Here at CWSI we’ve got hold of the 2018 Gartner Market Guide for Mobile Threat Defense (MTD), hot off the press. There’s no famous Magic Quadrant for this category yet but rumour has it that it’s only a matter of time before one gets published (let’s see what happens next year).
For those of you unfamiliar with the term this category relates to solutions that protect organisations from security threats on mobile devices (typically iOS and Android). This shouldn’t be confused with your Enterprise Mobility Management (EMM) platform – or more accurately what Garter now refer to as Unified Endpoint Management (UEM) platform. Having the likes of MobileIron or VMWare Workspace One in place is a good start but these platforms alone won’t fully protect you from many of the mobile threats that exist today and are rapidly growing in type and scale. Here’s our take on the key messages;
Vendor consolidation continues
The first thing we noted was the reduction in the number of vendors included, down from 17 vendors in 2016 to 11 in 2017 and only 9 this year. In fact it should really be 8 vendors due to Symantec’s purchase of Appthority (following its previous acquisition of Skycure) which was announced just after publication of the report.
Given the relative size of this market compared to others in the IT sector and the fragmented nature of the market, further consolidation in this space is highly likely as traditional endpoint protection and management vendors look to expand their coverage. Much like in other sectors, we see the potential for a big 3 or 4 vendors to emerge in that top-right quadrant when it is published.
Market penetration set to rise rapidly
Gartner estimates the current value of the market at only $200 Million globally but is bullish with predictions on market growth. By 2020 (only 2 years away) Gartner predicts that 30% of organisations will have some type of Mobile Threat Defense solution in place, up from well under 10% now.
This could result in a “land grab” as key industry players vie for a piece of the action, driving the consolidation mentioned above. Regulated vertical markets with a need for high-security will lead the charge.
Threats continue to grow in volume and importance
Some of the statistics around mobile threats are startling and underpin some of Gartner’s growth projections;
- Nearly one in five business apps leaks Personally Identifiable Information (PII)
- Every year 42 million mobile malware attacks take place
- 63% of grayware apps leak the device’s phone number
- 60% of security experts believe that mobile malware incidents are under-reported
While we agree that market growth in this area will be strong for the foreseeable future, we feel that many organisations are still waiting for a publicity-worthy breach to occur before prioritising IT security spend in this area. Of course, the risk with this approach is that your organisation could be the one that gets breached – it’s a game of mobile security chicken!
The ‘DNA’ of mobile security
If you’re a regular reader of our posts you’ll know that we often refer to the DNA of mobile security, terminology which seems to be in common use through the industry now. Here’s a quick look at how MTD tools address each of these areas;
Device – MTD tools monitor indicators such as OS versions, security update versions, firmware, device configuration and system libraries to spot vulnerabilities, misconfigurations or malicious activity.
Network – MTD tools monitor cellular and wireless network traffic for Man-in-the-Middle attacks, check for invalid or spoofed certificates and the stripping of security protocols such as SSL or TLS.
Applications – MTD tools identify malicious applications or leaky applications (so-called grayware) through a variety of application analysis techniques.
1+1=3, MTD and EMM integration is key
Gartner clearly recommend the integration of these two tools for easy deployment and automation of threat remediation. While MTDs can prevent attacks (for example by blocking malicious URLs) and identify risks (such as an application that is behaving strangely) they often lack the ability to be able to actively manage the device to, for example, quarantine it from accessing corporate systems. That’s where the EMM comes into play and, if configured properly, automated “playbooks” can be developed to address specific scenarios based on organisational policies.
This is highlighted by two EMM vendors choosing to very tightly integrate their platforms with a leading MTD provider. Back in October 2017 MobileIron announced that it was partnering with Zimperium to include its MTD in the existing MobileIron agent, removing the need for two applications to sit on the device (although at this stage administration management is still through two portals).
Even more recent is Wandera’s announcement on its partnership with IBM to provide its on-device and gateway solution as part of the MaaS360 suite. This is so new that we haven’t yet got the full details of what this might look like or mean for the sector but it’s a clear indication that both MTD and EMM providers see the value in a joined-up approach and making it as easy as possible for organisations to add MTD into their protective toolkit.
The rise of mobile phishing
Verizon’s 2018 Data Breach Report stated that typically 4% of people will click on any given phishing campaign. Further research from Wandera indicates that a new phishing site is launched every 20 seconds and mobile users are 18 times more likely to be phished than to be targeted by mobile malware.
Attackers are simply following the eyeballs and increasingly attacking mobile devices where users are more likely to fall for a phishing attack due to the small form factor (meaning URLs get shortened), the presumed security of mobile devices and being distracted or on the move.
It can be difficult to trace later breaches to these initial phishing attacks but undoubtedly credentials are being shared unwittingly by employees. Even if these are personal credentials, the common re-use of personal passwords in corporate settings means organisations are at risk from future unauthorised access.
The message from Gartner is clear. Mobile threats can no longer be ignored. Having an EMM or UEM solution in place and using this to enforce a security baseline – minimum OS standards, blocking sideloaded apps, enforcing complex passcodes or biometric authentication, remote wipe enforcement – is a bare minimum.
For those in regulated industries, with high-security needs or sensitive data then now is the time to introduce Mobile Threat Defense, making sure the correct integration with your EMM platform
If you’re not sure where to start, or you need help figuring out your next steps, contact us to discuss your mobile security needs with one of our expert team.