Liberate your workforce

Tip of the iceberg: Inside mobile threat detection

Highlights
  • The security threats to mobile devices are consistently underestimated, often owing to the lack of security software to detect breaches.
  • On-the-device security solutions are becoming increasingly necessary to counter advanced malware and secure the “interior” of a network.
  • Integrating MTD into a broader enterprise managed mobility service can dramatically simplify the overhead of keeping devices secure.

An integral part of our workplace, mobiles are being overlooked as a vector for cyber threat.

In its Market Guide for Mobile Threat Defense Solutions, Gartner estimates that “By 2019, mobile malware will amount to one-third of total malware reported in standard tests, up from 7.5% today”.

From a security perspective, this means that organisations can no longer focus primarily on perimeter security, as remote work and devices connecting to remote networks become the norm.

“In some senses, it’s a better business model for the attackers to target mobile because their return on investment is much greater,” says Michael Callahan, Chief Marketing Officer of Zimperium, an industry leader in mobile threat defence.

 “As an industry, we’ve invested billions and billions of dollars in keeping our desktops, laptops and servers safe, but through our mobile devices attackers can gain access to the exact same confidential information, such as IP, financial records, medical records or insurance records.”

colleagues on an iPad

Mobile threat defense (MTD) remains rare among enterprises, owing to confusion about the scope of the mobile threat, and the options available to enterprises to keep their devices safe. In their Market Guide, Gartner says that “By 2020, 30% of organisations will have MTD in place, an increase from less than 10% in 2017”.

“Some organisations understand the mobile device risk today and are taking action as they see it as a threat vector and are putting solutions in place to provide protection,” says Callahan, “but there’re some laggards that are still slowly coming to the table, following the exact same pattern that we saw with the rise of malware in traditional desktop, laptop, servers.”

Learn more about how Enterprise Mobility Managed Service can protect your workforce from mobile device threats.

Find out more

Revealing hidden threats

In a classic chicken and egg scenario, the lack of awareness among security professionals of the scale of the threat is contributing to the scarcity of information in the first place.

“The problem is that you can’t take a finger and point to your mobile as an attack vector like you would for another big breach, because almost no one has the security software installed on their devices to actually see what’s happened,” says Callahan.

He says that after installing the firm’s mobile threat detection application, all of Zimperium’s customers found mobile threats targeting devices in their organisation and that it will take a wider adoption of MTD for the full scope of the problem to reveal itself.

“There’s a customer we're working with now, they decided to do a small pilot with their IT team. As part of the process we looked at what apps they had on their phone and it turns that two of the eight people in IT had seemingly innocuous apps that had communication channels to addresses in Russia and China.”

“For me, the mobile device threat is real, it's happening today, and it's probably happening in your environment,” he says.

Managing your mobile security

The good news is that while awareness of the scope of mobile threat remains low, there are already a number of mature mobile threat detection options available to keep businesses safe.

When considering your MTD options, one of the most important factors will be the amount of devices in your organisation, if any, which are corporate-issued.

When supplying devices to employees, security should be one of your key concerns when choosing a Mobile Device Management solution. In bring your own device (BYOD) environments, you will need to select a security solution which supports your staff and usage. Typically, this will manifest as an application which needs to be installed by each user in the organisation or technology embedded in applications developed by the organisation.

One of the most difficult aspects of managing a traditional security environment is ensuring that end points are kept up to date with the latest policy, threat and compliance patches. 

This is an area where businesses supplying mobiles to employees can significantly simplify their overhead by leveraging an enterprise mobility managed service, which can ensure your MTD solution is kept current.

Also, look for an MTD option which provides your security team workable reporting, diagnostics and analytics to understand how devices are being used and where the threats are being introduced.

The integrated managed service provides more advanced capabilities to prevent, detect and remedy threats through Enterprise Mobile Management integration – to stop threats eventuating into data security breaches. For example, Telstra manages and executes threat response actions and supports end users in guiding them to remedy the device in those cases where remote remediation is not possible.

As the need to provide “interior” or “east-west” security grows, due to the proliferation of remote entry points to a network (mobile devices and cloud environments being the main ones), the importance of each end-point’s security rises.

This makes whether an MTD operates locally on the user’s device or if it relies on a cloud connection to function a key differentiator. Callahan says that the increasing sophistication of mobile malware driving adoption of on-device solutions.

“I'll give you two primary reasons. One is, if you're a bad guy, you're going to shut off the connection back to that cloud that the device is accessing for information. The second piece is, the attack happens at machine speed, so even if your round trip from the machine to the cloud to get information is fast, by the time you were to go to the cloud and come back, the malware's already gained access.”

This makes an on-device security a vital tool for keeping your organisation safe, whether the threat is a man-in-the-middle attack attempted via a spoofed Wi-Fi signal, a malicious app downloaded via the app store, or a phishing attempt which can be intercepted via strict, offline compliance rules.

“100 per cent of our customers see threats in their environment as soon as they deploy. So this isn't hit or miss, or sporadic. 100 per cent. Every single customer sees threats in their environment, and it's thousands.” 

Michael Callahan, Chief Marketing Officer, Zimperium

To future proof their investments, organisations should consider how an MTD solution can be integrated into their broader security environment and provide data into their operations centre, to assist with tracking the increasingly multi-device security threats that are emerging in the market.

Source: Market Guide for Mobile Threat Defense Solutions, Gartner, 22 August 2017

Related News

Staying connected in the field
Liberate your workforce
Liberate your workforce
Staying connected in the field

We take a look at the collaboration technologies keeping geographically dispersed workers in touch with head office. Whether they’re on a remote site or going door-to-door vis...

Man on mobile and laptop
Secure your business
Secure your business
Towards a whole of organisation incident response plan

Most Australian organisations have an incident response plan in place, but many security professionals face challenges engaging crucial stakeholders outside IT. The Telstra Sec...

IoT in focus: Transforming the agriculture industry
Create transformative innovation
Create transformative innovation
IoT in focus: Transforming the agriculture industry

The Internet of Things (IoT) sits at the heart of a major technology-driven transformation in Australian agriculture that has huge implications across the whole $60 billion ind...

Visibility, reliability: Future proofing Australia
Optimise your IT
Optimise your IT
Visibility, reliability: Future proofing Australia

Take a look at the changes underway in Telstra’s networks, as we bring our vision for the future to life. It’s no small feat to redesign infrastructure that connects millions o...