense
On the other hand, Mobile Threat Defense solutions were built to solely protect mobile devices and all it’s aspects (applications, network, OS). All MTD softwares are integrated with different UEM providers to take advantage of both management and protection features.
- Threat identification and remediation (app, network and OS level)
- Customizable security policy
- Threat management console
- Integration with different UEM solutions
Capabilities to look for in a Mobile Threat Defense solution
Working as a simple app, and usually deployed through the UEM solution, it controls in real-time users’ devices for existing or incoming threats. Background checks will automatically audit freshly installed apps, scan the network connections (Wi-Fi, Bluetooth, NFC…) and log every settings changes (root, debug mode, outdated OS…).
While all businesses are different regarding their security needs, a MTD solution needs to be scalable and highly customizable, e.g. through a modular and granular security policy. According to your industry and your employees, you can set up an appropriate security response depending on the threat (letting specific users access the resources, deny for some, simply inform…).
To run its services, a mobile application requires to access some information on the device hosting it, including some about its user. While most apps could properly work by only accessing and using these data locally, 65% of them are programmed to send the collected information to a remote location. In addition to data leakage, it is more and more prevalent to find ransomwares, fleecewares, adwares etc. on mobile. For example, ransomwares are now found in 1.1% of mobile apps, against 0.01% a year ago (+10900%). Whether the type of application and the malicious behavior it may embed, a Mobile Threat Detection solution needs to be perfectly accurate regarding application security audit.
With 88% of spear-phishing being carried out through mobile applications, you also want to monitor and protect users in real-time from this threat. In 2020, 34% of employees clicked on the link showcased in a phishing attempt. A complementary study revealed that 19% of victims go through the process by providing their credentials or downloading the malicious program. With such numbers, it seems inevitable for a Mobile Threat Defense solution to embed strong anti-phishing capabilities.
As a network connection is constantly changing and is sometimes a public matter, having an automated tool to monitor and check network security seems adequate, especially for workers being often on the move. With a Mobile Threat Defense tool you can keep track of the network activity of your employees, while securing sensitive data from attacks like a Rogue Cell Tower, or a Man-in-the-Middle.
On a regular basis, security holes are discovered in the code of operating systems. Once detected, OS publishers develop patches that they push to users through updates and simultaneously disclose the vulnerabilities (CVEs) existing in the former version. Once made public, cybercriminals can exploit outdated devices’ vulnerabilities to gain extended rights and illegally access data or communications. With MTD, having a clear overview of your outdated and risky devices is a simple capability, but yet very powerful to easily reduce your risk exposure.
Key benefits of a Mobile Threat Defense solution
Gartner states in its 2021 Market Guide for Mobile Threat Defense that "Mobile threat defense products counter malicious threats to iOS and Android devices. Security and risk management leaders who need to strengthen their mobile security posture should adopt MTD products to improve their overall security hygiene."
In fact, all key points of a Mobile Threat Protection solution revolve around security features and are complementary to a mobile management product.
- Zero-trust and real-time protection: MTD will thwart attacks directly on users’ devices before they become problematic.
- Overall visibility: Get a security overview of the risk level of your mobile fleet within a glimpse.
- Enable a secure BYOD (Bring-your-own-device) policy: With MTD, you can safely allow employees to use their personal devices for work purposes without impacting on user experience.
- Data protection law compliance: Ensure that sensitive and personal data from your organization and workers are safe.