Enterprise Mobile Device Anti-X Protection - dummies

Enterprise Mobile Device Anti-X Protection

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

When you are responsible for the mobile device in the enterprise, this includes all of the associated applications, data, and the security posture of that device. One of the key security components that is relevant to the security on the physical mobile device is the “Anti-X” protection on the device.

Anti-X refers to the family of security components that includes antispyware, antivirus, antiphishing, and antispam, and as the name suggests, can be extended to other threats that may arise in the future. So what exactly are these various subcomponents? Let’s delve into each one. You’re probably familiar what they are in terms of laptops and desktop computers, but mobility changes everything, including the equation that X equals security risk.

Mobile device security components.
Mobile device security components.

In the term antispyware, the anti- refers to the essential component of the protection afforded against malicious spyware that installs itself on mobile devices. As a mobile device is always on the go — and with the plethora of interfaces — the likelihood that the device is connected to one or more wireless networks most of the time is very high.

This constant nomadic behavior and propensity to tethering means that the exposure level to unknown networks is very high, and therefore the likelihood of intrusions that can happen on these devices is far greater than a fixed desktop.

There are some unique dimensions to mobile spyware that make it different from the traditional desktop spyware that you might be used to. For instance, there have been cases of spyware that manipulate SMS messages and expose them so that they can be read by others in the near vicinity.

Mobile spyware in operation.
Mobile spyware in operation.

In the figure, an unsuspecting user is tricked into reading an SMS message that has spyware associated with it. This could be as simple as a URL in the SMS that the user clicks, which lands him on a malware-infested website. In this instance, the spyware scrolls through the contact list on the mobile device and starts spamming the contacts using every means possible — SMS, e-mail, IM, and so on.

So any antispyware solution for mobile devices —needs to provide specific protection against mobile threats to mobile applications (such as SMS-based spyware), contacts database protection, location information spoofing (masquerading the device location to be any place of choice), and the like.

The market is there for the asking, and that means that hackers will be coming after your users’ devices in a big way, if not now, at some point in the near future. The simple solution: Be prepared to address the future with smart devices that have an antispyware solution.