Mobile Security Guide

Your Guide to Mobile Threat Defense Featuring Gartner’s Market Guide for Mobile Threat Defense Solutions

Device Security for Mobile Network Operators

Mobile Threat Defense

Overview

Mobile network operators (MNOs) compete on providing fast and reliable wireless services to their business and consumer subscribers. As we move to a mobile-first culture, the competition increases and mobile network operators need to differentiate themselves.

Providers invest millions of dollars to provide a modern, fast and secure communication infrastructure for their customers. Customer retention and ARPU are important indicators for business sustainability and have mobile network operators and telcos searching for value-added services.

Mobile operators like Telstra, Deutsche Telekom, SoftBank, Airtel and SmarTone partner with Zimperium to offer mobile security solutions for their B2B and B2C customers. Mobile operators can differentiate themselves, retain customers and build their security practices by offering a custom mobile security app for protection from device, network and app vulnerabilities. The same app acts as a network sensor to gain visibility into cyberattacks amongst their subscribers.

Mobile Malware
“Mobile malware has not been an issue in the eyes of enterprises so far. However, mobile attacks (Pegasus, XcodeGhost) and vulnerabilities (Stagefright, Heartbleed) are increasing in terms of both number and pragmatism. Enterprises are now looking for solutions that can enhance their mobile security posture. Mobile threat defense (MTD) solutions combine signature-based checks with behavioral anomaly detection on the device, network and app layer.”

Gartner Predicts 2017: Endpoint and Mobile Security, Analyst(s): John Girard | Dionisio Zumerle | Brian Reed | Peter Firstbrook | Bart Willemsen, 16 November 2016

Challenges

Today’s mobile operators play a high-stakes game of cat and mouse with hackers and cybercriminals who are exploiting device, network and application (“DNA”) vulnerabilities to undermine customer privacy, cause damage and steal data for profit. These mobile threats include conventional cyberattacks such as email phishing, junk phone calls and SMS spam messages, to more advanced methods including Wi-Fi network spoofing, malware delivery, ransomware, and compromising devices like jailbreaking or rooting.

The telecommunications industry gains some security benefits by design from the modern architecture of smartphones, agreed-upon protocols such as 4G LTE, data encryption and established IT security measures that can protect the telco’s corporate network and infrastructure. However, preventing advanced mobile threats at the user equipment level still remains up to the MNO and its end customers.

Users need device-level protection

While current iOS and Android devices have built-in security features, these platforms are constantly evolving. New vulnerabilities are discovered every day, and new OS updates are constantly published to repair them. Users are seldom up-to-date on these changes, and unaware of behaviors that expose private data and credentials on their devices. Compounding the security challenge are privacy policies and regulations in place that limit the control the MNO or its corporate B2B subscribers can have over the end user’s device and the data on it, especially in a bring-your-own-device (BYOD) scenario.

Insecure and rogue networks abound

Users who are constantly on the go can make several network handoffs and interactions over the course of a day, tapping into public Wi-Fi access points, connecting to USB ports, Bluetooth devices, running location-based services and more. Global threat data proves that there are a tremendous number of number of potentially dangerous networks and insecure devices available for connection, especially in urban and well-traveled areas. Cybercriminals set up fake “Free Wi-Fi” services to disintermediate a device through a “Man in the Middle” (MITM) attack, and capture data or take control of the device as it attempts to connect to the Internet. Once compromised, any network or device can spread malicious code or malware through interaction with more users.

Application and Malware threats

Since smartphone users self-administer their devices, they may be running an outdated OS or download insecure apps from app stores. A smartphone that interacts with your network assets can be compromised and weaponized to spread viruses and malware to other users, or steal valuable customer and company data.

Zimperium's mobile threat defense platform powers custom-branded apps from leading MNOs around the globe. These apps can be found in Google Play and Apple App Store.

Solution

Mobile operators around the world partner with Zimperium to deliver mobile security apps for their B2B and B2C customers. MNOs can now offer their users a world-class mobile threat defense platform for on-device protection from cyberattacks gaining active visibility into the threat landscape that may impact their customer base.

Easy and flexible installation and licensing

With a simple download, Zimperium’s zIPS™ app provides real-time, self-service mobile threat detection and defense for Android and iOS mobile devices against device-level intrusion, network-based (or MITM) attacks, and unwanted application installs and malware. MNOs, or corporate B2B customers, can pre-install zIPS as a custom-branded security app on issued user devices, or users simply download and install the app from trusted stores (Apple App Store, Google Play or private app stores).

Zimperium offers flexible licensing options, and can localize the platform by region. Telcos can increase ARPU and customer loyalty by offering zIPS and threat monitoring services as part of an integrated mobile security solution for subscribers.

On-device protection

Users are immediately alerted to device, network and app threats, can resolve them locally and have forensics sent to the MNO’s security team. Zimperium’s z9 engine automatically detects and remediates issues on-device rather than requiring an Internet connection, admin privileges or tunneling to a cloud service. This approach keeps user account data private and secure on the device without impacting performance. Given the increasing awareness and frequency of cyberattacks, many subscribers appreciate the peace of mind of having state-of-the-art security installed on and protecting their Android or iOS devices.

In-App Threat Protection SDK

MNOs can embed security directly into their mobile apps, or help their enterprise customers do the same in their apps, with the zIAP™ (In-App Protection) SDK. This innovative SDK allows developers to immunize mobile apps with world-class security in minutes. zIAP is completely configurable by developers to detect and remediate threats to a device, including detection of suspicious user behaviors, network attacks and interference from other apps. Self-protecting apps equipped with zIAP can take immediate action according to the policies set by the app publisher or developer. Enable your app to report fraudulent activity, shut down a user session, run in read-only mode, delete cache or force a password reset to protect data when threats are detected.

Contact Us to Begin an Evaluation