The Security Gaps Left by EDR and How MTD Can Help

Share this blog

In some realms, a 40% success rate may be okay. For a batter in baseball, it would be considered great. In security, though? Not so much.

This post summarizes our recent webinar discussion with Rick Bosworth from SentinelOne about the emerging threats that unprotected mobile devices present to enterprises and why enterprise detection and response (EDR) solutions working in tandem with mobile threat defense (MTD) represent a critical requirement for today’s enterprises.

Introduction: The Dangers Posed by Unprotected Mobile Devices

For any security team, there’s a fundamental calculation that needs to be made in order to intelligently determine where to apply precious effort and investments. When determining whether to secure any specific class of assets, leaders need to consider two key questions:

  • Does the asset hold value? In this case, value can be assessed in terms of whether the asset houses proprietary data or credentials or has the potential to provide access to other assets or services that do have value
  • Is the asset vulnerable to attack, and are malicious actors actually targeting those types of assets?

When the answer to either question is “no,” teams can move on to other assets. When it comes to mobile devices, however, the answer to both of these questions is a resounding “absolutely.”

Mobile Devices House and Access Assets of Value

First, more than ever, mobile devices are now integral to the way people work. According to our 2022 Global Threat Report, 60% of the endpoints accessing enterprise assets are now mobile endpoints. Mobile devices are integral to multi-factor authentication (MFA), and they play a significant role in terms of how we communicate, stay apprised, and get our jobs done. On average, 10% of the apps on employee-owned mobile devices are enterprise-focused, including apps for MFA, email, instant messaging, and so on.

Consequently, in this respect, there’s no real distinction between mobile devices and the traditional endpoints (that is, the laptops and desktops) that teams have had to secure for years now. Quite simply, like traditional endpoints, mobile devices house and access critical enterprise assets. By gaining access to a mobile device, an attacker can get access to sensitive corporate networks, services, and assets.

Mobile Devices are Subject to Attack

In recent years, there’s been ample evidence that mobile devices are becoming the go-to attack vector for many malicious actors. Here are just a few of the many statistics from our 2022 Global Threat Report that illustrate this point:

  • In 2021, we saw a 466% increase in exploited zero-day vulnerabilities used in attacks against mobile endpoints.
  • 42% of security incidents organizations reported were tied to mobile devices or web applications.
  • Every day, the Zimperium team uncovered 5,000 new mobile malware samples. Every day. That amounts to more than two million samples discovered over the course of the year.

Beyond these stats, there are plenty of high-profile attacks that made the news in the past year. Slack, Twilio, Uber, and many other organizations were victimized by attackers that targeted mobile devices in some fashion. Mobile malware like Pegasus and, perhaps even more disturbingly, examples of open-source malware that bears many of the same characteristics of Pegasus continue to be employed in attacks.

Last year, mobile device manufacturers put out a record number of patches. This only underscores this fundamental reality: Mobile devices are being actively targeted—and successfully exploited.

Why Traditional Endpoint Detection and Response Falls Short

For years, security teams have relied on endpoint detection and response (EDR) solutions to safeguard corporate endpoints like laptops and desktops. However, these traditional solutions are not equipped to address mobile device security, and given the 60% stat cited above, that means they only address about 40% of the endpoints accessing corporate assets today.

Further, this means they offer little defense against one of the most common methods of attack. In study after study, it is proven that phishing is the most common cause of breaches that afflict enterprises. Our 2022 Global Threat Report showed that 90% of breaches started with phishing.

Given the ubiquity of mobile device usage, it’s no surprise that these devices are the focal point of phishing attempts. Attackers predominantly employ email, text, and instant messaging to target mobile device users. Further, mobile devices are expressly being targeted because attackers know these devices lack effective defenses. Last year, Zimperium found that 75% of the phishing sites analyzed (that is, the pages that phishing messages point unwitting victims too) are specifically targeted toward mobile devices. In many cases, the malware on these sites won’t even run on a traditional endpoint, where they may be more likely to be detected.

Consequently, traditional EDR and even traditional anti-phishing tools, which are focused on corporate email on laptops, are ill-equipped to address these types of threats.

How Zimperium Can Help

To recap, mobile devices can expose some of the most precious corporate assets and services, and they’re actively being targeted by malicious actors looking to gain access to those assets. Given this, it is clear teams need to augment their traditional EDR tools and approaches and establish robust defenses that are specifically designed for the realities of mobile devices.

That’s where Zimperium comes in. With Zimperium mobile threat defense (MTD) solutions, teams can address the security gaps left by traditional EDR solutions. Zimperium zIPS is an advanced MTD solution that secures mobile devices, apps, and data—and in the process, it safeguards the corporate resources and services that these devices can access. zIPS detects mobile threats, notifies security teams of incidents, and blocks unauthorized access to resources.

With Zimperium zIPS, your organization can leverage the only on-device MTD solution that protects Android, iOS, and ChromeOS devices. The solution offers robust safeguards against known and zero-day, advanced persistent threats. zIPS keeps mobile devices secure—without relying on cloud-based lookups, content scanning, or other privacy-invasive techniques.

zIPS: Powered by z9

zIPS is powered by Zimperium’s z9, a dynamically updatable engine. z9 offers behavioral and machine learning techniques that detect device, network, phishing, and mobile application attacks without having to rely on updates or an active network connection.

Zimperium’s Advanced App Analysis

Zimperium’s Advanced App Analysis (z3A) enables zIPS to perform in-depth mobile application scanning for privacy and security risks. The solution delivers detailed privacy ratings, malware classifications, security ratings, and customizable app privacy settings.


The time to safeguard mobile devices is today. That means employing MTD solutions that address the unique security threats and usage realities of mobile devices. That’s why so many leading organizations are moving to Zimperium zIPS.

For more information on how Zimperium zIPS or the Zimperium Mobile Application Protection Suite (MAPS) can help you secure your mobile endpoints and applications, contact us today.

Avatar photo
Author: JT Keating
Strategic Initiatives. View the author's experience and accomplishments on LinkedIn.

Get started with Zimperium today