Beyond UEM: Detecting the onslaught of mobile threats with AI
By Vivien Raoul, Pradeo
The advent of mobility within companies opened up the need for enterprise mobility management (EMM) solutions (and later, unified endpoint management, or UEM). With EMM, IT could finally manage and secure mobile devices for work.
Companies discovered new ways to work, drive innovation and deliver customer experiences with mobility. Hackers, however, discovered an unlimited playground.
Mobile devices and apps provide plentiful entry points to both corporate and personal data. This new dimension forces companies to face a continuing challenge—mobile security—and to identify new ways to close the ongoing security gap.
MTP: A complementary mobile security principle
Through EMM or UEM, IT can take a top-down approach to enforce security policies (e.g. application blacklisting). This way, security heads have a clear understanding of the threats their mobile fleet is exposed to and can use UEM to implement preventative and protective actions. This approach reflects the core security principle used for the last decades to protect desktops.
But it is extremely difficult, not necessarily impossible, to predict attacks due to the vast and varied attack surface of mobile devices. To level up mobile security, IT also needs real-time analysis to detect and prevent new threats.This complementary mobile security technology is called mobile threat protection (MTP), or mobile threat defense (MTD). These solutions can be integrated with UEM to provide mobile security on top of mobility management.
A wide range of threats - one solution to secure users
Mobile attacks are commonly categorized into three families representing the source of threats:
- Network exploits, the first category, covers threats related to suspicious connections from and to mobile devices, as well as unauthorized network configuration changes.
- Operating system (OS) manipulations represent another type of attack that compromises system parameters or libraries through known vulnerabilities or privilege escalation.
- Finally, mobile applications come at the top of mobile threat vectors not just because of their number but also because of the diversity of these types of threats. There’s been an explosion of malware featuring more and more unknown and advanced attacks, bypassing signature-based protections.
The key to MTD, then, lies in the ability to detect real-time threats coming from different sources. This approach requires an on-device presence to monitor, take action and pool security data for reporting and adjusting security policies.
AI at the forefront of mobile protection
Traditionally, IT handled security threats with a post-attack analysis. This could take days or weeks to issue a countermeasure. Because of the immediacy of mobile cybercrime, this threat detection model is outdated.
Mobile security must be automated and auto-adaptive to its environment to provide fast, appropriate and proactive threat management. The next generation of mobile protection combines multiple layers of real-time analysis and machine learning.
Artificial intelligence (AI) is becoming a pillar of cyber defense, especially because accuracy is crucial. There’s no room for estimations. A false positive opens up corporate data to a security breach.
As a member of the VMware Mobile Security Alliance, Pradeo helps companies meet end-to-end mobile security requirements. Pradeo provides a set of solutions—mobile endpoint protection, runtime in-app self-defense and mobile application security testing—to identify security flaws, set a robust security framework and automatically prevent attacks.
Pradeo 360° Mobile Threat Protection provides a zero-day, multi-layer security solution analyzing in real time, compliance with security policies of any device (including corporate or bring-your-own devices) at the app, network and operating system levels.
Pradeo technology relies on a patented, crowdsourced, machine learning process combining static, dynamic and behavioral analysis to prevent from known, unknown and advanced threats. The technology can also be integrated with VMware AirWatch unified endpoint management to automatically update the status of apps and devices in the AirWatch console.
Find out more at pradeo.com.
- » The real state of DevSecOps: Checking on automation, speed, and accuracy
- » P is for productivity: How Android 9.0 focuses on enterprise mobility
- » Organisations struggling with seamless customer experiences, MuleSoft argues
- » Forget facial recognition: Let’s use AI to help gauge integrity
- » Invest in your employees’ mobile devices and see a serious dividend, argues Samsung