With cloud-native applications and remote work, mobile devices are a modern endpoint that companies need to secure. Organizations recognize that smartphones and tablets enhance productivity in a work-from-anywhere world. Users bring their devices with them wherever they go, often downloading applications for both work and leisure. As organizations start scrutinizing the workloads that they put on these devices, they need to redefine their mobile device security.
Specifically, organizations need to consider how Mobile Threat Defense (MTD) enables them to identify risky applications, block applications, and enforce security controls.
What’s The Difference Between a “Risky” and “Malicious” App?
Historically, mobile device security focused on malicious applications, ones targeting jailbroken devices or that look to gain root access. Organizations implemented security controls and technologies to mitigate risks arising from spyware and Trojans.
Today, organizations also need to mitigate threats arising from risky apps. Users download applications from third-party app stores, often for legitimate reasons. For example, they might need messaging apps to communicate with peers, customers, and contractors.
However, people also download other applications, such as social media apps. While these apps may not be malicious in the traditional sense, they create data protection risks. In an increasingly digital and mobile world, organizations need visibility into and control over the corporate information that these apps can access.
What Are the Risks of Third-Party Mobile Apps?
While third-party apps may not be malicious, they can lead to data loss and leakage. Organizations need to start asking questions such as:
- What access do these apps have?
- What data can app developers obtain from devices?
- What system data can the apps and developers access or use?
- What are the companies developing these apps doing with that data?
For example, when looking at the most popular mobile apps:
- 60% gather information from private conversations
- 80% collect data on the messages sent and received
Between installed applications and the hardware, malicious actors can obtain a plethora of sensitive information from mobile devices, including:
- User location
- Personally Identifiable Information (PII)
- Health data
- Device brand and model
- Operating system (OS) version
- Browsing history
- Apps installed
- File names
- Keystrokes
- Mobile carrier name
Depending on how the app was designed, developers can request access to specific device functions, track data, and share it with third parties. Without any formal disclosure standard, app developers may not be upfront about what they collect and how they share it.
Why Mobile Device Management Only Mitigates Some Risks
Mobile Device Management (MDM) focuses on the known rather than the unknown. An MDM tool enables an organization to protect itself from malicious activities and identified vulnerabilities such as:
- OS vulnerabilities
- App vulnerabilities
- Malware
- Malicious apps
With MDM, organizations generate lists of known security problems, then manage devices to mitigate risks. For example, MDM enables organizations to:
- Prevent an unpatched device from accessing the network
- Block people from downloading applications
- Require people to install an antivirus/antimalware on the device
However, as risks and threats evolve, MDM lacks the comprehensive capabilities to protect IT environments from the complex risks arising from legitimate apps. In addition, unknown threats such as zero days are complex and require a solution that leverages a multi-faceted approach to protect devices. An MDM doesn’t have this capability.
How Mobile Threat Defense Protects Organizations From Risky Apps
MTD enables organizations to prevent data from being sent to third-party systems on the back end. MTD enables organizations to do the following to reduce the harm from risky apps:
Identify
On the back end, organizations need to identify which apps are sending data and where does this data go? Within an ecosystem, third-party apps may:
- Use an SDK
- Connect to risky systems
- Allow users to sign into a web application from a mobile browser
By identifying apps that exist in their environment, organizations can mitigate data loss and leakage risks by implementing policies. MTD solves these problems by
- Identifying risky or banned apps automatically with an App Policy Engine or manually with an external Policy.
- Marking the app as Out of Compliance (OOC)
- Creating an OOC app threat for each device
- Notifying users to remove the OCC app from their devices
MTD provides visibility into where and how apps communicate so organizations can customize policies according to their data security concerns. For example, organizations can use MTD to identify risky geographic locations and set policies accordingly.
Block
In some cases, an app may be useful but pose a specific, well-defined data risk. For example, if an app sends data to high- and low-risk geographic regions, the organization may not need people to remove it entirely.
In this case, a more precise data control would be to:
- Identify specific domains in the OOC app’s technical app report
- Add app-specific domains to access the control list in a blocked category
- Leverage Content Filtering and block app-specific domains
MTD enables companies to take a focused approach by defining domains that are specific to a given app and then applying them to a group of devices. For example, an organization can apply different policies to employees working with federal agencies than those working outside the federal government.
Enforce
After identifying risks and setting policies, companies need to enforce them. Even though the policies can block data from being sent off the device, organizations still need to enforce policies to ensure users remove risky apps from their devices. Many organizations struggle with enforcement because it often becomes a cumbersome, manual process across multiple, disconnected systems.
Organizations using an MTD solution that integrates with their MDM tool can enforce their policies by:
- Setting the Conditional Access policy for OOC App threat
- Notifying users that their access could be impacted if the app is not removed
- Enforcing the Conditional Access policy
With MTD, organizations eliminate the burdensome processes associated with enforcement. Through integrations and workflows, the combined MDM and MTD solutions automate the process of de-provisioning and reprovisioning access, enhancing security and reducing operational costs.
Zimperium: Protecting Against Data Loss From Risky Apps
In a connected world, mitigating risks to data is increasingly complicated. Organizations need solutions that enable them to control where their data travels, no matter what device someone is using.
Zimperium Mobile Threat Defense (MTD) – formerly known as zIPS- is a privacy-first mobile security solution that provides comprehensive mobile security for organizations. Zimperium protects an employee’s corporate-owned or BYOD from advanced persistent threats without sacrificing privacy or personal data.
Zimperium MTD can help organizations identify which mobile devices have risky or banned apps by pinpointing what servers these apps are connecting to and blocking these apps and browsers from sending data off the device to the domains to which the app connects. By leveraging zero-touch activation, Zimperium MTD can automatically enforce conditional access controls as part of a zero-trust strategy, which prevents the use of enterprise apps and access to sensitive corporate data while these banned apps are installed.
Zimperium MTD is the only on-device mobile security solution that protects against the latest zero-day attacks. As the mobile attack surface expands and evolves, so does Zimperium’s dynamic on-device threat detection. Zimperium MTD detects across all four threat categories — device compromises, network attacks, phishing and content, and malicious apps.
For more information on how Zimperium MTD can help protect you from risky apps, contact us today.
