Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:25 AM
Mike Raggo
Mike Raggo
Connect Directly

Anti-Malware Doesn’t Cut It in the Mobile Era

As operating system architectures shift from open file systems to application sandboxes, traditional anti-virus becomes less relevant. Enterprise mobility management provides both proactive countermeasures and reactive mitigation.

It’s no secret that retailers are under attack. Not from masked robbers, but from anonymous criminals that work online. What is less widely known is that anti-malware -- the virtual guardian of the PC era -- won’t protect organizations in an increasingly mobile world. And the pace of change in mobile is so great that certain security standards can quickly become obsolete.

To address the rapidly changing challenges in mobile security, I have had the privilege of working with the Payment Card Industry (PCI) Security Standards Council as part of its PCI Mobile Task Force. We are focused on the emerging mobile point-of-sale (POS) technologies and the evolving mobile threat landscape. As more retailers deploy mobile devices for mobile POS, mobile presents the opportunity for more automated security countermeasures for protecting retailers from attack. Therefore the PCI Mobile Task Force continues to update the PCI guidelines to take advantage of these unique security features.

Learning from recent attacks
Recent retail breaches exposed a common theme with the attacks that involve infecting legacy POS devices. It demonstrates a lack of defense-in-depth strategies within these legacy POS environments.

The nice thing about mobile POS is that when an organization incorporates enterprise mobility management (EMM) and mobile into a retail environment, it comes with a full defense-in-depth strategy. Any holistic security strategy should include both proactive and reactive countermeasures. EMM and mobile enables that in a variety of ways:

Sandboxes make antimalware irrelevant
After analyzing more than 2.5 million apps for our mutual enterprise customers, Appthority found that less than half a percent were malware. Appthority is an app reputation service that integrates with MobileIron’s EMM dashboards.

Traditional anti-malware (especially anti-virus) are becoming less relevant in the mobile era. This is because operating system architectures are shifting from open file systems (Windows 7 and below) to application sandboxes (Android, iOS, Windows Phone/Pro/RT).

For example, on iOS, there isn’t much for anti-malware or anti-virus products to do because neither they nor any other app on the device can access another app's storage or memory. On Android, there is some shared storage and memory, and so there are anti-malware and anti-virus products. But these products only detect and alert, so even on Android, they don't mitigate or remediate the problem once detected, because they can't remove a bad app.

The EMM alternative
The basic difference between anti-malware and enterprise mobility management is that anti-malware for mobile is reactive and doesn’t mitigate the problem once detected. EMM provides both proactive countermeasures and reactive mitigation.

EMM proactive and automated mitigation measures include managing app, content, and device access and creating automated countermeasures for when devices fall out of compliance with security policies. This includes:

Mobile POS proactive and reactive automated protection. Mobile POS (mPOS) can be further protected by EMM. For example, EMM solutions can distribute the mPOS app to the device. This therefore enables management of the app to enforce control over that app. If a nefarious attack occurs, or the device falls out of compliance (jailbreak, root, disabled PIN, etc.), the auto-quarantine kicks in and can block network connectivity or remove the mPOS app and its data, thus mitigating a breach. In the case of recent retail breaches, the window of compromise occurred for weeks or months with legacy POS devices. With mobile and EMM, organizations can detect malicious apps, as well as when a jailbreak or rooting occurs, and can respond in a matter of hours or minutes. It’s also important to note that this mitigation is automated without the need for a human in the loop. This can mitigate the threat automatically and minimize the window of compromise.

Certificates. The PCI Data Security Standards (DSS) 3.0 requirements outline the use of certificates for authentication for WiFi and for remote access. EMM enables this by providing a built-in Certificate Authority and automated distribute of certificates to mobile devices. This deters man-in-the-middle attacks and eliminates passwords, which can be vulnerable to brute-force attacks. This also helps organizations achieve compliance with the Mobile Payment Acceptance Security Guidelines v1.0, Objectives 1, 2, and 3, released in Sept. 2012.

App containerization. App containerization operates through a software development kit (SDK) or app wrapping to separate corporate and personal data so that even if malware is downloaded to the device, the isolated corporate data remains intact and unaffected. It enables enforcement of data loss prevention (DLP) rules to restrict content sharing with unauthorized apps on the device

App reputation service. Anti-virus and anti-malware are largely ineffective in mobile due to the application sandboxing in iOS, Android, and Windows Phone 8. Arguably the best that these products can accomplish is to possibly identify malicious, rogue, or risky apps. In contrast, an app reputation service in conjunction with EMM can provide a variety of detection as well as countermeasures and quarantine options to remove the human-in-the-loop and automated mitigation:

  • Consistent security policies applied to corporate data such as email, apps, documents, and web pages
  • Device-level lockdown policies when tight control is required

EMM reactive mitigation measures include:

  • Auto-quarantine ranging from a simple blocking of email to an automated selective wipe of the corporate data and apps to avoid a breach. This action can be triggered by a malware download or a jailbreak/rooting action, and the security action knob can be adjusted by the administrator.
  • Integration with app reputation services that monitor the inventory of apps on the device to flag those with undesirable or risky behaviors and trigger a notification, access control, quarantine, or wipe action.

Put another way: Where do EMM solutions overlap with mobile security services from the top anti-virus vendors? There is very little overlap, and they take completely different approaches. Traditional security products were built for the security issues of Windows. Mobile architectures are different.

Protection at the speed of mobile
EMM solutions approach mobile security in a different and more complete way than traditional anti-malware solutions do. An enterprise won’t be able to secure mobile apps, content, and devices using only an anti-malware solution. There might be times when enterprises wish to distribute an anti-malware app through EMM to provide additional security, and anti-malware can provide some complementary controls on certain devices, but EMM is quickly becoming the primary approach to protect cardholder data on mobile.

Michael T. Raggo has over 20 years of security research experience. His current focus is social media threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding: Exposing Concealed Data in Multimedia, Operating ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters