What is Mobile Threat Defense?
The Threats Are Real.
The Number of Mobile Threats are Increasing and Becoming More Complex. For example, some of the most dangerous malware we have seen to-date for both iOS and Android in the last 12 months does not require a root/jailbreak to the device, and can be found in approved app stores such as Google Play and Apple App Store.
Android continues to pose a greater risk due to the fragmentation of device models and the method by which mobile operating system updates are pushed to the device, making it difficult for users to update to the latest mobile operating system release. The challenge is ensuring Android users, irrespective of device manufacturer, are not able to download from untrusted app stores. Given that Android makes up 87.6% of the global smartphone market share (IDC, Q2 2016 shipments), it continues to be a target for hackers. In June of 2016, 3 major instances of malware were identified in the Google Play Store - Godless, LevelDropper and Overlay. It was found that 90% of Android devices run on infected versions (Android 5.1 or lower).
There were 5 major iOS malware outbreaks in the official Apple app store from the end of 2015 through early 2016 - XcodeGhost, YouMi SDK, MobiSage, JSPatch, AceDeceiver. This marked a dramatic shift from previous years in which the App Store had seemingly been impervious to malware.
Why do you need MTD and MDM/EMM?
MTD Enables Proactive and Real-time Defense
Mitigate risk of a real-time breach and determine suspicious activity before it turns into a zero-day threat.
MDM/EMM for Device Security
- Ensures devices are not compromised (jailbroken/rooted), a min OS is installed, devices are encrypted, and required security apps such as an MDM agent is installed on devices.
- Protects with device restrictions such as blocking USB debugging, preventing storing and sharing data within and from managed applications, blocking app installation from third-party app stores, and blocking sideloading of apps.
MTD for Mobile Threat Intelligence
- MTD provides mobile threat intelligence identifying Application, Network, Device Behavioral/Anomalies, and OS Vulnerabilities that may significantly increase the risk to mobile attacks, as well as zero-day and other mobile threats in real-time.
How does it work?
MTD Can Monitor, Evaluate and Remediate Through:
Application Risk Scanning
Applications are the largest attack vector on the mobile device, as such, this is the most important to secure. Identify high risk and malicious mobile apps by performing dynamic and static code analysis. The MTD solution evaluates the employees’ mobile apps by comparing them to a database of mobile apps that is ranked for risk. In-house applications can be submitted to the MTD solution for risk scanning and malware evaluation.
Detects Man-In-The-Middle (MiTM) attacks, which exploit the network stack of the mobile device that is shared across applications. Hackers can use a rogue WiFi access point to impersonate a public WiFi, which the device will automatically connect to since it previously connected to the known public WiFi network allowing them to inspect any unencrypted HTTP traffic and steal corporate data and credentials.
Behavioral Anomaly Detection
Detects unexpected behavior and configuration changes on the mobile device, such as an abnormal surge in battery consumption, which could be caused by a malicious app or profile installed on the device. iOS is more limited than Android because it cannot detect as many behavior anomalies, iOS can detect changes such as jailbreak status and malicious profiles.
Detects the vulnerabilities in the installed mobile OS version by mapping it to the common vulnerabilities and exposures (CVE) database. Identify out-of-date OS in the MTD Admin Console and any missing security updates. The fragmentation of Android device models across various wireless carriers means that there is an indefinite combination of Android device models and OS versions supported. MTD solutions enable IT to view the OS versions installed on their employees’ devices, assess risk and identify the correct security patch for each device manufacturer and model. This is essential in ensuring vulnerabilities are addressed.
MDM/EMM Integration and Remediation
You can only bolster your security posture, especially for BYOD and COPE devices that do not have strict lockdowns enforced via MDM/EMM (for example, application whitelisting or blacklisting) with MTD integration. The following automated remediation options are available for any MTD policy if malware is detected:
- Email and SMS notification to User and IT Admin
- Block and Remove Managed Applications Deployed via MDM/EMM
- Block and Remove Email, VPN, WiFi, Certs or Other Profile Pushed by MDM/EMM
- Selective and Enterprise Wipe that Includes Email, VPN, Security Policies and Enterprise Mobile Apps
- Factory Reset Which Fully Wipes All Personal and Corporate Data
We Are Strategic Advisors with a Successful Track Record of Balancing Mobile Security and the End User Experience
Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management (EMM) projects with a focus on security and threat detection.
With significant experience in all the major MDM vendors and mobile security solutions including AirWatch and MobileIron, we implement Android Enterprise and Apple for large-scale global organizations.
MOBILE SECURITY SOLUTIONS
- Mobile Device Management (MDM) Consulting
- BYOD Risk Assessment & Policy
- Application Threat Detection
- Google Enterprise Official Partner
- And More...
How Secure is Your Mobile Network? Find Out More Today
How secure is your mobile network? Reach out today to learn more.