Liberate your workforce

Tip of the iceberg: Inside mobile threat detection

  • The security threats to mobile devices are consistently underestimated, often owing to the lack of security software to detect breaches.
  • On-the-device security solutions are becoming increasingly necessary to counter advanced malware and secure the “interior” of a network.
  • Integrating MTD into a broader enterprise managed mobility service can dramatically simplify the overhead of keeping devices secure.

An integral part of our workplace, mobiles are being overlooked as a vector for cyber threat.

In its Market Guide for Mobile Threat Defense Solutions, Gartner estimates that “By 2019, mobile malware will amount to one-third of total malware reported in standard tests, up from 7.5% today”.

From a security perspective, this means that organisations can no longer focus primarily on perimeter security, as remote work and devices connecting to remote networks become the norm.

“In some senses, it’s a better business model for the attackers to target mobile because their return on investment is much greater,” says Michael Callahan, Chief Marketing Officer of Zimperium, an industry leader in mobile threat defence.

 “As an industry, we’ve invested billions and billions of dollars in keeping our desktops, laptops and servers safe, but through our mobile devices attackers can gain access to the exact same confidential information, such as IP, financial records, medical records or insurance records.”

colleagues on an iPad

Mobile threat defense (MTD) remains rare among enterprises, owing to confusion about the scope of the mobile threat, and the options available to enterprises to keep their devices safe. In their Market Guide, Gartner says that “By 2020, 30% of organisations will have MTD in place, an increase from less than 10% in 2017”.

“Some organisations understand the mobile device risk today and are taking action as they see it as a threat vector and are putting solutions in place to provide protection,” says Callahan, “but there’re some laggards that are still slowly coming to the table, following the exact same pattern that we saw with the rise of malware in traditional desktop, laptop, servers.”

Learn more about how Enterprise Mobility Managed Service can protect your workforce from mobile device threats.

Find out more

Revealing hidden threats

In a classic chicken and egg scenario, the lack of awareness among security professionals of the scale of the threat is contributing to the scarcity of information in the first place.

“The problem is that you can’t take a finger and point to your mobile as an attack vector like you would for another big breach, because almost no one has the security software installed on their devices to actually see what’s happened,” says Callahan.

He says that after installing the firm’s mobile threat detection application, all of Zimperium’s customers found mobile threats targeting devices in their organisation and that it will take a wider adoption of MTD for the full scope of the problem to reveal itself.

“There’s a customer we're working with now, they decided to do a small pilot with their IT team. As part of the process we looked at what apps they had on their phone and it turns that two of the eight people in IT had seemingly innocuous apps that had communication channels to addresses in Russia and China.”

“For me, the mobile device threat is real, it's happening today, and it's probably happening in your environment,” he says.

Managing your mobile security

The good news is that while awareness of the scope of mobile threat remains low, there are already a number of mature mobile threat detection options available to keep businesses safe.

When considering your MTD options, one of the most important factors will be the amount of devices in your organisation, if any, which are corporate-issued.

When supplying devices to employees, security should be one of your key concerns when choosing a Mobile Device Management solution. In bring your own device (BYOD) environments, you will need to select a security solution which supports your staff and usage. Typically, this will manifest as an application which needs to be installed by each user in the organisation or technology embedded in applications developed by the organisation.

One of the most difficult aspects of managing a traditional security environment is ensuring that end points are kept up to date with the latest policy, threat and compliance patches. 

This is an area where businesses supplying mobiles to employees can significantly simplify their overhead by leveraging an enterprise mobility managed service, which can ensure your MTD solution is kept current.

Also, look for an MTD option which provides your security team workable reporting, diagnostics and analytics to understand how devices are being used and where the threats are being introduced.

The integrated managed service provides more advanced capabilities to prevent, detect and remedy threats through Enterprise Mobile Management integration – to stop threats eventuating into data security breaches. For example, Telstra manages and executes threat response actions and supports end users in guiding them to remedy the device in those cases where remote remediation is not possible.

As the need to provide “interior” or “east-west” security grows, due to the proliferation of remote entry points to a network (mobile devices and cloud environments being the main ones), the importance of each end-point’s security rises.

This makes whether an MTD operates locally on the user’s device or if it relies on a cloud connection to function a key differentiator. Callahan says that the increasing sophistication of mobile malware driving adoption of on-device solutions.

“I'll give you two primary reasons. One is, if you're a bad guy, you're going to shut off the connection back to that cloud that the device is accessing for information. The second piece is, the attack happens at machine speed, so even if your round trip from the machine to the cloud to get information is fast, by the time you were to go to the cloud and come back, the malware's already gained access.”

This makes an on-device security a vital tool for keeping your organisation safe, whether the threat is a man-in-the-middle attack attempted via a spoofed Wi-Fi signal, a malicious app downloaded via the app store, or a phishing attempt which can be intercepted via strict, offline compliance rules.

“100 per cent of our customers see threats in their environment as soon as they deploy. So this isn't hit or miss, or sporadic. 100 per cent. Every single customer sees threats in their environment, and it's thousands.” 

Michael Callahan, Chief Marketing Officer, Zimperium

To future proof their investments, organisations should consider how an MTD solution can be integrated into their broader security environment and provide data into their operations centre, to assist with tracking the increasingly multi-device security threats that are emerging in the market.

Source: Market Guide for Mobile Threat Defense Solutions, Gartner, 22 August 2017

Related News

Building Asia Pacific’s leading subsea cable network
Reach global markets
Reach global markets
Building Asia Pacific’s leading subsea cable network

Telstra’s Michael Ebeid, Group Executive, Enterprise shares what he thinks is Telstra’s best kept secret, and how Telstra aims to use this to deliver the best connectivity to b...

Putting a spotlight on businesses that push boundaries
Create transformative innovation
Create transformative innovation
Putting a spotlight on businesses that push boundaries

We take a look at two of last year’s Telstra Business Awards winners, their journey to success, and learn about the opportunities for medium sized businesses to get recognised ...

The biggest game-changing feature of 5G
Create transformative innovation
Create transformative innovation
The biggest game-changing feature of 5G

Every new generation of mobile technology, from 1G to 4G, has heralded faster speeds and more functionality. Now we are headed towards 5G – the next-generation of wireless tech...

See your organisation through a new lens
Secure your business
Secure your business
See your organisation through a new lens

We explore the business possibilities unlocked by leveraging data and analytics from electronic security systems to make better decisions. As technology evolves, for example as...