A successful approach to the mobile threat landscape
Using MDM platforms alone is no longer sufficient to protect the Enterprise from attacks on mobile devices.
Mobile devices now account for more internet traffic than any other platform, and the trend shows no signs of abating. As workers operate increasingly beyond the traditional LAN perimeter, all facets of mobile IT need to be secured. MDM was initially designed to prevent devices from loss or theft, enforcing encryption and enabling the remote destruction of data. As bandwidth has improved, phones and tablets are now used more to access data than to carry it, and so those who would compromise our security have shifted their focus from gaining physical access to the device to intercepting traffic and attacking the device at the application layer.
Blacklisting and whitelisting apps has been possible through MDM for some time, but each approach introduces compromises that many admins and users find unacceptable. The rate of app development means that maintaining a comprehensive blacklist is an impossible task for administrators, and while allowing a limited whitelist certainly works from a security perspective, it diminishes the experience for users, driving many to carry a separate personal phone or to attempt to circumvent security restrictions.
The happy medium comes in the form of app analysis and threat detection. Instead of administrators having to keep an eye on their entire app inventory across their entire estate, it is possible to allow users to install apps at will, or at least within the boundaries of the organisation’s Acceptable Usage Policy, and only flag those apps which pose a risk to the organisation. Cloud-based intelligence can enable the detection of zero-day threats, so that companies can benefit in real-time from the research of dedicated security analysis. Malicious apps or profiles can be immediately detected on devices, and remediation can be automated through integration with leading MDM platforms. Better still, with some solutions organisations can avoid having to install additional software on endpoints, as MDM integration allows the device app inventory to be collected by the existing MDM, and then shared with the threat prevention tool. This means no rollout, no end user action required, and no lengthy projects. Simply grant API access between the MDM and threat prevention platforms, and assign MDM policies to event categories to automate security playbooks.
Off-device threats can also be detected and remediated, so that users can use public Wi-Fi hotspots with confidence. Man-in-the-middle (MitM) attacks can be detected, and user can be prevented from connecting to sources that attempt to manipulate or reroute data. Again, these attacks can prompt user alerts, MDM policy enforcement, or any combination of the two to ensure that users operating beyond the traditional corporate IT perimeter do not pose risk to the organisations they represent.
Of course, the human element still poses a risk. While phishing links can be detected and blocked, there is always the risk that a user can be conned into parting with sensitive information.