Endpoint Protection for Mobile Devices | It’s Not Your Father’s Endpoint
First in a series of four blogs on mobile device security
Mobile devices – used today for everything from corporate and personal email access to tools used for company production – are very powerful computers. In fact, over the past several years, the rate of accessing the Internet via mobile devices has increased dramatically versus laptop and desktops, which have both remained flat. The increase in CPU power and the information typically stored on mobile devices is why they are becoming a threat to the typical enterprise. That is why mobile devices should be treated as an endpoint to be protected in an enterprise or organization much like is done for laptops and desktops.
The portability and ease of use provided by mobile devices also makes them a target by hackers who’ve discovered most of them have no endpoint protection deployed. Sure, many organizations deploy Mobile Device Management (MDM) to handle their configuration and ensure they are compliant, but, what does MDM actually do?
They are great at pushing configurations down to mobile devices to ensure settings such as screen locks are enabled, email is configured, wifi networks are setup, etc… they even check if a device is rooted or jailbroken, but let’s consider the following.
There are several issues if a company depends on MDM to detect attacks against a device:
- What algorithm do they use to determine if a device is rooted or jailbroken? MDM vendors are not security companies keeping up with new techniques to Root or Jailbreak a device. No Security Labs feed them data.
- An MDM will check the device on a scheduled basis to see if it is Rooted or Jailbroken. MDM will also check if other configurations have been changed. I have seen this to be every 8 – 10 hours. That is a long time for a device to be compromised before the attack is discovered.
- MDM’s have no way to determine if an application installed on the device is malicious or legitimate.
- An MDM cannot detect attacks on the device such as a Man-in-the-Middle (MitM) attack or someone elevating their privileges. It is possible to elevate privileges without rooting the device.
It’s Not Your Father’s Endpoint – Mobile Devices Should Be Treated as an Endpoint
This is where purposely built endpoint protection for mobile devices comes into the picture. Companies like Zimperium, have been providing specific endpoint protection for mobile devices for the past 5 years. Zimperium provides zIPS, an endpoint protection app of choice for iOS and Android devices. zIPS monitors the device in real time for anything that does not match a learned baseline of good versus bad behavior.
In my next blog, I’ll describe how an attacker can gain access to a device and what they can do with the information they are able to gather, as well as the ramification for the enterprise or organization.
Jonathan Blackman is Senior Director of Technical Presales at Zimperium. He has been in the cyber security field for over twenty years, designing network security solutions for some of the world’s largest companies. Jon has focused on mobile devices in the past eight years and has evangelized the need for mobile endpoint protection for the past five.