Mobile devices are ubiquitous and an essential business platform for many organizations. Like early desktop PC’s, the security of mobile devices was left to the OS manufacturers and, also like desktops, this is no longer an adequate line of defense. The idea that mobile OS’s are inherently secure and apps downloaded from the vendor’s public stores are perfectly safe has since been debunked with numerous incidents with Android and iOS devices being susceptible to compromise and the Apple and Google app stores containing malicious apps. And with half of organizations having BYOD smartphone policies, it’s critical that organizations deploy solutions like mobile threat defense to protect their assets.
We just completed our first ever Wave on the mobile threat defense (MTD) market. This Wave which included customer reference interviews, executive briefings, and MTD vendor demos highlighted three key trends:
- Orgs need treat to mobile devices the same as other business endpoints. Security practitioners expect endpoint security solutions to offer deep protection on the endpoint, analyze application components and actions to ensure they meet organizational security standards, watch for suspicious or anomalous activity and take actions to reduce risk, and integrate into the chosen security analytics platform of the business. Mobile threat defense brings this same level of protection and analytics to mobile devices, going far beyond mobile antivirus.
- Providing more than OS and device security. No operating system is fully secure and as much as OS vendors work to protect their OS, or take Apple’s approach of “security through obscurity”, attackers will find ways in because they want your data, and more importantly, your money. Mobile threat defense isn’t just about securing the OS or scanning apps for malware. It’s about analyzing the apps to understand if there are threats within APIs and SDKs used, as well as see where they’re sending your data. It monitors the multiple network connections that mobile devices have, to watch for a wide variety of threats like Man in the Middle attacks. With the variety of channels open for phishing like SMS messaging, apps like WhatsApp or Facebook Messenger, QR code scans, etc…, MTD tracks these to look for attacks and not rely on known URL filtering.
- Business data on BYOD must be protected. Unified endpoint management (UEM) does a good job of maintaining a safe configuration on mobile devices, but it’s not built to recognize malicious actions of bad apps, websites, or network connections. And when it comes to personal devices employees use for work, actions taken with personal apps could lead to a leak of business information. MTD solutions have insight to the entire device and can not only protect the user and their privacy, but if suspicious activity is detected, all connections to business applications can be protected to reduce the risk to corporate data.
I encourage Forrester customers to read The Forrester Wave™: Mobile Threat Defense Q3, 2024. If you are interested in talking about mobile threat defense providers, the people and processes supporting them, or mobile security in general, please schedule an inquiry with me.
