There is no question that using mobile devices is an integral part of an organization’s overall business strategy. In fact, our recent survey said that more than two-thirds (68%) of enterprises have enabled access to productivity tools such as Microsoft Office 365 on mobile devices in the past 1-2 years. IT and security leaders (45%) from the same survey cited employees used mobile devices to share documents across teams. Employees now have more access than ever to sensitive and confidential corporate data at their fingertips.
Therefore, teams must evaluate if they are prepared for the security implications that come from mobile devices. The reality is far too many organizations are not prepared. In fact, 80% of survey respondents rely on two-factor authentication (2FA) as their primary source for mobile defense. As the mobile threat landscape continues to evolve, organizations must evaluate their current approaches and embrace the latest security technology in order to secure their mobile endpoints.
Changing Environments, Changing Requirements
In recent years, mobile device usage in the enterprise saw dramatic growth. Further, mobile device and app usage dynamics continue to evolve rapidly. What would be considered mobile security of the past, Mobile Device Management (MDM) and Unified Experience Management (UEM) were common among enterprises. In fact, according to survey respondents, 75% still use MDM, while 41% still use UEM to secure mobile endpoints.
In these cases, if a user was known and using an enrolled device, teams could apply device features and configurations at the OS or app level to manage the device. Based on all this, teams could share information with a UEM tool, get appropriate configurations, and determine whether to grant the user access to applications.
This management approach doesn’t cut it today.
The proliferation of devices, including BYOD, and the usage of cloud-based apps like Office 365 have presented significant challenges for these traditional tools and approaches. In fact, 65% of survey respondents cited implementing security best practices as a top security concern related to securing devices.
In these contexts, less than half (42%) of security teams have visibility into compromised devices, while only 24% have high visibility into third-party app stores. As a result, they have to choose between two problematic scenarios:
- “Hoping for the best.” This means internal policies and external compliance mandates won’t be addressed consistently on mobile devices, leaving the organization exposed to fines, breaches, and other penalties.
- Employing onerous controls. Employing controls that create bottlenecks and constraints will have several repercussions. Users may actively look for ways to bypass these steps and controls, and security will be compromised. Alternatively, these controls will create extra overhead for users or have a chilling effect on their mobile device usage. Either way, productivity will take a hit.
Security teams need to find a new strategy to support BYOD and mobile usage more generally, and optimize the user experience in doing so while at the same time enforcing the security policies required.
The traditional methods available to these teams, endpoint security and MDM/UEM, have presented significant shortcomings, and it is time to start looking at Mobile Threat Defense to protect mobile devices from advanced persistent threats.
Limitations of Traditional Endpoint Security
In years past, huge investments have been made in proactive endpoint security, but most of these investments have targeted traditional endpoints like Windows and Mac computers. Typically, the focus has been on solutions like endpoint protection platforms (EPP) and endpoint detection and response (EDR) tools. These solutions act as antivirus for laptops, but data is typically collected and analyzed off devices before taking action to remediate threats.
Fast forward to the modern employee; conducting work beyond their laptop and accessing data on the go from mobile devices is essential for productivity. While mobile devices have been more of an afterthought for endpoint security solution providers, mobile security is now a topic of importance for security teams.
The recent Android and iOS malware, phishing, and network attacks prove that mobile device protection requires a more sophisticated approach. An alarming number of enterprises (81%) surveyed have not incorporated MTD into their current cybersecurity stack. Traditional endpoint platforms lack the comprehensive mobile access necessary to monitor and assess the risk of mobile operating systems (OS) and apps, making it difficult to fully protect users from manipulation and exploitation by mobile malware, phishing, and other attacks. The operating systems of mobile devices are also locked and restricted, which renders a traditional endpoint detection and response (EDR) solution’s approach of injected kernel monitoring is not possible on a mobile platform.
Shortcomings of Legacy Mobile Device Management for Cyber Threat Detection
In years past, using MDM and UEM tools, teams could track metrics like the percentage of devices patched or compliant. Tools like UEM are used to automate and orchestrate enrollment and unenrollment of users and application of security policies such as encryption or PIN code length, not necessarily secure a user’s devices from cyber threats such as malicious Wi-Fi phishing or malware. When using traditional management tools to secure devices, gaps remain, and teams are ill-equipped to support zero-trust approaches. These tools:
- Lack rich telemetry, such as biometric data, data on usage patterns, and data on apps that are running on the device.
- Lack real insights into what’s actually secured and where security gaps are that need to be addressed and mapping those to industry standards such as the MITRE ATT&CK® Matrices for Mobile.
- Lack the visibility teams need to combat adversaries who are focused on obtaining user credentials, so they can gain access to an organization’s network and move laterally.
- Lack of protection against attacks impacting all users, such as phishing and SMISHING.
Why Advanced Mobile Threat Defense Solutions are Required
Mobile threat defense (MTD) solutions offer granular policy controls for the differing geographic and user base, rich intelligence and telemetry, as well as powerful app vetting to identify malicious behaviors and risky apps that do not meet corporate standards. MTD offerings can serve as the primary protection mechanism for enforcing zero-trust practices.
By contrast, endpoint protection platforms (EPP) and endpoint detection and response (EDR) tools typically offer telemetry, but often that telemetry is based on network activity around the computer workstations or servers.
With Mobile Threat Defense, security teams can protect users with a privacy-first approach by gaining visibility into to threats that could compromise or leak data associated with the device, the location, user activity, what’s running on the device, how the application is behaving, without the need for personally identifiable information (PII). A comprehensive MTD needs to be able to analyze mobile applications for risk, identifying which apps enable personal data to be tracked for or linked to an individual’s identity, which poses a privacy risk.
Mobile Threat Defense enables teams to gain continuous feedback in real-time, and the device does not require an internet connection, so security teams can make ongoing refinements in policies and posture before an attack can spread. Ultimately, by employing both MDM and MTD solutions in tandem, teams can increase productivity by loosening the controls on productivity apps and increasing employee adoption with an easy onboarding experience and granular response actions. MTD solutions can also operate in a stand-alone fashion, supporting zero-trust approaches with device attestation.
The increased use (68%) of productivity tools on mobile devices is a widespread reality today. To respond to the security implications of these realities, teams must start to employ advanced MTD solutions to expand coverage and visibility and have a true single pane of glass architecture.
Zimperium zIPS is the only on-device solution with the ability to detect both known and zero-day threats across device, network, phishing, and app attacks. zIPS continuously monitors threats and performs in-depth scanning of mobile apps for privacy and security risks. By leveraging contextual intelligence and on-device controls, security teams can begin to boost end-user productivity and, at the same time, address the critical risks posed by unprotected mobile devices.
Contact us today to learn how to proactively secure your organization’s mobile endpoints with Zimperium.