Gartner recently released its July 2017 Hype Cycle for Mobile Security 2017, confirming my belief that mobile threat defense (MTD) has matured as a key enterprise security technology through the consolidation of other mobile security solutions.
We believe that as enterprises begin demanding more unified products, mobile security technologies are being subsumed under the MTD header as MTD emerges as the central solution for protecting against mobile risks and threats. Features such as Secure Web Gateways, Mobile Vulnerability Management Tools, and Mobile Malware Protection are all now part of a comprehensive MTD offering that enterprises should begin testing immediately. Existing solutions such as EMM address a different problem space and as such do not focus on mobile security issues.
In this post you will learn:
- How MTD technology has matured through feature consolidation
- Why enterprises with sensitive IP need to begin adopting MTD today
- Why EMM solutions will not fully protect an enterprise from mobile data compromise
A reminder about what MTD encompasses
"Mobile threat defense (MTD) tools defend enterprises from threats on mobile platforms. MTD solutions provide security at three levels - the device, the app and the network. MTD tools provide a variety of security functionality, including device vulnerability assessment, app reputation scanning, app code analysis, and network monitoring and protection," says Gartner in the Hype Cycle report.
When an enterprise does not have an MTD solution in place, it lacks both visibility into risks and control over sensitive corporate data flowing through a mobile device. With MTD, an enterprise gets:
- Protection from data leakage via mobile threats and risks.
- Reduced compliance risk, which means reduced risk of fines.
- Ability to securely embrace employee productivity through mobile devices, a trend otherwise called "digital transformation."
Gartner uses this graphic to describe Mobile Threat Defense solutions:
Gartner, Countering Mobile Malware With Mobile Threat Defense, Dionisio Zumerle, Security & Risk Management Summit, National Harbor, MD, June 12-15, 2017
How MTD technology has matured through feature consolidation
This year we saw Mobile Vulnerability Management Tools and Secure Web Gateways fold under MTD. Gartner states the following in the Hype Cycle report of this consolidation:
- "Mobile Vulnerability Management Tools has been retired. There is no significant development or evolution of stand-alone offerings. Mobile Threat Defense solutions cover most of the needs."
- "Secure Web Gateways has been removed. Most of the requirements covered by this technology are now addressed by Mobile Threat Defense solutions."
Similarly, we will likely see Mobile App Reputation Services fully converge under MTD, which already offers some MARS capabilities. In its May 2017 report "Compare EMM Security Ecosystems to Make a Strategic Selection," Gartner says, "Note that MARS is converging with MTD and will likely not remain a stand-alone market. Technical professionals evaluating MARS products should favor MTD products that include MARS."
Why enterprises with sensitive IP need to begin adopting MTD today
In our view, this year's Hype Cycle report addresses the fact that mobile threats are no longer singularly a consumer problem. In it, Gartner says, "Enterprises that have reasons to be concerned about being targeted by advanced threats, or that need their mobile workforce to have additional protection over untrusted networks, should implement MTD solutions. Typical verticals will be finance, insurance, healthcare, government and energy. Remaining organizations should start familiarizing with MTD technology and gradually introduce solutions to protect their mobile fleet."
Finance, insurance, healthcare, government, and energy companies are all examples of industries that have high regulation, which means significant commitments to compliance and auditory bodies, as well as highly sensitive intellectual property. Other industries with highly sensitive IP include pharmaceutical, manufacturing, biotech, industrial controls & goods, and technology. It is imperative for these industries to maintain visibility into where this data flows, including from a mobile device.
It is in any business' interest to see where that data is going and protect it as soon as possible. Dionisio Zumerle stated in his Gartner Summit presentation, "Countering Mobile Malware With Mobile Threat Defense," that enterprises should immediately, "Enforce a minimum app security baseline for mobile devices (no jailbreak, remote wipe, minimum OS, no third party apps, ...)." In the next 90 days, he suggested security leaders, "Identify the optimal setup for a mobile security solution in your organization," and "Trial the candidate MTD solution."
Enterprise data can be lost through a number of means
Advanced, targeted mobile threats cause serious data leakage, put the enterprise at risk of hefty compliance fines, and diminish brand reputation and trust. For example, Pegasus - the most highly sophisticated mobile threat we've ever seen - gained root access, was able to read and siphon off data that would otherwise have been protected by encryption, access the camera and microphone, steal messages, and otherwise hijack the device for espionage.
However, leaky apps also put enterprise data at risk, as evidenced in Zumerle's slide "What does MTD do?" referenced above. According to exclusive research from the Lookout Security Intelligence team, across enterprise iOS devices protected by Lookout 30% of apps access contact records and GPS data, 31% of apps access the calendar, 39% of apps access the microphone, and 75% of apps access the camera.
This is a wide range of sensitive data that many apps collect and store outside of an enterprise's purview. App developers often ask for a large range of permissions and access to data, even when the app does not need that data to function properly. This is often because apps developers prefer to get permissions ahead of time in case they want to create a feature that uses this permission later. This means that apps developers who do not understand an enterprise's compliance commitments and overall internal risk policies may transmit and store data in ways that do not meet the enterprise's standards.
Why EMM solutions will not fully protect an enterprise from mobile data compromise
Enterprise mobility management (EMM) solutions provide important threat remediation features that support MTD, but do not provide mobile security on their own. MTD solutions rely on a huge dataset of mobile information that powers this detection as well as the behavioral anomaly detection and analysis stacks that identify and alert on malicious or risky security events on an employee device - something EMM solutions lack.
In Gartner's July 2017 Hype Cycle for Midsize Enterprises, 2017, analyst Manjunath Bhat states, "MTD tools will increasingly complement EMM to fill the gaps in vulnerability detection and malware risks." In the "Compare EMM Security Ecosystems to Make a Strategic Selection," report, Gartner states, "Technical professionals tasked with selecting an EMM should: Prioritize identity management, mobile threat defense (MTD) and certificate infrastructure integrations as the most critical."
Enterprises benefit when MTD and EMM tools integrate. This makes device provisioning, or deployment to thousands of employee endpoints, easy and fast.
Enterprises must assess their risk and trial an MTD solution now
Mobile devices pose a significant risk to sensitive data and any industry that may be targeted for its IP must trial and deploy an enterprise security solution now. This will enable the enterprise to securely allow employees to use the mobile devices for work, protect the enterprise from potential data leakage through malicious and non-malicious mobile risks, and thereby avoid potentially hefty fines due to non-compliance.
We believe that this year's Hype Cycle is a clear indication that MTD technologies are now a necessary part of overall enterprise security infrastructure. The market is consolidating under MTD, which now has the right integrations to support large enterprises that must protect sensitive data.
Enterprises security leaders should:
- Assess internal risks. Lookout recommends using the Mobile Risk Matrix framework to do so. Enterprises should start by asking themselves the following questions:
- How am I measuring the risk from each element of the matrix in my current environment?
- How am I controlling for that element of my mobile risk?
- Identify MTD solutions that integrate with MDMs or work as standalone products and begin a trial.
- Then choose the MTD and deploy.
Want to learn more about how Lookout Mobile Endpoint Security can protect your enterprise? Contact us today.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
 Gartner Security and Risk Management Summit Presentation, Countering Mobile Malware with Mobile Threat Defense, Dionisio Zumerle, 12 - 15 June 2017.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization