Let’s Protect More than 40% of our Endpoints
Imagine finding out your most recent departmental budget was only 40% of what it should be. If you’re like me, you’d get a strong feeling that “something is missing and it’s a real disaster.”
Well, here’s the thing. If you’re a CISO – or if your job involves information security in general – you should be getting that exact feeling right this minute. Because most businesses only secure 40% of their endpoints.
Clearly, no one thinks that 40% is good enough – whether it’s your budget or your endpoint protection strategy. So why would an otherwise buttoned-up, well-run enterprise security organization pursue a strategy that fails to protect 60% of their endpoints?
Mobile devices are now the most common endpoints in the enterprise
The problem, in a word, is mobile. Enterprises have had decades to plan, implement and iteratively refine robust management and security solutions for traditional endpoints like desktops and laptops. But mobile devices transformed almost overnight from a nice-to-have luxury into the single most critical endpoint in the enterprise for employee productivity, connectivity and collaboration.
Today, enterprises are still struggling to get their arms around protection for mobile devices. That struggle results in part from the vast difference between mobile threat defense and traditional threat defense. Unlike desktop PCs:
- Users are the admins on mobile devices, so they decide when to upgrade their OS, what networks to connect to and what apps to install;
- All apps are in containers on mobile devices, limiting the capabilities of security apps; and
- Endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions are ineffective on mobile devices.
Mobile devices are under-protected and disproportionately targeted
Bad actors recognize that mobile endpoints are a relatively easy target. By September 2020, we had already recorded more mobile app breaches, failures, and data leaks than all of 2019.
Every day, Zimperium detects 600 million threat events involving enterprise mobile devices. Essentially, all the methods and strategies hackers use on traditional endpoints apply to mobile devices.
- Targeted attacks against enterprises often use unknown, “zero day” attacks that require machine learning-based detection;
- “Land and expand” campaigns target the weakest link for entry into the network – unprotected mobile devices are the hacker’s perfect starting point today; and
- To maximize the ROI of compromising any system (including a mobile endpoint), hackers want to establish a persistent foothold that remains even after reboot.
Even aside from inadequate protection, mobile devices have inherent characteristics creating a larger attack surface than traditional endpoints. Cybercriminals can attack mobile devices from multiple vectors.
- Device: Attackers’ primary goal on mobile is to fully compromise the device, be persistent, and weaponize it for “land and expand” lateral movements;
- Network: Attackers use rogue access points (RAPs) and man-in-the- middle (MITMs) to steal data and deliver targeted exploits to compromise the device;
- Phishing: Mobile phishing – especially via text/messaging apps and personal email – is a highly effective way to steal credentials and deliver targeted exploits; and
- Apps: Malicious apps can create fraud, steal information, and deliver device exploits; even apps from legitimate sources can have coding or other errors that make them vulnerable.
All of this is to say that the endpoint security problem itself is huge. But the bigger picture is that when your endpoint security is compromised, all your information security is compromised. If 60% of your endpoints lack adequate management and security, you cannot succeed with security frameworks such as zero trust. But this is not to say that protecting mobile devices is a hopeless cause. Rather, it just requires a different approach.
EPP and EDR solutions can’t protect mobile devices, but MTD can
I mentioned earlier that EPP and EDR solutions are ineffective on mobile devices. The reasons for that are complex. For example, the kernels in mobile OSs such as Android, iOS and ChromeOS are locked down. And since EPP and EDR rely on kernel access, they are blind and ineffective on mobile.
They have no ability to detect risky or malicious networks, and cloud-based detection can easily be disabled by network attackers. They can’t even assess privacy and security risks in legitimate (non-malicious) mobile apps.
Mobile endpoints therefore require a new security approach. Gartner calls this new class of solutions mobile threat defense, or MTD. As the global leader in mobile threat defense protecting millions of enterprise mobile endpoints around the world, Zimperium’s MTD solution uniquely has the characteristics required for successful MTD:
- Detects threats even with locked-down OS kernels;
- Detects known and unknown (targeted) device, network, phishing and malicious app risks and attacks;
- Provides on-device detection that protects user privacy and defends mobile devices even when an attacker owns the network and protects user privacy; and
- Assesses privacy and security risks in legitimate mobile apps.
The Zimperium platform leverages our machine learning-based engine – z9 – to protect mobile data, apps and sessions against device compromises, network attacks, phishing attempts and malicious apps. Our solutions include zIPS which runs locally on any mobile device and detects cyberattacks without a connection to the cloud and our first-of-its-kind Mobile Application Protection Suite (MAPS), a comprehensive solution that helps organizations protect their mobile apps throughout their entire life cycle.
MAPS is comprised of three solutions: zScan, which helps organizations discover and fix compliance, privacy, and security issues; zShield, which hardens the app through obfuscation and anti-tampering; and zDefend (formerly zIAP), an SDK embedded in apps to help detect and defend against device, network, phishing and malicious app attacks while the app is in use.