Not all mobile endpoint security solutions are equal
At Appurity we’ve worked with many customers over the years to effectively evaluate mobile endpoint security solutions. Whether you’re running a firm operating within a regulated industry, a government body or non-profit organisation, it’s common for organisations to demonstrate that they’ve considered several options in the market before implementing a new solution.
This is becoming increasingly common as we work with customers to streamline and consolidate their environments. Evaluating at least two vendors to find a solution that can help optimise existing platforms and even combine multiple security requirements into one ensures your solution is both fit-for-purpose and delivers an excellent return on investment.
We support our customers by evaluating our own recommended solution alongside a new provider, or as a “bolt on” to their existing environment. What we’re looking for is complete coverage for each of our customer’s chosen security risk profiles.
In our many years of doing this, we’ve learned that not all mobile endpoint security solutions are equal. Crucially, we’ve consistently found that while some vendors might offer capabilities for one operating system (OS), they might not necessarily uphold the same standards for another.
When it comes to evaluating – and ultimately choosing – any endpoint solution, what we urge our customers to consider is that it’s not just about whether a solution possesses specific vulnerability management and malware protection capabilities but, crucially, how these functions will actually operate across various operating systems in their environment.
Here’s the first instalment in a two-part series examining several key potential threat areas, and how some popular mobile endpoint solutions measure up. In the second instalment, we’ll be delving deeper into the importance of OS consistency in mobile endpoint security.
Vulnerability and Patch Management
Patch management can quickly become a full-time time task. Overnight, organisations are expected to patch devices due to OS vulnerabilities exposed through zero-day exploits. Often these patches are required to stay compliant with regulatory frameworks.
For a multi-OS estate, your IT teams are expected to monitor multiple vendors at a time for updates. For a multi-vendor Android estate, updates and patches are not released at the same time – requiring you to monitor multiple vendors across multiple devices on multiple OS versions. Staying on top of these updates in this way is a resource-heavy endeavour.
This problem can go away overnight when endpoint security solutions include automated update detection for each and every device. We also encourage customers to opt for solutions that enforce user-invoked updates.
Malware Protection
New malware strains are discovered regularly, and threat actors are continually deploying innovative and sophisticated attacks. Malware attacks may be delivered to iOS and Android devices within applications, or deployed via files/processes – compromising devices before cleaning up to evade detection.
A comprehensive endpoint solution should include full static and dynamic analysis of applications, detection of malicious applications and files, and general detection for compromised devices as a result of malware infection – all as standard. Some endpoint solutions that we’ve evaluated in the past do not have malware detection or application analysis on iOS, for example.
Application Risk
Every application installed on a device that has access to corporate data poses a potential security risk. While many apps are not overtly malicious, they may contain vulnerabilities or do not adhere to stringent data protection or handling standards.
Therefore, organisations must have the ability to analyse applications. This includes apps already installed on devices, and apps due to be installed. Full visibility of risky behaviours, permissions, insecure coding practices and communications, data access, connectivity, vulnerabilities, components and communication locations is critical.
Without the ability to analyse applications in this way, organisations simply cannot enforce policies to limit risky app usage. This has several knock-on effects, including a potential breach of cybersecurity or data protection accreditations and certifications, exposure of critical corporate data, accidental device compromise or infrastructure exposure,
App visibility is not just an important endpoint security feature. It’s also foundational to any threat intelligence activity, enabling organisations to take a proactive approach to security.
–
Stay tuned for the next blog in this series, where we’ll be highlighting the key capabilities your mobile endpoint solution needs to effectively protect all operating systems and networks, and mitigate against device compromise.