Mobile Threat Defense: What Companies Should Know
Enterprise mobility is ruling the business world and the influx of modern multiple devices accompanied by a plethora of platforms, applications, and networks have become the reality for today’s companies. But with technology comes power, and with power comes the responsibility to protect these devices, which are the carriers of mission-critical corporate data, user information and customer details from varied external threats, risks, and attacks. The mobile threat landscape is becoming increasingly sophisticated and a compromised device can do irreparable damage to a company. Hence, securing mobile devices from multiple threats has become a foremost concern for the organization’s IT team.
What is Mobile Threat Defense?
Mobile Threat Defense’ simply means a solution with a set of capabilities to protect mobile devices, platforms, applications and networks from multiple common and advanced threats.
Sometimes, mobile devices need security that goes beyond the conventional Enterprise Mobility Management and Mobile Device Management solutions – this is where a company requires a robust MTD solution to safeguard the mobile devices from a wide gamut of cyber-attacks.
Why do companies need to adopt a sturdy MTD solution?
Modern businesses cannot do without advanced mobile devices, the associated technologies along with sophisticated operating systems, apps and networks. But at the same time, they cannot afford to overlook their vulnerability to multiple undetectable threats like phishing, malware, man-in-the-middle attacks, and network attacks. Over time, these threats have matured and have extended their tentacles from mobile devices to other advanced endpoints like wearables and IoT devices, which exposes an exponential growth of these external threats and cyber risks. These constantly evolving threats, attacks, and risks have made the role of MTD solution inevitable, and as of now, a large number of companies across the globe have realized its growing significance within the digital business ecosystems.
These core capabilities of an MTD solution are:
Anomaly detection – Detects behavioral anomalies by monitoring usual and acceptable usage pattern
Vulnerability management – Inspect devices against any configuration loopholes that can lead to malware execution
Code emulation – Detects and exposes the activity of extremely powerful and complex viruses and their related forms
Host Firewall – Installs a firewall on each individual server to secure each host from viruses and malware and preventing them from spreading across the network.
Network security – Tracks all the incoming and outgoing network traffic and disable suspicious connections from entering or exiting mobile devices
Intrusion prevention – A precautionary way to secure the network by identifying potential threats and acting swiftly against them
Apps scan – Detect the presence of leaky and malicious apps and their potential risks through code analysis and reputation scanning techniques
The three levels of device threats that a company can face
There are 3 levels of Security Threats, which can result in a huge corporate data breach, data theft and misuse leading to irreversible financial loss. These are:
- Network Level Threats
- Device Level Threats
- Application Level Threats
1.Network Level Threats
A. Man-in-the-Middle (MITM) Attacks: When an attacker sits between two communicating parties, he can easily log and forward their data using different approaches like poisoning ARP Cache, spoofing SSL certificates, SSL Stripping, etc. The attack can be done by routing all the traffic of victims through the attacker’s-controlled machine.
B. Insecure/unsafe WIFI and hotspots: Most of the “Free” (unprotected/unencrypted/password-free) Wi-Fi hotspots are easy to manipulate. Moreover, attackers can create duplicate SSIDs (Evil Twin Attack) by showing malicious Wi-Fi as a legitimate access point. This way they can trick victims into joining their controlled network instead of the legitimate one. After that, it’s easy for them to perform various man-in-the-middle attacks.
2. Device Level Threats
A. Rooted/Jailbroken Devices: Rooted/Jailbroken devices increase the scope of attacks. Once a device enters in superuser mode, it is easy for attackers to break corporate restrictions and policies (in case of BYOD and COPE). Rooted/Jailbroken devices allow malicious users to elevate privilege on higher levels.
From Android 7.0 and above, apps do not trust user installed CAs. However, if the device is rooted, it is easy to add user certificates to the system store. Which in turn increases the attack surface.
B. Vulnerable/unpatched Device OS Versions: When the OS or hardware firmware is unpatched or having zero-day vulnerabilities, it becomes an easy target for a wide range of attacks.
C. Missing out on Security Best Practices with the following mistakes:
- USB Debugging is turned on
- The device is not encrypted
- Malicious Profile Installed
- No passwords or easy to guess passwords
D. External USB Devices: However popular for data storage purposes, but from a security viewpoint, the external USB devices and drives can prove to be dangerous to your devices as they can be used to inject malware into the devices they are connected with.
3. Application Level Threats
A. Malware: Malware is known to inject malicious commands, spy, serve ads, change application behavior, etc. When a malware is present in the device, it can access or manipulate the device’s filesystem or even remotely access the device. A strong and high-profile malware can remain undetected from most of the anti-virus programs out there.
B. Phishing Attacks: When a victim is tricked into opening malicious links, files or downloading malware. Phishing mediums are emails, SMS or malicious web login pages.
Companies can no longer stay indifferent to the reality of mobile threats and the dangers they pose, but the main point of worry is that these threats are growing in numbers and the depth of impact sometimes becomes difficult to measure. Embracing next-gen mobile threat defense solution becomes inevitable for companies who are planning to progress, innovate and accelerate their business growth through trusted user enablement and pre-emptive protection against any and every type of external attackers across the world.