Engaging with any IT vendor around mobile security will invariably lead to the conclusion that there are many tools available. It’s at this time that some simple qualification can determine whether the vendor has a solution that addresses your enterprise requirements.

Mobile solution proliferation is driven by that fact that humans want to engage with systems through devices of their choice. The personas they take on within an enterprise, as well as the devices they use in that environment, impact the ideal solution. Humans, after all, are employees, contractors and customers, and the value of the data to which these personas have access varies greatly. So it’s not a one-size-fits-all proposition.

Mobile Security Solutions

Within the mobile security domain, there are solutions for application scanning and protection, access management technologies, fraud protection, mobile device management and others. It’s when these technologies are used together that they address two key areas of mobile security solutions.

1. Enterprise Mobility

With solutions such as IBM Security’s MaaS360 and VMWare’s Airwatch solution, the objective is to keep enterprise data safe. Gartner named this realm enterprise mobility management.

There are adjacencies to this technology, such as identity and access management and hybrid development platforms, that support the same objective. However, they are designed mainly for providing a safe environment for employees to access mobile enterprise services.

2. Consumer Mobility

Solutions that securely enable consumers to access available services aim to delight customers with a user experience consistent with their device of choice. Solutions that support such an objective include access management and API management technologies, as well as traditionally native development tools with pluggable software development kits. Banks delivering solutions to their customers, for example, will also be interested in providing integrated fraud protection solutions.

In an era where having a proliferation of tools provides more opportunities for adversaries to exploit weaknesses, these simple considerations can set the course for selecting a set of technologies designed to address your requirements. Assessment of viable solution stacks should ensure a clear set of use cases are documented so that your vendor proposes the correct set of technologies.

How to Learn More

Join me in a panel session at InterConnect 2016 titled “Customer Experience Panel on Access Management for Enterprise Mobility.” There, I will host IBM Security customers who will share their experiences with this range of technologies. I hope to demystify the mobile security domain so attendees can chart a clear course for their enterprise requirements.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read