Constant Visibility is Crucial to Enterprise Mobile Security

Written by

Much of the attention focused on mobile security invariably includes topics like machine learning and AI, various vulnerabilities such as zero-day attacks, and sophisticated state-level malware threats.

One of the most infamous mobile threats in recent years has been Pegasus, a headline-grabbing spyware that was first identified by mobile phishing security expert Lookout together with cybersecurity watchdog group, Citizen Lab. The discovery of Pegasus quickly sent shockwaves throughout the cybersecurity community due to its ability to infect Android devices as well as iOS devices, which many users had wrongly presumed impervious to attack.

Despite the noise around Pegasus, only a handful of devices were actually ever exposed to malware, meaning that threats such as this pose such little risk that the effort to protect devices against it can best be spent elsewhere within the organization.
What does warrant greater attention, however, are the kinds of attacks that prompt far fewer headlines but actually occur with far more frequency in the wider mobile security landscape. The market is experiencing an unusual phenomenon at the moment; while almost every individual enterprise IT or security team is critically aware of (and often able to monitor in real time) the threats posed to their desktop machines and on the networks inside their firewalls, they have almost zero visibility when it comes to mobile devices and the WiFi or cellular networks their employees regularly use.
You can’t defend against threats that you can’t see

The traditional approach to organizational cybersecurity falls apart when exposed to the additional challenges of the mobile, external workforce. This gap was highlighted recently in research published by the Enterprise Mobility Exchange, which surveyed its members to gauge their familiarity with the kind of mobile threats each company was likely facing on a daily basis.

Of particular concern was the revelation that almost half of the people working in mobile security in 2019 have no idea how many mobile security incidents took place in their organizations over the previous 12-month period. What this quite clearly demonstrates is that remediating attacks and dealing with threats isn’t the priority of these teams. Simply being aware of every security event is the most pressing challenge for the average organization.
Where exactly is all the data going?
This blindness to security events extends to a lack of knowledge about network traffic, too. While some businesses have implemented EMM (enterprise mobility management) solutions such as MobileIron or SOTI to help manage and monitor devices and applications, very little is known about how those apps behave in real time.

All apps and websites communicate with servers located all over the world, but over one third of survey respondents had no visibility into the nature of these data transmissions. Even among those with some kind of monitoring solution in place, half had no process or ability to track this communication in real time.

In light of news stories such as the ongoing concerns about Huawei’s ties to the Chinese government, or the discovery that some Nokia devices were inadvertently communicating with servers in China for no apparent reason, this kind of tracking is critical to mitigating unwanted risk.
Visibility into unknown networks
Many enterprises are naturally harnessing mobile technologies and better endpoint devices to give employees greater access to company data in real time, in order to better serve customers, manage operations, and increase productivity. Some enterprises allow employees to bring their own devices (BYOD), and others provide a corporate-owned device (COPE). However, with the rise of mobile device use, employees – and their employers – face a complex landscape with a growing list of potential security threats.

All it takes is one breach on an employee's corporate-owned mobile device in a public network for a hacker to gain access to proprietary company data. 
For decades now, network performance monitoring tools have been giving administrators powerful insights and control over the activity taking place on corporate-owned networks. Secure web gateways, next-gen firewalls and other tools enable granular oversight that minimizes security risks while helping IT teams to enforce acceptable usage policies.
When it comes to mobile, however, these rules completely fall by the wayside. The second an employee connects to a cellular network, uses home WiFi or signs into an airport or hotel hotspot, that network visibility hits a brick wall. Any rules around acceptable usage are gone. Mandates about appropriate content or sanctioned file sharing services are likewise gone. And any protections against network-based mobile threats evaporate.
Turning back to the survey results again, well over half of the professionals who responded had no visibility into these external networks and no security rules around protecting against risks.

The clear takeaway is that as digital transformation brings enormous changes to the way employees and customers interact with organizations, those organizations’ security leaders must proactively invest in the tools necessary to bring mobile risk in line with traditional IT risk management. That will require the kind of endpoint-centric protection offered by MTD solutions, along with a healthy dose of network-based visibility. 

What’s hot on Infosecurity Magazine?