The case for unified endpoint management and mobile threat defense

The evolution of endpoint management

Unified endpoint management (UEM) has played a significant role over the years in enabling companies to improve the productivity and security of their corporate mobile devices and applications. In the early days of endpoint management there were separate workflows and products as it pertains to traditional endpoints, such as desktops and laptops, versus mobile devices. Over time, administrators grew frustrated with the number of tools they were required to learn and manage so developers moved toward an integrated solution where all endpoint devices, regardless of type, could be inventoried, managed, and have consistent policies applied through a single pane of glass.

Today, UEMs allow IT administrators to be more productive by enabling them to set and enforce policies as to the type of data and applications an employee can access, providing the administrators with granular control and more effective security. These UEM platforms boast security features including the ability to identify jailbroken or rooted devices, enforcing passcodes, and enabling companies to wipe the data from mobile devices in the event they become lost or stolen. In general, UEMs have and continue to play an integral part in improving the management and productivity of business-critical mobile endpoints. 

Possible avenues for attack

However, in today’s environment, companies are experiencing a significant rise in the number of sophisticated and targeted malware attacks whose goal is to capture their proprietary data.  Only a few years ago, losing a mobile device meant forfeiture of content such as text messages, photographs, contacts, and calling information. Today’s smartphones have become increasingly sophisticated not only in their transactional capabilities but also represent a valuable target, storing a trove of sensitive corporate and personal data, and in many cases include financial information. If the phone stores usernames and passwords, it may allow a malicious actor to access and manipulate a user’s account via banking or e-commerce websites and apps. 

To give you a sense of the magnitude of the mobile security issues:

The number of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022
In 2021, banking trojan attacks on Android devices have increased by 80%
In 2022, 80% of phishing attacks targeted mobile devices or were designed to function on both mobile devices and desktops 
In 2022, 43% of all compromised devices were fully exploited, not jailbroken or rooted-an increase of 187% YOY  

Attack vectors come in various forms, with the most common categorized below:

Device-based threats – These threats are designed to exploit outdated operating systems, risky device configurations and jailbroken/rooted devices.

App threats – Malicious apps can install malware, spyware or rootkits, or share information with the developer or third parties unbeknownst to the user, including highly sensitive business and personal data.

Web and content threats – Threats may be transmitted via URLs opened from emails, SMS messages, QR codes, or social media, luring users to malicious websites.  These websites may be spoofed to appear like a legitimate site requesting payment details or login credentials. Other websites may include links that will download malware to your device.

Network threats – Data is at risk of attack via Wi-Fi or cellular network connections.  Attacks can come in the form of man-in-the-middle attacks or rogue access points enabling hackers to capture unencrypted data.     

Enter mobile threat defense

While UEM can inventory assets, offer employees a more consistent experience, and can be used to push updates, its threat detection capabilities is extremely limited. The increased sophistication of malware attacks makes UEM platforms insufficient to detect or prevent these attacks from occurring.

To address these attacks more companies are adopting mobile threat defense solutions to work in tandem with their UEM subscriptions. Mobile threat defense (MTD) enables companies to identify and block mobile threats across most, if not, all attack vectors. The following outlines how mobile threat defense protects against the four main categories of mobile device threats: 

Device-based threats – Continuous evaluation of user and device risk posture with the ability to prevent jailbroken devices, those with outdated OS, and risky device considerations from accessing the network

App and content threats – Continuous scanning for malicious malware, viruses, trojans and side-loaded apps.  Threat detection is alerted in real-time with device remediation.

Network threats – Scans through each of the customer’s mobile devices to determine missing OS security patches, identifies man-in-the-middle attacks and other network related vectors providing remediation guidance such as fixing vulnerabilities or bug fixes.

Web and content threats – Mobile threat defense will alert users phishing attempts from email, SMS, or browsers.  It can also block malicious websites depending on the MTD features and capabilities.

Use cases

Remote payment processing

Companies are beginning to increase flexibility and decrease time to revenue by offering mobile payments in the field.  If mobile devices are part of the company’s payment path, they require protection. Malicious actors may use man-in-the-middle attacks to intercept network transactions. Equally threatening are surveillanceware attacks that capture information during a transaction. Mobile threat defense will identify these attacks, alert the user, and potentially block depending on the MTD’s solution’s capabilities.

Defend high-value targets against breach

Executives are commonly targeted as they may have access to sensitive data (e.g., financial, and strategic plans, customer, and human resources related information) and often use mobile devices while “on the road”.  Attack vectors such as spear phishing may be deployed by hackers with targeted attacks. Such highly sensitive information warrants the need to secure executives’ devices. Mobile threat defense applications will aid the IT administrator in identifying these attacks and alert the user on their device. 

Mobile threat defense vendors and solutions

There are a few mobile threat defense offers for consideration in terms of their effectiveness in addressing threat vectors that target mobile devices. 

IBM MaaS360 Mobile Threat Management: IBM recently introduced a new version of its mobile threat management application to complement its UEM offering. IBM MaaS360 Mobile Threat Management enables companies to detect, analyze and remediate enterprise malware on mobile devices. It provides SMS and email phishing detection, advanced jailbreak, root and hider detection with over-the-air updates for security definitions. Administrators can configure compliance policies based on these advanced threats and remediate vulnerabilities—improving the security of bring your own device (BYOD) and corporate-owned devices.

SentinelOne Mobile Threat Defense: This solution enables comprehensive, on-device, autonomous security for corporate-owned and personally owned BYOD devices that protects against modern day threats and exploits. The mobile agent detects application exploits in real-time, untrusted networks, man-in-the-middle attacks, system tampering, and delivers mobile phishing protection.

Lookout Mobile Endpoint Security:  Lookout Mobile Endpoint Security (MES) is considered by many to be the industry’s most advanced platform to deliver mobile endpoint detection and response (EDR). Its capabilities include extending zero trust policies to any device having access to corporate data, evaluates the risk posture of every user and mobile device throughout their session and automatically ends the session if the risk posture changes informing both user and admin of the threat.