Mobile device management and mobile threat detection are the two most common types of mobile security solutions and offer complementary features. This article summarizes the two types of technologies and why both of them are important in defending mobile devices from digital threats.
As mobile devices have become ubiquitous, employees are increasingly using them for work as well as personal activities. They use their mobile phones and tablets to read emails, share files, access client information, use mobile applications (work and personal), and video chat with colleagues.
While mobile devices improve employee productivity, they also pose a security risk. Mobile devices face numerous security threats, including:
- Insecure or fraudulent wireless access points
- Email-based mobile phishing campaigns
- Malicious applications masquerading as legitimate applications
- Device and data theft
Mobile threats are not only common, but on the rise. In its Mobile Security Index 2018, Verizon reports that in the past year, over 27% of organizations experienced a security incident involving a mobile device that resulted in data loss or system downtime.
Mobile device management (MDM) and mobile threat detection (MTD) solutions provide security tools to ensure mobile endpoint protection and safeguard the networks and applications that they access.
How does MDM and MTD compare?
Mobile device management (MDM) and mobile threat detection (MTD) solutions provide security for mobile devices, but use different, and complementary, techniques. Both MTD and MDM operate with a client app on the mobile device and a server- or cloud-based management application.
Below are the features of each type of mobile security solution:
What is MDM?
Mobile device management provides basic security management of the device and enforces security policies. Some of the core functions of mobile device management are:
- Enforcing consistent security management policies on devices
- Updating equipment, applications, functions, and policies
- Monitoring equipment and application performance
- Tracking equipment and status (e.g., location, status, ownership, and activity)
- Providing device remote diagnosis and troubleshooting
- Remotely wiping files from a stolen or lost device
- Auditing for regulatory compliance
- Encrypting email and files
- Creating separate and secured environments for work and personal device use
What is MTD?
Mobile threat detection products focus on network- and behavior-based threats. For instance, an MTD solution can detect man-in-the-middle attacks over Wi-Fi or identify suspicious device behavior. MTD is designed to detect malware and potentially harmful mobile applications as well as mobile phishing attacks. It can also remediate issues in a variety of ways, including the termination of a connection if it identifies a problem. At a more technical level, a mobile threat detection solution can:
- Monitor a device’s configuration and system parameters and look for suspicious activity, such as the modification of system libraries
- Check the integrity of Secure Sockets Layer (SSL) connections and website certificates and deactivate suspicious connections
- Diagnose applications that may be “leaking” user data and detect potentially malicious apps through reputation scanning, code analysis, and malware filtering
Together, MTD and MDM solutions provide strong security for mobile devices and the network and applications that they access.
Solutions such as McAfee MVISION Mobile integrate with MDM applications and exchange alerts when security policies are breached. MVISION Mobile leverages machine learning and behavioral analysis to identify problems with applications, device settings, phishing, and network-based attacks.
Protecting mobile security on employee-owned devices
Employees often use their own devices to access work applications and data. The Endpoint Protection and Response: SANS Survey found that over 60% of organizations allow employee-owned mobile devices to access their networks. Unfortunately, less than 45% of the organizations include the employee devices in the organization’s security management program. To make matters worse, employees may use these unsecured devices over public wireless networks. This combination puts an organization’s network and data at risk of malware infection and data breaches.
Privacy concerns are one reason employers may not include employee devices in an organization’s security management program. However, most MDM and MTD solutions can separate the work applications and data of a mobile device from the personal side. With this firewall between the two, there is less risk of infringing on employee privacy.
This division is accomplished through user roles or personas that define the user’s access privileges to work applications and data. For example, a C-level executive persona may provide one set of privileges and application access, while personas for payroll managers, marketing specialists, and sales people may provide different access rights and resources. Personas operate either in containers—lightweight environments that share the device’s operating system and resources—or in virtual machines that split the device’s resources in half and may run different operating systems. An IT department can create and manage a work persona on one side of the device while leaving the other side for personal activities. When an employee leaves an organization, IT can wipe the work persona clean without affecting other content or settings.
Mobile device management best practices
In addition to implementing MTD and MDM security solutions, organizations can improve the security of their mobile devices by following these best practices from Verizon’s Mobile Threat Index 2018 report:
- Create a custom app store. When employees download apps from public sites, they may gain malware in addition to the app. Employers can eliminate this threat by creating a custom app store with only “clean” apps that the IT department vets, and by preventing downloads from other sites.
- Develop a security policy for devices. Create a policy for employee-owned devices that includes strong password requirements and encryption.
- Implement automated device management. Deploy MDM and MTD solutions and implement personas to separate work data from personal activities.
- Provide virtual private network (VPN) software. Limit exposure to public Wi-Fi networks by installing VPN software on devices that need access to sensitive data.
- Increase employee awareness. Remind employees of prudent security practices and require regular training on security best practices. Employee carelessness is often the cause of data breaches, so employee education is important in improving security.
While mobile devices will continue to be a target of cyberattacks, IT organizations can significantly reduce their risk by implementing mobile device security through good security practices and up-to-date security software. A combination of mobile threat detection and mobile device management provides maximum protection for data and applications while giving employees the benefits of mobile devices.
Mobile security resources