As attacks against mobile devices get more sophisticated, many enterprises are no longer relying solely on standard device management platforms for security, but instead blending traditional enterprise mobility management (EMM) and mobile device management (MDM) systems with mobile application management (MAM) systems to create a comprehensive threat management platform.
A few weeks ago, I spoke with Michael Shaulov, CEO and co-founder of Lacoon Mobile Security, a mobile security startup that was recently acquired by Check Point. Lacoon focuses on cyber security for iOS and Android-based mobile devices. The company’s R&D team is based in Israel, but the company has an office in San Francisco, California. Their product is a threat management platform that detects different types of malware, network attacks, and cyber threats against Android and iOS.
Shaulov and his team have experience working with the military, the intelligence community (IC), and law enforcement agencies. As Lacoon’s founders saw technologies that are more advanced for intercepting and monitoring mobile devices reach cyber criminals, they saw a need to offer a comprehensive threat management platform focusing on mobile threats.
He espouses a need for mobile and security teams to team up to augment MDM solutions with security solutions to protect enterprise mobile devices against persistent threats.
Visibility into the rise of mobile security threats
I asked Shaulov about the rise of mobile security threats that seem to be hitting the headlines. He responded to that the threats aren’t something new, rather such threats have been around for over a decade.
“You can claim it is like almost any issue in cyber security,” Shaulov responded. He gave the example of desktop malware happening for over a decade until the RSA breach made organizations believe that maybe they might be compromised as well.
Shaulov was quick to assure me that he wouldn’t over exaggerate the current mobile device security situation right now. He told me it’s a lack of awareness that further contributes to mobile devices being a new attack vector for people as mobile devices are growing into primary devices because of Bring Your Own Device (BYOD) and mobile first strategies.
Lack of visibility into attacks is also a problem. According to Shaulov, unless an organization is using a threat management solution, they may not know if compromised mobile devices are on their networks.
An MDM/EMM comfort zone persists to some degree across mobile enterprises even today. I asked Shaulov how an attacker could hack into an MDM platform.
The simplest way is to phish the user and convince them to install an application, which is a malware on the device. There are more advanced tactics but this is the simplest one,” Shaulov stated.
“And then you can leverage different exploits that are available for free on the Internet to break down the built-in security mechanisms of the Android or iOS operating system, he continued. Once the hacker breaks down the OS security, Shaulov said that the attacker could propagate into the MDM regardless of encryption, secure container, or other security measures in place.
“Once you own the operating system at the administrator level, you don’t really care about those things,” Shaulov warned you could key log everything, scrub the memory, and scrape the mobile device’s screen. He told me these tactics put MDM at risk.
“I don’t think that EMM is doomed. At the end of the day, the problem they solve is on the management and providing access to the data,” Shaulov reassured.
He takes the position that MDM providers aren’t security vendors nor do they have a security vendor’s DNA. He sees mobile security with two layers:
- Management layer (MDM, EMM, and MAM)
- Cyber security layer on top of the management layer
He recognizes that every vendor applies slightly different approaches to this problem, but that vendors look at three things primarily:
- Apps downloaded by any corporate user to a BYOD or corporate device are not malware.
- Network security because if an employee is connecting their device to unsecured WiFi like in a Starbucks, hotel, or airport you need a solution to ensure that network is not being compromised because and a vector to intercept the encrypted/unencrypted communications.
- Device operating system as Shaulov pointed out that device level attacks are predominant in iOS because many attacks take the form of configuration abuses (jailbreaks) versus applications.
He stated the advantage goes to solutions that don’t rely on signatures. Shaulov’s recommendation counts out traditional antivirus vendors including McAfee, Symantec, and AVG. He backed up this recommendation saying the signature approach is very limited and won’t capture anything unique or targeting the organization directly.
“It’s fine for consumers but not what enterprises should be looking for or should be satisfied with,” Shaulov added.
He also advised the security solution reinforcing an MDM platform should use behavioral or heuristic-based detection. These technologies detect deviations in common user behaviors when they access your network resources.
It goes back to EMM and the integration part according to Shaulov. He emphasized the importance of visibility and detecting threats in your environment. Beyond this, Shaulov, also added, “remove the threat and make sure the device is no longer compromised and you need to do it in a timely manner without wasting too many resources.”
Shaulov gave me an example of how a threat management platform could integrate with AirWatch or another EMM platform. A corporate user is accessing their email and other corporate apps via AirWatch that’s integrated with Lacoon or a similar threat management solution. The threat management platform detects malware on the corporate user’s device. The platform then tells the AirWatch console that the device is compromised and instructs it to cut off the device’s access to corporate email and prevents the device from accessing Salesforce or other critical corporate resources.
We already see EMM and MAM convergence in the market. My conversation with Michael Shaulov got me thinking that we are due for the convergence of cyber security and mobile security. Threat management platforms based on battle-tested cyber security techniques and technologies feel like the next step in the natural evolution of mobile security.