Lookout Endpoint Security
Endpoint Security

October 27, 2020

min read

Cybersecurity Is Not Complete Without EDR for Mobile

We just recently unveiled the industry’s first mobile endpoint detection and response (EDR) solution. This is an industry game changer as we are providing the same tools the Lookout security researchers use to hunt for novel threats to our customers to investigate cyberattacks. If you want to learn more about how we did it, I strongly encourage you to read our Chief Strategy Officer Aaron Cockerill’s blog on the announcement.

For this blog, I wanted to dive into why EDR for mobile is so critical and how it will enable you to holistically secure your organization’s data regardless of what type of endpoint is being targeted. There are a number of components to EDR that Lookout already provides, such as being able to detect and isolate an incident at the endpoint as well as provide remediation instructions to mobile device users. Performing threat hunting and research are the capabilities we just introduced and what I want to focus on.

Businesses are increasingly turning to mobility solutions to increase productivity – especially as nearly all employees are working away from the office. Moreover, cyberattacks rarely occur in a single incident or only involve a small number of endpoints. You need mobile EDR to provide visibility across all of your mobile endpoints that are now at the center of how your workers stay connected and productive.

Why do you need mobile EDR?

The biggest problem EDR is trying to solve – whether it’s on desktop or mobile – is to detect the low and slow targeted cyberattacks and prevent a data breach. What Lookout security analysts have observed first-hand is that cybercriminals are building campaigns that are targeting tablets, smartphones and chromebook in addition to desktops and laptops. We see the same infrastructure used to deliver attacks on mobile and traditional endpoints simultaneously. While this was a strategy used by state-sponsored actors for many years, our research shows that it is becoming commonplace in modern commodity malware frameworks.

The question security professionals want to answer is: how do I prevent an incident from affecting the rest of my users and my organization. EDR is about providing a comprehensive solution to information and infrastructure security. Increasingly, mobile endpoints have access to the same data as your desktops and laptops. Without an EDR capability for mobile, you’re exposing a big gap in your ability to thoroughly investigate and learn from a security incident.

The breadcrumbs won’t always be on traditional endpoints

If you want a visual tour of how a mobile EDR solution can drive threat hunting and research in response to an incident, you should check out this demo video that Apurva Kumar, one of our threat researchers, put together. But let me break down how an EDR investigation can help prevent a data breach.

Let’s pick a common threat most security teams encounter regularly: side-loaded apps. Most of the time, the incident is probably just an employee wanting to use a benign app that they otherwise wouldn’t have access to on their device.

But it could very well be that a malicious actor actually built an app to target your organization via social engineering, and that the app has the capability to download additional malicious code. With our EDR research capabilities, you can investigate where the malicious code comes from and the associated web domains. This is called a “pivot” and it’s what makes the Lookout Security Graph so powerful when exposed through our EDR tools. There are times, for example, where you will find desktop and mobile phishing sites that are both linked to malware targeting desktop and mobile users, revealing a larger coordinated campaign. Using the EDR console enables you to identify these pivot points and make preemptive discoveries without first waiting for a user to be phished or a device to be compromised. And of course, mobile EDR must be a part of a comprehensive EDR strategy in order to make this a reality.

You can’t ignore the device people use the most

When smart mobile devices were first introduced in enterprise, they didn’t really connect to the corporate infrastructure outside of email. Now they have the same access to apps and data as your desktop and laptops. In fact, they have become a primary way your employees are staying productive. Look no further than the emphasis Microsoft Office 365 and Google Workspace place on seamless integration across both desktop and mobile platforms.

The goal of EDR is to ensure that cyberattacks are stopped early and provide a trail of information that can be used to protect your organization. And many of these attacks today are targeting your mobile devices first.

To ensure that you secure your organization's devices and prevent data breaches, you need an EDR strategy that covers the devices your employees use the most. Check out the Lookout EDR page to learn more.