4 types of mobile security models and how they work
Learn about the different mobile security models that organizations can choose from and how vendors combine cloud-based threat defense with on-device security.
An IT admin often has to find the best tools and practices to enhance the security of the enterprise from threats.
One of the most dangerous vectors for attack are the threats targeting mobile devices. Mobile threats are not just a workplace headache; they can be a cybersecurity nightmare. The scope of mobile security threats -- malware, ransomware and phishing ploys -- means an IT admin has a lot to prepare for.
Understanding and managing mobile security threats
Mobile security threats have grown alongside our dependence on mobile technology and mobile applications. What started as minor issues, such as adware in apps, have now developed into advanced threats that can bypass conventional security measures, such as phishing in text messages or hidden malware in applications. The impact of a data breach or a security incident goes beyond just financial loss. It can erode customer trust and confidence in a business.
IT administrators must understand and anticipate the most common mobile security threats. Detecting, preventing and mitigating these risks is an ongoing challenge but can be tackled with the right training and tools.
Mobile malware: What is it and how does it work?
Malware, short for "malicious software," encompasses a broad category of software crafted to cause harm. For mobile devices, it could take the form of viruses, trojans, adware or spyware -- which can disrupt or steal sensitive data from a user's device.
Mobile malware prevention involves several measures, such as installing security patches and updates enforced using a mobile device management (MDM) tool. While Android and iOS users have some built-in security features, organizations can add an extra layer of security with mobile threat detection tools. These tools can monitor network and application behavior and take proactive actions when threats are detected. However, the most crucial prevention measure is user education on safe browsing and downloading practices.
Mobile ransomware: What is it and how does it work?
Ransomware is malicious software designed to block access to your device or files. Once installed, the attacker demands a sum of money to restore access. When it infects mobile devices, the impact can be just as devastating as an infection on a desktop. Mobile ransomware works by encrypting the user's files. As soon as the files are encrypted, the attacker sends a ransom demand for the decryption key.
Organizations can adopt different approaches to prevent mobile ransomware, such as risk management strategies and the segregation of sensitive data. MDM tools can also help mitigate the impact of a mobile ransomware attack by enforcing security and data loss prevention policies and segregation of data.
Mobile phishing: What it is and how does it work?
Phishing is a deceptive practice that tricks users into giving away their personal or corporate information through fake websites, emails or messaging apps. This type of deception is especially common on mobile devices.
For many, attempts come through well-crafted text messages that contain links for checking failed deliveries or bank account transfers to trick the user into engaging. This is the same psychological trick used with traditional phishing but takes advantage of the immediacy and intimacy of smartphones to increase the likelihood of success. This form of phishing can lead to data leakage, identity theft and financial loss.
It's crucial to provide employee training, implement multifactor authentication and use secure communication channels to prevent breaches. Organizations should also consider mobile threat detection tools to add a second layer of protection to employee mobile devices and prevent data leakage.
Types of mobile security
Organizations have become increasingly reliant on mobile security vendors to protect devices, and several types of mobile security approaches can help them optimize their mobile defense.
The first line of defense in keeping malware off mobile devices is to use approved app stores for iOS and Android. However, even mobile apps in legitimate app stores can harbor malware. Apple Store and Google Play are battling to keep these malicious apps out of their stores, but administrators can minimize their risk by limiting unknown mobile downloads from users.
Organizations should also deploy a managed environment from an enterprise mobility management or unified endpoint management platform that helps administrators address the basic security profiles of mobile devices.
These profiles enable IT to install a mobile security agent on a device. IT can also activate embedded enhanced security tools that might be available on the device itself, such as Samsung Knox in the Android Enterprise program. No mobile security tool is 100% effective, but they are an important step given how much sensitive corporate data is available on mobile devices.
Vendors use four different types of mobile security models.
Traditional signature file antivirus approach
The traditional signature file antivirus model works by creating a signature file on the device. This file is the comparison point for all apps and documents to identify potential threats. However, this doesn't work very well for mobile devices. Today, many organizations employ the hybrid AI approach.
Hybrid AI cloud security
This type of mobile security tool studies the files users download and install on their devices. It's a similar model to search engines where the community contributes samples that improve the overall experience.
Analyzing these files and applications in the cloud helps security tools identify the warning signs of malicious intent. Once AI identifies any malicious files, it prevents users from downloading and opening them. The tools enforce these policies through a local app that updates with the latest information about the safety of files.
This cloud-based analysis approach works well for mobile devices because it doesn't require large amounts of local processing. With relatively fast connections, the lag in checking a file type against the files on a cloud server is minimal.
However, this type of mobile security approach isn't great at finding zero-day attacks due to the time lag inherent in gathering data, testing and returning intelligence to the on-device agent.
Intermediary cloud approach
Under this model, any files a user receives or downloads to the device are automatically uploaded to the cloud service for testing and comparison to determine if they're malware or security threats. The files are loaded to the device only if they are approved.
This intermediary approach also works well for mobile devices, but it can sometimes cause a lag in performance if the mobile devices are on a slow network. Fortunately, the general availability of fast 4G, 5G and LTE makes this less of an issue.
For mobile security vendors, this approach means they can run very fast and extensive processes on high-powered cloud servers, eliminating the restrictions of on-device resources.
Mobile behavioral analysis
With this approach, an AI-based preloaded app prevents malicious activity by flagging suspicious behavior. There is still a cloud-based component to this approach; the agent occasionally downloads new suspicious behaviors to flag on the device, but most of the work happens locally.
Mobile behavioral analysis is the best way to find zero-day exploits. This approach uses crowdsourcing to obtain and test files, but it is more behavior-based than the simple penetration testing associated with a traditional signature file antivirus approach.
How vendors employ different types of mobile security
An IT administrator must understand the various security threats that exist in the digital landscape. As the usage of mobile devices continues to grow, it's even more crucial to have robust security measures in place to mitigate any potential risks.
Unfortunately, threat actors are becoming more sophisticated even as mobile security applications gain capabilities. Security add-ons should still be standard practice for users -- especially enterprise users with sensitive corporate data.
By using a combination of tools and approaches, IT administrators can deploy effective mobile security measures to ensure the safety of the company and end-user data. To stay ahead of evolving threats, IT admins must keep themselves updated on the latest security developments and consistently evaluate and enhance their mobile security strategies.
Editor's note: This article was originally published in 2020 and was updated in 2024 to improve the reader experience.
Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.
Jack Gold is the founder and president of J.Gold Associates, LLC and has been a technology analyst for more than 20 years.