Mobile threat defense helps fill EMM's gaps

Enterprise mobility management is crucial security technology, but it can't do everything. Mobile threat defense software helps IT stay ahead of the curve.

SAN DIEGO -- As more IT pros realize that EMM doesn't completely protect mobile data, they're taking a closer look at mobile threat defense tools.

Enterprise mobility management (EMM) allows IT to enforce security policies and control what users do on their devices. But attacks on mobile operating systems and devices are becoming more common as hackers identify vulnerabilities, and organizations need clear insight into these threats and their potential effects. Mobile threat defense tools can help with that piece of the security puzzle, said analysts and attendees here at the Gartner Catalyst Conference.

"EMM is more of just the management; it's just pushing a policy to the phone," said Seth Wiese, an IT security administrator at Kuraray America, a chemicals manufacturer in Houston.

Mobile threat defense tools supplement EMM by continuously monitoring devices for malicious apps and other risks, and by providing analytics around app and network usage to prevent cyberattacks. Kuraray uses VMware AirWatch for EMM and wants to adopt this technology to get more monitoring capabilities and predictive analytics about its devices, Wiese said.

But for organizations just starting out with mobility, it can be a challenge to convince higher-ups that IT requires more than just EMM for security.

Patrick Hevesi, research director, GartnerPatrick Hevesi

"That comes down to dollars and sense," said the director of enterprise solutions at a banking and investment firm, who requested anonymity because he is not authorized to speak publicly. "And how do you assign a cost value to data being lost?"

The bank uses Microsoft Intune to manage around 750 corporate-owned mobile devices, but there is definitely a need to supplement that software with mobile threat defense, the director said.

Mobile threat defense market heats up

Traditional security vendors are acquiring mobile threat defense startups to integrate this technology into their larger product offerings; see Symantec's acquisition of Skycure last month.

Other vendors in the market include Appthority, Check Point and Zimperium. All of these offerings have different capabilities for analyzing devices, apps and operating systems to identify risks, and many use machine learning to detect patterns in user and app behavior and predict future threats.

"There's not one tool," said Patrick Hevesi, research director at Gartner, in a session. "Some tools detect. Some tools prevent. Some tools remediate. Some tools pop up an alert. So as you're building this strategy, you need to start thinking about what attacks you're most worried about."

This approach can help IT decide what tool to buy. One organization could be prone to malware, while another may have users downloading unwanted applications, for instance. At Kuraray, data leakage is the biggest concern, Wiese said.

Every code written by someone can be exploited by someone else.
Patrick Hevesiresearch director, Gartner

The most common mobile attack vectors are websites, app stores, text messages and network vectors such as rogue access points on Wi-Fi networks, Hevesi said. Traditional antivirus software might not catch threats to mobile devices, and hackers have wised up and figured out where the vulnerabilities in mobile operating systems are, he said.

"Vulnerabilities exist on all mobile platforms," he added. "It's software. Every code written by someone can be exploited by someone else."

Mobile threat defense best practices

As part of a strong mobile security strategy, IT should set up data classification levels that determine how much risk each user's information presents and how much security they require, because not all will be the same, Hevesi said.

"Maybe your CEO just wants email, calendar, contacts," he said. "So maybe you don't need EMM for that and just use [Microsoft] Exchange ActiveSync and throw threat defense on there."

Classifying data levels is the first step the banking and investment firm's director wants to take as he evaluates mobile threat defense software.

"I'm trying to understand the users to figure out the risk profile," he said.

IT should also limit the devices and operating systems that employees can use, to ensure they have the most secure and up-to-date versions available, and continuously educate users on how to avoid mobile threats. For instance, there's a flashlight app on Google Play that requests permissions to access information in many other apps, Hevesi said.

"Train your users to say no," he said.

Next Steps

Tips for IT to deal with top mobile security issues

Deep dive into understanding mobile endpoint security

Test your mobile security knowledge

Dig Deeper on Enterprise mobile security