Shortly about Threat Management Sandblast Mobile
Mobile Threat Management (MTM) technology is rapidly evolving from a niche product mainly implemented by the government and industries where security is critical/regulated into a more common, widely used security technology in commercial sector. Although MTM solutions are not as ubiquitous as endpoint security in corporate computers, they are increasingly supporting enterprise mobility management (EMM) or unified endpoint management (UEM) deployments. In short – EMM/ UEM is the Police, MTM is the NSA.
MTM is also proving itself to be a good solution for increasing the security of unmanaged devices, but requiring some level of device health checking and integration with larger security architectures based on technologies such as continuous authentication. These mobile security elements are especially important in light of the COVID-19 pandemic, in which more workers are connecting to personal/non-corporate devices. At the same time, attackers are increasingly targeting home workers – due to their reduced caution in comfortable, familiar conditions.
Mobile Threat Management (MTM) solutions are products delivered in the form of SaaS or hybrid technology on the device/in the cloud that identify vulnerabilities, malicious code, and active attacks and exploits and remediate these attacks. The basic functions of the products include detecting malicious activities on mobile devices such as applications, malware or configuration settings. The technology may also include the ability to protect applications from attacks, as well as detect unsecured or risky network connections.
MTM solutions also include big data analytics elements as products should collect data from deployed mobile devices and use the analyzed data to improve device security – for example, push the latest profiles and behaviors of OS mobile attacks or known malicious applications. Connecting these products to the cloud also enables the technology to communicate with EMM platforms or other points of risk collection or mitigation, such as security information from SIEM or IPS/IDS.
Let’s take a closer look at these functionalities – a good-quality MTM class solution should be characterized by
- Protection against malicious applications – the latest technologies launch applications in a cloud sandbox to scan for threats. They use machine learning and artificial intelligence, sandboxing, static code flow analysis, anomaly detection, application reputation, and more. In addition, when the device is offline, the software applies security locally. Each time the user downloads the app, they will see a detailed analysis of the app and its access permissions. Good MTM also blocks the download of applications from unknown sources or unexpected stores, alleviating the dangers of application sideloading.
- Protection against operating system threats and device flaws – MTM assesses device risks in real time to reduce the attack surface by detecting attacks, vulnerabilities, configuration changes as well as changes due to rooting and jailbreaking. With greater visibility of these threats, administrators can fine-tune security and compliance policies for devices at risk.
- Anti-phishing protection mechanisms – must block phishing attacks on all applications, both from the level of a known, unknown, zero-day site and a site using the SSL protocol.
- Categorization of pages in a mobile browser – blocking access to malicious sites from any Internet browser.
- Conditional access control – blocking infected devices from accessing corporate applications and data, regardless of UEM solutions.
- Detecting anomalies in user behavior – By understanding acceptable usage patterns, MTP can detect strange behavior if it occurs.
- Anti-Bot mechanism – detects devices infected by bots and automatically blocks communication with command and control servers.
- Wi-Fi network security features – which detect malicious network behavior and Man-in-the-Middle attacks and automatically disable connections to malicious networks.
From a broader perspective, MTM solutions by definition can also include computer OS malware protection, spam protection, intrusion prevention, and firewalls for mobile devices.
Privacy is an important consideration for Mobile Threat Management. MTM does not analyze files, browser history, or application data. The solution uses state and context metadata from operating systems, applications, and the network to determine if a device is at risk. Anonymizes data – analyzed to protect the device. The analysis itself is done in the cloud to avoid impact on device performance. A good MTM is a protection that works in the background and users are protected without having to learn anything new or think – how much does the employer interfere with their privacy …?
Mobile threat management solutions are an indispensable tool for analysts to fight threats including – personal devices/BYOD, remote, unmonitored mobile network access, unmanaged devices, questionable applications as well as mobile phishing and false SMS. If you have management or employees using public Wi-Fi systems, even the “secure” ones, you need MTM. If you have a BYOD/CYOD style deployment, you need MTM. If you have highly secured data and users, you need MTM.
Look for an MTM system that will fit your use cases, and choose one that won’t harass end-users all the time false positives, while draining battery and system resources, and compatible with your EMM. We will be happy to help you with this.