Mobile threat defense tools bring critical visibility and threat prevention to an organization's mobile security plan, but these tools should only make up a portion of a mobility management strategy.
The functions of mobile threat defense tools can range from protections at the device and app levels to the network level. IT still needs additional management tools such as a unified endpoint management (UEM) tool, however, to provide a wide range of deployment and management functions for mobile devices.
What does mobile threat defense do?
Mobile threat defense offerings aren't all identical, but they share the same goal of protecting mobile endpoints from malware, phishing, data leakage, network-based attacks and other security threats. Some elements of this protection are preventive, while others are reactive measures that limit the damage that an attack can do.
The preventative measures include scans for malicious apps, out of date devices, abnormal device activities such as excessive battery drain and data leaks, and potential network breaches. Mobile threat defense tools also provide IT with user data from its analytics engine based on this monitoring. This data can help IT shape its mobile security strategy at large.
Some reactive measures include flagging anomalous user behavior and verifying apps when they try to access protected data. The reactive measures also help with phishing attacks via mobile email applications or text messages by identifying suspicious links once the user comes in contact with them.
Should IT deploy mobile threat defense on its own?
While mobile threat defense can work on its own, organizations with more complex mobile device deployments should pair these tools with UEM such as Microsoft Intune and Citrix Endpoint Manager to provide a wider range of controls. In a similar sense, UEM can stand alone but mobile admins can greatly improve mobile device security by adding mobile threat defense.
Organizations haven't adopted mobile threat defense tools as widely as UEM tools, so IT pros are more likely to add these tools to existing UEM or enterprise mobility management (EMM). UEM and EMM tools provide a backbone of policy enforcement and access control for mobile devices, so they are a good fit to manage the policies of mobile threat defense tools.
Some mobile threat defense vendors design their tools with specific UEM or EMM integrations in mind; for example, Zimperium zIPS integrates with BlackBerry UEM and IBM MaaS360. UEM tools such as Microsoft Intune integrate with a wide array of mobile threat defense tools as well.
What are the use cases for mobile threat defense?
While most organizations with any managed or BYOD mobile devices could benefit from mobile threat defense tools, there are some specific scenarios where these tools can provide the most value. Google Android devices with Work Profiles that separate company data from personal data are good candidates for mobile threat defense because of the unmanaged personal elements of the mobile device. Adding mobile threat defense policies to the personal side of a user's device may present privacy concerns, but mobile threat defense provides monitoring and tracking that may be a crucial step in securing all mobile attack vectors.
Legacy mobile devices are also good candidates for mobile threat defense. Older smartphones -- especially Android devices that can't upgrade to the latest OS as easily as Apple devices -- may be missing crucial security updates that are only available with the newer versions of Apple iOS and Android OS.
While IT should aim to eliminate these devices from its organization's mobile fleet whenever possible, that isn't always possible or feasible due to cost concerns. Mobile threat defense can provide additional security where the mobile OS's inherent security is lacking.