Zimperium Integrates Mobile Threat Defense into Microsoft Defender Advanced Threat Protection
The days of “leaving work at your desk” are long gone. Today, employees are mixing business with pleasure at all hours, in different places. It could be checking your email at halftime of your daughter’s soccer game; reviewing an Excel sales forecast spreadsheet while waiting for a friend at dinner; or, finishing up an overseas partner call while in line for your morning coffee. Any way you look at it, the workplace has evolved, as has the need for making sure all of your endpoints are protected.
A decade ago, the focus of CIOs, CTOs and CISOs was securing company computers, servers and laptops. Today, organizations are beginning to realize mobile devices are an unprotected endpoint with access to, or containing all of the information of a traditional endpoint.
The fact is, mobile devices are now the de facto platform for productivity in business. The traditional computing devices (e.g., servers, desktops and laptops) upon which enterprises focused their security and compliance efforts represent only 40 percent of the relevant endpoints.
The remaining 60 percent of devices are mobile. And while there are some overlaps in what you protect – email, calendars, etc., – the way you solve the traditional endpoint security problem is completely different than how you solve the mobile security problem.
Gartner refers to the process of protecting mobile devices as mobile threat defense (MTD). According to Gartner Analysts Dionisio Zumerle and Rob Smith’s “Market Guide for Mobile Threat Defense” Report (Published 14 November 2019), “Without support for mobile devices, there is a gap left in endpoint visibility that vendors are actively working to close.”
Unfortunately, for many businesses and government agencies around the world, mobile device threats are typically managed/researched/resolved in a separate mobile device console from traditional endpoints. This means an administrator is using multiple consoles when it comes to cybersecurity, which is an extremely inefficient and ineffective security process.
Maybe more importantly, it increases risk significantly as mobile devices are not included in the overall threat analysis.
Zimperium’s Integration with Microsoft Defender ATP
Zimperium has integrated with Microsoft Defender Advanced Threat Protection (ATP) endpoint detection and response (EDR). Our MTD integration with Microsoft Defender ATP provides customers with a single pane of glass view within the Microsoft Defender Security Center; the same console they currently use for managing threats from traditional endpoints like laptops and desktops running Windows, Mac and Linux.
As a result, Microsoft Defender ATP customers now have access to:
- Advanced Threat Forensics – Microsoft Defender ATP now has threat forensics including attacker IP/MAC, WiFi network details, malicious processes and apps, and reasons for device compromise or jailbreak;
- Real-Time Device Status – The integrated solution automatically delivers an update of threat status in Microsoft Defender ATP as threats are resolved on mobile devices. This new functionality provides a real-time view on active threats and the current risk posture of each mobile device within the Microsoft Defender Security Center;
- Threat Hunting – Security professionals can now hunt for mobile threats by user or devices within Microsoft Defender ATP (e.g., show me list of threats affecting my CFO or all of my C-suite executives); and
- Comprehensive Endpoint Visibility – In addition to having insight into the security posture of users or devices, administrators of our Mobile Threat Data can – for the first time – get a complete view of the security posture of all of the endpoints (laptop, desktop, tablet, phone) the employee leverages in their day to day work as they access corporate resources.
Combined with our integration with Microsoft Endpoint Manager (formerly Microsoft Intune) mobile device management (MDM) and mobile app management (MAM) solution for bring your own device (BYOD) policies, the solution can be configured to automatically enforce Conditional Access to contain the detected threat.
To learn more about the integration, watch our on-demand webinar.