by Dan Lowe, on 22 October 2013
Mobile Device Management and Mobile Application Management are 2 areas that can potentially reduce malware.
For the last 2 years, the Bring Your Own Device (BYOD) paradigm has shifted how enterprises must deploy strategies to reduce attacks from this vector. Businesses understand the benefits of using personal mobile devices used by employees, but there is a delicate balance between security and usability.
In the past, besides providing laptops to employees, large enterprises provided mobile devices. In the more distant past, corporations provided pagers and desktop computers to their employees. IT administrators had full control over these devices and could use multiple tools to lock down and control the security of these devices. Now, employees want bring their own mobile devices which presents a different set of problems.
Juniper Research, in October 2013, reported that over 80% of Smartphones and Tablets are not protected from malware. There has been a growing increase of mobile malware from 1st quarter 2013 of 14,000 new unique forms to 2nd quarter 2013 to 17,000 unique forms of mobile malware which is a 21% increase. Criminals will follow the path of money. As the number of tablets outsells the number of computers, next year, criminals will build more tools to attack this system as well.
The mobile management platform is changing as a result. Mobile Device Management allows companies to manage mobile devices from distribution of applications to data and configuration to security capabilities. These companies are expanding their features to include more robust security tools to reduce corporate attacks coming from this vector. It is no longer just about configuration, management, and support of devices, but allowing companies to secure these devices including malware detection while keeping user productivity high and unhindered.
Mobile application management allows companies to provision and control access to mobile applications. Malicious applications that can eavesdrop on conversations, extract information, or monitor communications between the corporate network and the users' device are challenging concerns. Corporate data and/or intellectual property are areas that must be protected, but the applications that are installed on these devices must be scanned for malware as these personal devices are often let to family or friends.
There is a convergence between these technologies as companies are licensing technology, partnering together, and/or cross building functionality. Enforcing corporate security rules is important for companies to reduce the amount of attacks from this vector. Personal devices must be policed and applications within the devices monitored to reduce advanced malware attacks through multiple vectors. Criminals who are attacking both computers and mobile devices are circumventing two factor authentication techniques by capturing user name and passwords from the computer and capturing one time authentication codes through SMS. Once thought as a safe security measure, two-factor authentication is being challenged.
Antimalware technology at the device level should be the first level of defense as it could weed out potentially malicious application before it is installed into your mobile device. Following the same multi-layer defense approach, I am sure that other technologies will have to be implemented in the future to aggressively reduce zero day or unknown threats.
Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.