Mobile Threat Defense (MTD) is a security software meant to protect organizations and individual users from security threats on mobile platforms. Most commonly, mobile platforms include iOS and Android devices. An MTD platform protects against attacks made specifically for mobile devices. Hackers may also use malware, phishing or network attacks to compromise a user’s device, which could then be used to steal data or to purposely cause a negative business impact. MTD’s goal is to protect users from such occasions. Organizations such as government agencies, banks and legal firms will use MTD to protect their mobile devices.
The concept of mobile security will also go by different names. Gartner users the term Mobile Threat Defense, while other organizations, such as IDC, will call the concept Mobile Threat Management (MTM). Others may also call it Mobile Threat Prevention. All terms relate to securing mobile devices.
An MTD platform should be able to continually protect devices, online and off. MTD platforms can also block threats, alert users, quarantine devices, as well as detect and remediate issues such as zero-day vulnerabilities.
In 2019, Gartner estimated that 30% of organizations would have MTD platforms in place by 2020.
How Mobile Threat Defense works
Mobile Threat Defense platforms will typically address threats at three levels: the device, the application and the network levels.
- At the device level, an MTD platform will check for issues such as if users can enable lock screens or encryption, if they can install apps from unknown sources, or if they have jailbroken the device. An MTD platform may also check for any apparent anomalies, such as a battery drain that could be caused by malicious apps. On Android devices, the MTD platform might also determine whether the device is protected by either Verify Apps, or through calling the Google SafetyNet API to check the device’s authenticity.
- At the application level, an MTD platform can analyze app code, as well as examine app URLs, review security implementations, and detect data leakage and privacy issues. MTD at the application level can also include a review of the developer’s and app’s reputation.
- At the network level, an MTD platform will send and receive data over a network to look for possible threats. Threats the platform may look for include man-in-the-middle attacksor Secure Sockets Layer stripping — which is a process of downgrading an HTTPS connection to a nonsecure connection with the goal of capturing sensitive data. MTD software may also automatically encrypt traffic when connecting to an open Wi-Fi network.
MTD platforms are also driven by an analytics engine that examines user and application behavior to identify any anomalies that could indicate a threat. The engine also incorporates another crucial role in MTD platforms: machine learning. Machine learning — as well as other AI technologies — are used to detect anomalies in the use of a device on all three levels.
MTD and enterprise mobility management
MTD also can be used in conjunction with enterprise mobility management (EMM). EMM is a type of software that allows an organization to enable employee use of mobile devices and applications securely — it also aids employee productivity because IT teams can help provide workers with more tools and applications on mobile devices. EMM focuses on device administration and policy enforcement, while MTD provides protection from cyberattacks.
In general, a mobile security strategy should consider a wide range of potential risks. However, EMM doesn’t cover all of those potential risks on its own. So, to cover the large range of potential risks, an organization that uses EMM can also implement MTD to make their mobile devices more secure. In this case, IT teams should think of MTD as an extension of EMM. The better these two strategies are incorporated, the stronger they should become.
Tools for Mobile Threat Defense
There are a variety of MTD tools, so an organization should know what they are looking for before identifying an MTD tool to use — as some tools may perform different actions and integrate with different EMM platforms.
An organization should first ensure the tool they pick matches with the issues or gaps in mobile security they have. The MTD platform should also provide more than just a general antimalware software; it should provide protection on the device, application and network levels. The MTD platform should also be able to analyze user behavior to detect anomalies, vulnerabilities, as well as retaining the ability to remediate any threats. An organization that already uses an EMM platform should also ensure its choice in MTD platform can integrate well with its already established EMM strategy.
Most MTD software is deployed through a cloud portal and orchestrated with mobile device management (MDM). Gartner recommends organizations implement MTD software gradually and to adopt it first in areas that need more security.
Some vendors that offer MTD tools include Check Point, Zimperium, Symantec and Proofpoint. Check Point has an MTD tool called SandBlast Mobile, Zimperium has zIPS, Symantec has Symantec Endpoint Protection Mobile (SEP Mobile) and Proofpoint has Mobile Defense.