Cybersecurity Is Not Complete Without EDR for Mobile

Businesses are increasingly turning to mobility solutions to increase productivity – especially as nearly all employees are working away from the office. Moreover, cyberattacks rarely occur in a single incident or only involve a small number of endpoints. This blog will dive into why EDR for mobile is so critical and how it will enable you to holistically secure your organization’s data — regardless of what type of endpoint is being targeted. 

‍

Why do you need mobile EDR?

The biggest problem EDR is trying to solve — whether it’s on desktop or mobile — is to detect the low-and-slow targeted cyberattacks and prevent a data breach. What Lookout security analysts have observed first-hand is that cybercriminals are building campaigns that are targeting tablets, smartphones, and Chromebooks in addition to desktops and laptops. We see the same infrastructure used to deliver attacks on mobile and traditional endpoints simultaneously. While this was a strategy used by state-sponsored actors for many years, our research shows that it is becoming commonplace in modern commodity malware frameworks.

The question security professionals need to answer is this: How do I prevent an incident from affecting the rest of my users and my organization? EDR is about providing a comprehensive solution to information and infrastructure security. Increasingly, mobile endpoints have access to the same data as your desktops and laptops. Without an EDR capability for mobile, you’re exposing a big gap in your ability to thoroughly investigate and learn from a security incident.

‍

The breadcrumbs won’t always be on traditional endpoints

Let’s break down how an EDR investigation can help prevent a data breach.

A common threat most security teams encounter regularly is that of sideloaded apps. Most of the time, the incident is probably just an employee wanting to use a benign app that they otherwise wouldn’t have access to on their device.

But it could very well be that a malicious actor actually built an app to target your organization via social engineering and that the app can download additional malicious code. With Lookout’s EDR research capabilities, you can investigate where the malicious code comes from and the associated web domains. This is called a “pivot” and it’s what makes the Lookout Security Graph so powerful when exposed through our EDR tools. 

There are times, for example, where you will find desktop and mobile phishing sites that are both linked to malware targeting desktop and mobile users, revealing a larger coordinated campaign. Using the EDR console enables you to identify these pivot points and make preemptive discoveries without first waiting for a user to be phished or a device to be compromised. And of course, mobile EDR must be a part of a comprehensive EDR strategy to make this a reality.

‍

You can’t ignore the device people use the most

When smart mobile devices were first introduced in enterprises, they didn’t connect to the corporate infrastructure much outside of email. Now they have the same access to apps and data as your desktops and laptops. In fact, they have become a primary way for your employees to stay productive. Look no further than the emphasis Microsoft 365 and Google Workspace place on seamless integration across both desktop and mobile platforms.

The goal of EDR is to ensure that cyberattacks are stopped early and provide a trail of information that can be used to protect your organization. And many of these attacks today target your mobile devices first.

To ensure that you secure your organization's devices and prevent data breaches, you need an EDR strategy that covers the devices your employees use the most.