Your Mobile Endpoint Security Solution: what to look out for
A key takeaway from our discussions with customers and evaluations of their current solutions is the importance of solution coverage. While endpoint solutions come with varied capabilities, it’s vital that they don’t shortchange your organisation by covering only certain OS versions. Malware protection capabilities are only effective if they work across all the OS versions and devices in your fleet. Let’s break this down further.
Operating System – feature parity
As highlighted in part one of this blog series, ensuring equal protective coverage for both iOS and Android is fundamental for an effective mobile endpoint security solution. Many of our customers have mixed estates and BYOD policies. These environments require a security approach that ensures all potential threats are addressed across the board. We often see solutions that have coverage on one OS and not another, or vice versa. For example, malware detection may be offered on Android but not on iOS, or OS out-of-date detection may be offered on iOS but not Android. We urge customers to work with vendors that can offer this critical protection across all devices and OS systems.
Network Security
Many of our customers have global, hybrid workforces, requiring their users to regularly connect to unfamiliar networks or work in regions where traffic is intercepted. Insecure networks are often dismissed when compared to high-risk attacks like phishing and malware – but they can still be exploited.
Simple, opportunistic attacks can be used to intercept sensitive data, credentials, and MFA tokens, as well as spoofing web sites and inserting malicious redirects. In our technical evaluations of mobile endpoint security solutions, we’ve found that some solutions lack insecure network detection and remediation. Detecting Man-in-the-Middle attacks, rogue access points, ARP poisoning attempts, port scanning and SSL attacks is imperative. This detection capability should be paired with the ability to block access to sensitive data and applications whilst connected to any insecure networks.
Device Compromise
Jailbreaking or rooting a device is often seen as a way to ‘customise’ the user experience. But by breaking out of the standard operating system constraints, devices can bypass Mobile Device Management control and detection mechanisms. Organisations lose true visibility of the device, control over the device, and the ability to secure access to corporate infrastructures. Ultimately, in the case of an attack, this can lead to these devices becoming compromised without the user’s knowledge.
This enables full access to the device, its contents and capabilities – even when the device appears powered off. Advanced device compromise detection should come standard with your endpoint security solution, across both iOS and Android. We’ve observed solutions that either have no concept of device compromise detection, have basic capabilities that can be easily bypassed by root kits such as Magisk, or only work in specific scenarios such as when the jailbroken device is tethered.
User Remediation
Admins often grapple with the challenge of securing hundreds, if not thousands, of devices within an organisation, compounded by the multitude of potential threats these devices are exposed to. Solutions that fall short in empowering users with the requisite knowledge or remediation tools inevitably lead to administrative bottlenecks. Ideally, a mobile endpoint solution should notify both the user and the admin in the event of a security lapse, outline the nature of the risk, and offer the user an immediate and effective resolution. This approach not only mitigates risks quickly, but also reduces administrative strain and educates users in real-time.
At Appurity, we’re not just another name in mobile security. We’re committed to understanding your organisation’s unique mobile security needs, highlighting specific areas of weakness and suggesting tailored mitigation strategies.
We’ll support your vendor evaluation efforts by offering a detailed mobile endpoint solution test plan, comparing our top recommendations with other vendors you’re considering. These tests will analyse the performance of mobile endpoint solutions real-time in your environment, covering commonly-observed attacks as well as live malware samples.
Get in touch with the Appurity team today to find out more.