Traditional security models do not suffice in the technical world today. New ways need to be explored to protect users in this evolving mobile world. A term currently known as Mobile Threat Defense (MTD) is a growing technology within the mobile security space. MTD is a solution that will provide advanced level of security needed for mobile devices today.
We are increasingly threatened by cyber-attacks that pose a threat to our personal information, identities, finances, businesses and much more. As we become more connected in a digital world, we also become more susceptible to ongoing and increased cyber threats. We need to ensure that security is not taken lightly as we continue to do more with technology.
As growth in mobile device adoption continues at an exponential rate, it is critical that we pay more focus around the security on these devices. With this growth also comes a new level of expectation in the availability and accessibility of corporate data. Being able to access data from anywhere and at any time is a reality in our world today. As we continue to expand on mobile strategies and provide increased access and information via mobile devices, the footprint for vulnerabilities also increases. As technical leaders within the enterprise, we cannot ignore this risk and security strategies need to be updated and re-designed.
Traditional Security over the years has focused heavily on protecting the perimeter of the Corporate Network along with Anti-Virus type agents on laptops and desktops. This has been an effective way to help reduce the footprint of vulnerabilities in the past. Today, this is far from an effective and efficient security model as we become more mobile and cloud focused. We are moving away from the traditional Network where there was once full control over the edge of data centers and users. In addition, traditional Anti-Virus clients are much more reactive and don’t even detect some of the more advanced vulnerabilities that pose a threat to the user community.
As we look beyond traditional security within the enterprise, there really hasn’t been any readily available options for mobile devices. Both iOS and Android adoption has continued to increase within the enterprise but there has been a lack of development to expand security agents onto these devices. This is quite concerning as more corporate data is being accessed via mobile. What is more concerning is these devices are connecting to unknown Networks and the Internet directly. The footprint of mobility has grown far beyond that of a traditional work environment and is requiring a change in the way we secure devices within the enterprise.
The majority of enterprises will likely have an Enterprise Mobility Management (EMM) system deployed to manage both corporate and personal mobile devices. With EMM comes a basic level of security and compliance that will provide the enforcement of security policies to the devices. Some of the security and compliance within EMM includes:
- Device encryption
- PIN/Password enforcement
- OS version minimums
- Basic Root/Jailbreak detection
Failure to comply with the security policies can prevent access to corporate information if configured correctly.
This is a great start to securing mobile devices within the enterprise. But, there is no advanced security within EMM and traditional security vendors have been slow to provide the needed security tools in a mobile world. To help reduce potential threats on mobile devices, enterprises need to start looking at the next generation of security tools available for these devices. This is where MTD can help.
MTD is a technology that can be deployed to your mobile device to help protect against the ongoing cyber-attacks in the world today. The following list provides some of the benefits that MTD will provide in addition to the basic security provided by EMM for iOS, Android and Windows 8.1/10:
- Detection of Malware on a device: Repackaged applications, Malicious apps, 3rd party app stores etc.
- Network vulnerability detection: Man-in-the-Middle (MitM), Rogue access points, SSL certificate validation, Web Browser threats, Location spoofing etc.
- Advanced security features: Enhanced Root/Jailbreak detection, Side-load/Developer mode detection, USB exploitation, Profile modifications etc.
- Deep packet inspection: Inspection of packets traversing a device
- Active monitoring and reporting: Visibility into all treats detected, Active notifications as threats occur, Ability to view trending, Historical timeline of events etc.
Enterprises need to expand on their current security strategies to include the protection of all devices being used to access corporate information. There has been a heavy focus over the years securing a traditional OS, but there is a lack of urgency as it relates to mobile devices. As threats are becoming more frequent, sophisticated and targeted, we need to be as pro-active as possible. To do this, a mobile security strategy is essential to improve protection to your organization and corporate assets.
Moving beyond mobile devices comes a new challenge as more IoT (Internet of Things) is adopted and used within the enterprise. The current challenge with IoT is there is no standards around these devices as it relates to both management and more importantly security. It is critical that enterprises begin preparing themselves for IoT. Enforcement of standards, policy and security around these devices is required to prevent another avenue for data leakage.