In-the-cloud defenses for mobile malware

Mobile antivirus programs apply laptop best practices to PDAs and smartphones, but there are many other ways to protect corporate assets from mobile

    Requires Free Membership to View

malware. Complementary "in the cloud" defenses include enterprise sync servers, network gateways and wireless services that incorporate mobile malware filtering.

Learning from experience

Our decade-long fight against Win32 malware has shown that PC-resident virus/spyware scanners and spam/phishing filters are necessary but inefficient. Keeping those programs and signatures current has become an onerous, time-sensitive chore.

Of course those PC-resident scanners and filters have not gone away. But most enterprises now back them with server-based and network-edge antivirus and antispam solutions. These added measures can stop most malware before it reaches desktops and laptops, increasing IT control, improving user productivity and reducing the risk of infection.

Fortunately, PDAs and smartphones are well-positioned to leverage enterprise server and network defenses. As wireless connectivity grows faster and more ubiquitous, most mobile threats will be delivered "over the air," passing through an enterprise mail server, mobile application gateway or remote access concentrator. Those enterprise-operated platforms provide a golden opportunity to apply centrally administered mobile malware defenses.

  • If your business already blocks spam and phishing messages at a Microsoft Exchange, Lotus Notes or SMTP Server, those same measures can be applied to email sent and received by mobile handheld devices. Require mobile workers to check email using this secure path, and discourage or actively block mobile access to personal POP/IMAP mailboxes that bypass these corporate defenses.
  • If your company uses a Web proxy, network firewall or unified threat management platform to block high-risk Web activity (e.g., visiting phishing websites, downloading spyware), consider using mobile browser proxy rules or VPN tunnels to redirect all handheld Web traffic through that same control point. Here again, the goal is to stop mobile users from getting themselves into trouble through unprotected Web surfing (including webmail).

From a traffic engineering perspective, such solutions are suboptimal. Back-hauling all mobile email and Web traffic through your corporate network increases bandwidth consumption and latency. Furthermore, today's network and server antivirus scanners may not spot mobile-specific viruses. However, these approaches let you take advantage of existing IT-managed defenses to defeat a big chunk of mobile malware, without requiring handheld software purchase, installation or maintenance.

Looking outside the box

Enterprise server and network security platforms lie beyond the reach of many small businesses. But all users -- even individual consumers -- can tap spam and phishing filters that accompany hosted email services provided by ISPs and wireless network operators. In some cases, those external antimalware services can actually deliver broader protection.

For example, today's smartphone and cell phone users spend more time communicating via text messages than email. Enterprise servers and firewalls can filter mobile email, but only wireless network operators have the vantage point to apply spam and phishing filters to those SMS and MMS messages -- including mobile-to-mobile messages.

According to Cloudmark chief technology officer Jamie De Guerre, over 30% of all mobile email messages processed in North America are now spam. In China, over 50% of SMS messages carried on mobile networks are spam; in Japan, that scourge tops 80%. Using a technology like Cloudmark Authority to block these unwanted messages inside the operator's network (including those from spoofed addresses) can reduce traffic load, intercarrier roaming costs and billing adjustments.

Doing so is clearly in the network operator's best interest, but why should employers care about SMS spam and phishing? Whether malware arrives by email, SMS or Bluetooth, it threatens the integrity of the mobile device and the privacy of any corporate data that resides on it. Mobile attackers have started to exploit SMS as a largely unmonitored and unprotected communication path. Targeted SMS identity thefts have already been launched against consumers with considerable success. Can "smishing" attacks aimed at the corporate executives who carry smartphones 24/7 be far behind?

Layering defenses

Filtered messaging services can stem the tide of spam and put a damper on social engineering attacks, but they can't address every mobile malware threat all by themselves.

For example, the iPhone is ushering in a new generation of handheld devices that make mobile Web not just possible but palatable. As mobile Web traffic grows, network operators will need to batten down the hatches on this vector too, using in-the-cloud content security gateways to block Web-borne malware on behalf of their subscribers.

Moreover, in-the-cloud security services cannot mitigate threats that bypass corporate and provider networks altogether. Many mobile worms and trojans to date have been propagated through Bluetooth peer-to-peer communication and removable memory cards. On-device defenses are the only reliable way to stop these "out of band" attacks.

The bottom line: Don't let handheld software budgets and mobile device management barriers stop you from addressing mobile malware threats. Take this opportunity to establish a first line of defense by reusing network and server countermeasures you already own and can easily control. Complement them with wireless network services that incorporate antimalware measures. That way, when the mobile malware tipping point finally arrives, you'll already have two out of three bases covered.

About the author: Lisa Phifer is president and co-owner of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon her 27 years of network design, implementation and testing experience to provide a range of services, from vulnerability assessment and product evaluation to user education and white paper development. She has advised companies large and small regarding the use of network technologies and security best practices to manage risk and meet business needs. Lisa teaches and writes extensively about a wide range of technologies, from wireless/mobile security and intrusion prevention to virtual private networking and network access control. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.

This was first published in September 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.