Mobile Threat Defense Solutions, Q3 2024

Posted on by

Mobile devices are ubiquitous and an essential business platform for many organizations. Like early desktop PCs, the security of mobile devices was left to the OS manufacturers, and just as for desktops, this is no longer an adequate line of defense. The idea that mobile OSes are inherently secure and that apps downloaded from the vendor’s public stores are perfectly safe has since been debunked, with numerous incidents of Android and iOS devices being susceptible to compromise and the Apple and Google app stores containing malicious apps. And with half of organizations having BYOD smartphone policies, it’s critical that organizations deploy solutions like mobile threat defense to protect their assets.

We just completed our first ever Forrester Wave™ evaluation on the mobile threat defense (MTD) market. This Wave, which included customer reference interviews, executive briefings, and MTD vendor demos, highlighted three key trends:

  1. Orgs need to treat mobile devices the same as other business endpoints. Security practitioners expect endpoint security solutions to offer deep protection on the endpoint, analyze application components and actions to ensure that they meet organizational security standards, watch for suspicious or anomalous activity and take actions to reduce risk, and integrate into the chosen security analytics platform of the business. Mobile threat defense brings this same level of protection and analytics to mobile devices, going far beyond mobile antivirus.
  2. MTD solutions provide more than OS and device security. No operating system is fully secure, and as much as OS vendors work to protect their OS or take Apple’s approach of “security through obscurity,” attackers will find ways in, because they want your data and, more importantly, your money. Mobile threat defense isn’t just about securing the OS or scanning apps for malware. It’s about analyzing the apps to understand if there are threats within the APIs and SDKs being used, as well as to see where they’re sending your data. It monitors the multiple network connections that mobile devices have, watching for a wide variety of threats such as “man in the middle” attacks. With the variety of channels open for phishing like SMS messaging, apps like WhatsApp or Facebook Messenger, QR code scans, etc. — MTD tracks all these to look for attacks and not rely on known URL filtering.
  3. Business data on BYOD must be protected. Unified endpoint management does a good job of maintaining a safe configuration on mobile devices, but it’s not built to recognize malicious actions of bad apps, websites, or network connections. And when it comes to personal devices that employees use for work, actions taken with personal apps could lead to a leak of business information. MTD solutions have insight to the entire device and can do more than just protect the user and their privacy — if suspicious activity is detected, all connections to business applications can be protected to reduce the risk to corporate data.

I encourage Forrester customers to read The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024. If you are interested in talking about mobile threat defense providers, the people and processes supporting them, or mobile security in general, please schedule an inquiry with me.