Mobile Threat Blog

  • Mobile
    Security Insights
  • Mobile
    Threat Research
  • Mobile
    Security Tips
Apps are the New Endpoint

CISOs have to worry about all aspects of enterprise security. This is a daunting challenge and one that always requires them to be thoughtful about adding new technologies into the mix. Despite the pressures of limited people and budget resources, security depends on shoring up the weakest link. So, when prospects ask, “Can’t I use my network analysis tools to defend against mobile app risk?,” we tell them to use the best technology for the job rather than being tempted to go with what they know.

“If you’re waiting for traffic to hit the network to be analyzed, you’re waiting to identify a breach, not to prevent one.”

Network analysis alone is insufficient to protect against mobile app risks, leaving blind spots that weaken your security posture in an increasingly mobile-centric world. Here are three reasons why:

    1. In the mobile era, the security perimeter has been extended from the network layer to the mobile application layer. The new endpoint is found on employee devices: the apps they use. These applications interact with your network and share data with enterprise resources.  They also store data and share it with thousands of third parties, both known and unknown, each day. Just monitoring network traffic, therefore, will not protect your enterprise from risky mobile app behaviors.

    1. Analyzing mobile app traffic on the network only gives limited visibility to app traffic since app communication data has to be on the same network as the tool analyzing the traffic in order to be visible. This leaves any on-prem traffic using 4G/LTE and all off-prem communications unmonitored, which is significant in a mobile world. VPN solutions that route and monitor all mobile app traffic are an option, but come with their own issues.  They create a single, focused target for hackers as well as performance issues for users and extra costs for companies. Additionally and more importantly, routing all mobile traffic (work and personal) through a VPN is not an option in countries and companies where this violates privacy policies.

  1. Finally, mobile is not only the new perimeter for threats, it sits in a unique and important position with respect to how data is shared, specifically when it is encrypted. Current encryption options and best practices increasingly make sure that mobile traffic is encrypted by the time it reaches the network and thus, is not readable by network analysis tools tools trying to identify unintended or malicious corporate data leaks. Appthority believes it’s better to assess and eliminate threats before they reach the network. This means preventing and addressing risks before data hits the network or even leaves the device.

For Comprehensive Risk Management, Focus on the App Layer

Rather than working from the network layer out, we feel a better approach is to go from the outside in — from the mobile app endpoint back in to the network layer. For this reason, our solution analyzes the network traffic on an instrumented device or emulator to evaluate the data that is being transferred before it is encrypted and before it leaves the device. It also performs extensive dynamic app analysis in a sandbox environment, to uncover risky hidden runtime behaviors when the apps are executed. In this way, our scoring engines monitor app behavior as the app runs on a device and perform network traffic analysis simultaneously.

We also created the Appthority Mobile App to identify malicious, sideloaded, blacklisted, and other risky apps that break corporate policies – even before they are downloaded and can access private employee and enterprise data. The app further fortifies the mobile app perimeter by informing and educating employees about what their apps are really doing with private and corporate data.

In short, while network analysis is an important part of an overall security strategy, by itself it doesn’t provide comprehensive protection against mobile app risks. We highly recommend adding a mobile app risk management solution to your security stack because mobility, and the app risk that comes with it, is only going to grow.

To learn more on this topic, download our white paper Addressing Mobile App Risk: Why Network Traffic Analysis Isn’t Enough.