These solutions can be treated as the next generation of anti-virus software for mobile devices. MTD is a set of tools which allow protection of the mobile device and applications against “advanced” threats. What are these advance threats? To put it simply – anything other than simple data theft once the device is lost or stolen, installing an unwanted application or eavesdropping the network traffic to and from the device.
To offer such “advanced” features MTD solutions use:
- Vulnerability management mechanisms
- Anomaly detection mechanisms
- Behavioral profiling
- Source code emulation
EMM solutions (Enterprise Mobility Management – such as our FAMOC Manage) offer a wide array of application management features – such as management of their permissions, user’s being able (or not) to install apps from application stores, application blacklists and whitelists.
FAMOC also enables the admins to easy install, upgrade and configure any application at large scale (tens to hundreds of thousands of devices installing the app at the same time).
Integration of an EMM solution with an MTD solution additionally allows for application analysis also once it is installed on the device itself. The MTD module installed on the device is constantly monitoring all of the apps installed and their behavior, seeking anomalies in this behavior, as such anomalies could potentially pose a threat to data stored on the device.
MTD adds functionality to the usual EMM solution by using:
- Application reputation databases (such databases are fed information from scans of millions of applications available for download)
- Behavioral analysis (analysis of how the application behaves – e.g. if an app reads data from our device and sends it to a specified server – this is a desired behavior, however if the same app requests access to our contacts , reads our whole contacts book and immediately after connects to an unknown server – such behaviour is highly risky and suspicious – thanks to behavior analysis and appropriate policies potential data breach can be interrupted)
- Machine learning (any abnormal behavior is analysed both locally on the device byt he MTD module as well as by the MTD cloud)
How to use MTD?
All of the features which MTD adds on top of the usual EMM functionality allow for:
- In cases where the phone is divided into a “work part” and a “private part” there can be no serious restrictions on the users in their “private part” of the device on what they can install. The user is free to do as they please, however if an unwanted or harmful application is detected such app is disabled for the user – in real life this does not happen too often, so is not intruding user’s privacy too much (it is also possible just to disable app’s suspicious behaviour, allowing for all other, bening actions to be performed)
- Protection against threats which only come out in an update to an application (as opposed to being there from the start, since version 1). It can very often be the case that an app has been tested by the IT or security department of a company and is hence whitelisted, malicious code can however be added to the app at a later time, along with an update of the app published to the application store – this is a viable attack, as the application is tested a lot more thoroughly upon its initial submit to the application store) – even in such case the malicious behavior of the app will be detected by the EMM -MTD duo and user / company data will remain protected
- Protection against privilege escalation – it is possible to define maximum privilege levels for each application – so if we wish to use an app only for a single purpose, it is possible to just allow access to the internet and our contacts – if at a later time the app attempts to access the contents of our SMS messages such an attempt will be blocked (and reported back to the console)
- If as an organization you are getting a custom application from a third party the MTD solutions also allow verification of such an app against any potentially harmful behaviors. And it is not just the source code which will be analyzed, but also its privileges and behavior at run-time
There is a lot more potential applications of this technology. The market for Mobile Threat Defence (although already recognized by analysts such as Gartner –https://www.gartner.com/reviews/market/mobile-threat-defense-solutions ) is still in its early phases, so new scenarios will come out in the near future.
Our FAMOC Manage is integrated with a Mobile Threat Defence solution from Pradeo – more info here: http://pradeo.com/en-US/uem-mdm-security/famoc