Zimperium's Mobile Security Blog

4 Ways zIPS with Samsung Knox Transforms Mobile Devices Into High-Security Endpoints

4 Ways zIPS with Samsung Knox Transforms Mobile Devices Into High-Security Endpoints

Mobile device security hasn’t always been an enterprise’s top priority. The gradual evolution of smartphone technology, the intensely personal relationship between users and their devices, and the BYOD conundrum early on all contributed to that mindset. But, Samsung mobile devices can now be among the most secure endpoints in your enterprise.

The transformation from ‘major hole in your network’s attack surface’ to ‘model of how protection should be done’ can be seen in two innovative mobile security approaches:

  • The Samsung Knox security platform—a defense-grade set of security features pre-installed in many Samsung smartphones; and 
  • Zimperium’s z9 mobile threat defense (MTD) engine, the only mobile security solution offering on-device, machine learning-based detection of device, network, phishing and malicious app attacks in real time.

Each technology delivers robust security in its own right. Combined, they make Samsung mobile devices some of your enterprise’s most secure endpoints by delivering faster and more granular detection of risks and threats, flexible and fine-tuned mitigation and remediation capabilities, and actionable, data-rich forensics. The combination is an extension of zIPS known as “zIPS with Samsung Knox.”

We recently conducted a webinar with Phil Lander, Director of Mobile B2B, Europe, Samsung and JT Keating, SVP of Product Strategy, Zimperium in which we discussed the integration. Click here to watch it, on-demand. 

By providing deep, broad visibility and control

Enterprises are making more assets and access available on mobile devices, which has made mobile devices increasingly important to the enterprise. Mobile devices now constitute 60% of all the endpoints in a typical enterprise. But the sophisticated protections the enterprise has developed for desktops and laptops do not protect mobile devices. That has left mobile devices massively under-protected in many enterprises.

zIPS with Samsung Knox creates a perfect storm of protection. To understand why, we must start with a basic mobile paradigm, one that is different from traditional endpoints like desktops and laptops. On mobile devices, every app operates in isolation. A given app has no way of knowing what other apps are doing, and in fact doesn’t even see any other apps on the mobile device. This is useful from a security standpoint, since it prevents a malicious app from attacking another app, but it also limits visibility into what is happening on the device. 

On Samsung devices, Samsung’s security platform changes that. Samsung Knox surfaces critical device hardware and operating system data in real-time on the Samsung mobile device, making it available through an application programming interface (API). The on-device Zimperium z9 engine inside zIPS ingests that data and uses machine learning and behavioral analysis techniques to analyze it. zIPS can then perform a range of policy-driven detection, remediation and forensic gathering operations. We’ll look at each of these. 

By detecting risks and threats earlier and more granularly

The z9 engine offers significant protection on any mobile device leveraging a combination of machine learning models and generic behavioral techniques that are not tailored to a specific attack.  This has allowed zIPS to be the premier MTD solution due to the broad ability to detect unknown or zero day exploitation attempts.

Combining the z9 engine with the advanced KNOX platform provides unique access and capabilities for zIPS, allowing earlier threat detection and deeper threat visibility, forensics and response to mobile attacks and exploitation attempts.

By utilizing flexible, powerful mitigation and remediation capabilities

The highly integrated nature of the Samsung Knox platform gives zIPS for Samsung Knox a wide array of remediation capabilities—on-device—in the face of attacks. This includes, for example, data leakage prevention. This entails restricting the use of communication interfaces to limit how and with what the device can communicate and can restrict the copying of information.

Options for dealing with malicious apps include isolating the apps from the network, putting the app in read-only mode, or shutting down the app entirely. There is also the option of uninstalling malicious apps, and in fact, the ability to prevent installation in the first place. These remediation actions can be tailored at the group level, so there is no need for generic, one-size-fits-all policies.

By extracting more descriptive and data-rich forensic insights

The Samsung Knox platform provides rich forensic data for analysis post-attack, at a level of detail not available on non-Samsung devices. In fact, it is possible to determine the exact time that an attack took place, whether any data was exfiltrated during the attack, and if so, where the data was sent.

Here’s a scenario that illustrates how that can work: Suppose a set of diplomats have gone abroad to a trade summit, and they are all equipped with Samsung devices running zIPS with Samsung Knox. The diplomats might be privy to sensitive information and have that information on their mobile devices.

Because they are using that particular equipment, the diplomats’ organization can know immediately when any of the mobile devices are attacked–and that the attack failed. Moreover, they can know particular details, such as the destination for any failed attempts at data exfiltration. When you start extrapolating that same data and pattern of attacks across other endpoints, it becomes a force multiplier.

Contact us

A Samsung device with Zimperium’s zIPS for Samsung Knox running on it is simply one of the most protected endpoints in your enterprise. If you’d like to learn more, please don’t hesitate to contact us.