“Unlike the PC world, which is dominated by Microsoft, in the mobile world, each platform has its own software development environment. A security vendor developing mobile security apps will have to replicate the effort across various platforms. Further, some platforms such as Apple iOS do not allow traditional anti-virus apps on their platform,” said Amit Sinha, CTO of Zscaler, a cloud security company.
Under a BYOD frame of mind, organizations have little choice but to leave mobile AV up to end users. IT may point users to preferred products, but will they take the next step to purchase and manage mobile AV for their entire mobile workforce? Probably not, and that creates serious risks.
It’ll come as no surprise that Sinha advocates moving mobile AV to the cloud, where device constraints can be sidestepped. Cloud-based mobile AV also has the advantage of removing the updating and patching requirements out of the hands of end users.
IT has been doing its best over the years to get a better sense of what exactly is happening within their networks. What kinds of traffic eat up the most bandwidth? Which apps open the riskiest ports? Why on earth is a printer in HR taking requests from strange IP addresses in Russia? Today, these things are easy to find out.
However, with mobile, IT is once again in the dark.
“The problem with BYOD is that most organizations have scarce knowledge of each device type . . . limited control over the devices’ security posture because device owners have administrative rights and can add or remove programs; lack of visibility into what the device is doing on the internal network and how confidential data is moving around; and little understanding of the impact of the device on the network,” said Chris Smithee, Network Security Manager for security monitoring firm Lancope.
According to Smithee, the only viable solution to the BYOD challenge is to obtain visibility into every single thing a mobile device is doing on the network. Without that, it is impossible to effectively ensure that the device is not accessing confidential, privileged data or carrying malware that could spread to other assets.
“The best way to regain this total visibility is to utilize the existing network,” he said. “The network knows about every transaction crossing it, and it can provide this information in the form of flow data such as NetFlow, [a protocol developed by Cisco for collecting IP traffic info].”
NetFlow is already built into most routers, switches and other network infrastructure devices, so the use of flow data to monitor network and host activity offers a cost-effective solution for analyzing the behavior of mobile devices.
“With flow data, organizations can proactively detect issues stemming from any device on the network without having to install additional software on the devices or deploy expensive probes. Flow-based monitoring can detect both externally-launched, zero-day attacks such as botnets, worms or advanced persistent threats that bypass perimeter defenses, as well as internal risks such as network misuse, policy violations and data leakage,” Smithee added.
If you go to your CIO or CEO and suggest that you repurpose an existing technology in order to get a better handle on your mobile problems, you’ll be applying a risk-management mindset to your own job security. Who ever got fired for saving the company money while also improving security?