July 14, 2017

min read

Gartner Summit: Incorporate Mobile Threat Defense Into Your 90-Day Plan

Leaders from enterprises around the world come to the Gartner Security and Risk Management Summit to learn about security trends, technologies, and other insights that help them prioritize security spend throughout the year.

This year, we saw Gartner focus in on mobile security, specifically mobile threat defense, highlighting the more urgent need for comprehensive protection. Four talks dedicated to mobile security issues given by Gartner analysts drove the point home for us: we feel there is a real risk of data compromise via mobile devices, and enterprises must have protection in place.  

Our key takeaways from the Summit:

  • Mobile malware is not negligible and mobile threat defense solutions are necessary to address it.
  • Mobile threat defense solutions must tackle both malicious and non-malicious risks to sensitive data.
  • Enterprises must kick off the search for a mobile threat defense solution in the next 90 days.
  • A comprehensive mobile security strategy involves a mobile threat defense solution that integrates with EMM and Mobile App Reputation Solutions (MARS).  

Enterprises cannot ignore the present threat of mobile malware  

To answer the question of whether mobile malware is real, Gartner analyst Patrick Hevesi opened his "Build Your Mobile Security Strategy" presentation with a reference to Pegasus, the most highly sophisticated mobile threat we've ever seen.

Gartner Pegasus Slide

Gartner, Build Your Mobile Security Strategy, Patrick Hevesi, Security & Risk Management Summit, National Harbor, MD, June 12-15, 2017

Threats like Pegasus, which Lookout helped uncover in August 2016, are still top of mind for analysts and security professionals alike. Using the Lookout Security Cloud, Lookout has been able to determine that 47 in 1,000 Android enterprise devices have encountered app-based threats. Extrapolated out to an enterprise's overall employee base, that represents high potential for data compromise.

Unfortunately, it's not just as straightforward as protecting against malware

Malicious threats are not the only risks to sensitive data mobile threat defense solutions address, as per the slide below, taken from analyst Dionisio Zumerle's presentation, "Countering Mobile Malware With Mobile Threat Defense."

What Does MTD Do

Gartner, Countering Mobile Malware With Mobile Threat Defense, Dionisio Zumerle,  Security & Risk Management Summit, National Harbor, MD, June 12-15, 2017

The nuance in this graphic is the fact that data compromise can occur through non-malicious means, such as an Android device that has been configured to allow USB debugging, a device that allows app downloads from unknown sources, a jailbroken iPhone, or applications that access certain data-types that an enterprise might deem sensitive. Lookout determined that 30 percent of apps on enterprise devices access the device's contact information, which may present significant risk to an enterprise protecting PII.

In his presentation, Dionisio discussed what mobile threat defense solutions tackle and what they don't. He cited mobile threat defense as addressing leaky apps, unpatched devices, advanced malware, privilege escalation hiding, malicious networks and more[1]. It does this through crowdsourced threat intelligence (i.e., a large dataset of mobile code taken from a widespread collection of devices around the world), using behavior anomaly detection to suss out malicious attacks and non-malicious activities across a number of different vectors. These result in alerts to IT and security administrators who can then set policies against varying security events, and help the overall enterprise to avoid compliance risks and data compromise.  

Mobile Threat Defense is a crucial security technology today, not tomorrow

Gartner didn't leave attendees wondering what to do next. Dionisio and Patrick both had very specific recommendations to enterprises.

For Dionisio, the message was clear: act now. He set up an "Action Plan for Security Leaders"[2] in his presentation that we believe is a good one to follow.  He suggested security leaders immediately, "Enforce a minimum app security baseline for mobile devices (no jailbreak, remote wipe, minimum OS, no third party apps, ...)." In the next 90 days, he suggested security leaders, "Identify the optimal setup for a mobile security solution in your organization," and "Trial the candidate MTD solution."    

A comprehensive mobile security solution  

In his presentation on building a mobile security strategy, Patrick also highlighted that mobile security technologies should integrate with existing mobile management solutions such as EMM and MARS.  

Patrick provided specific recommendations for enterprises embracing BYOD and COPE (Corporately Owned, Personally Enabled) mobile environments that drives home this point[3]. For enterprises embracing BYOD, he recommends that security leaders, "Evaluate mobile threat defense solutions with cloud-based application reputations services." He also suggests they, "Enforce conditional access based on the state of the device."  

For enterprises embracing COPE, Patrick encouraged security leaders to, "Evaluate mobile threat defense solutions with cloud-based application reputations service with EMM enforcement."  

In both situations, he recommended they "Evaluate the risks and new tactics being leveraged on mobile device by malware by keeping current with mobile threat reports." He also suggested they, "Deliver training to drive user awareness of which permissions mobile applications are requesting. This approach can help reduce unwanted applications from being installed."  

In both cases we feel Patrick reiterated Dionisio's advice that companies must begin determining their own mobile risk tolerances, developing policies, and employee education on mobile threats and risks.  

How Lookout fits into Gartner's mobile threat defense vision  

Lookout integrates with MDM/EMM solutions, as well as SIEM solutions to allow enterprises to set policies against specific risks and enforce conditional access. The end-user application   sends alerts to the employees, giving them information about the threats and risks present on their mobile devices, educating them while simultaneously giving the enterprise security leader visibility into the same threats and risks.

In order to develop and deploy a truly successful mobile security strategy, enterprise security leaders must familiarize themselves with a concept called the "Spectrum of Mobile Risk." This concept comprises components of risk (e.g., vulnerabilities, threats, and behaviors and configurations), as well as vectors on the mobile device (e.g., devices, apps, and networks) that may lead to data leakage and loss via the mobile device.

Mobile Risk Matrix

Download the Mobile Risk Matrix to learn more about how mobile devices could lead to data compromise in your organization.

Today, enterprise data exists on and flows through mobile devices every single day, creating an environment in which enterprise security leaders no longer have full visibility into or control over who access that data. Gartner's recommendations are vital to enterprises who don't want this to become their reality.

[1] Gartner Security and Risk Management Summit Presentation, Countering Mobile Malware with Mobile Threat Defense, Dionisio Zumerle, 12 - 15 June 2017.

[2] Gartner Security and Risk Management Summit Presentation, Countering Mobile Malware with Mobile Threat Defense, Dionisio Zumerle, 12 - 15 June 2017.

[3] Gartner Security and Risk Management Summit Presentation, Build Your Mobile Security Strategy, Patrick Hevesi, 12 - 15 June 2017.