Andrea Danti - Fotolia
As the variety of endpoints in the enterprise has increased, so has the variety of malware targeting those devices.
End-user computing administrators and security professionals must protect against viruses, worms and spyware, plus emerging threats such as ransomware. And they need new technologies -- such as mobile threat detection and unified endpoint management -- to do so, because traditional approaches aren't nearly as effective when it comes to mobile malware detection and protection.
Why IT needs mobile malware detection
Enterprise mobility and BYOD programs have introduced new risks to the enterprise. Security vendor McAfee's mobile malware detection software found more than 16 million instances of mobile viruses and other threats in the third quarter of 2017 alone -- a 100% increase from the year prior. And that number will continue to rise throughout 2018, the company said in its Q1 2018 Mobile Threat Report.
Even Apple's Mac computers, long regarded as significantly more malware-resistant than their Windows counterparts, are feeling the heat. The number of known macOS vulnerabilities increased by more than 28% in 2017, security vendor Bitdefender reported in a Macworld article. Mobile and macOS malware typically take the form of malicious or compromised apps that attackers trick users into downloading and installing on their devices.
The state of Windows and mobile malware
Windows PCs are still the dominant computing device in the enterprise, however, so Windows malware protection remains a priority.
Malware can infect PCs through a variety of methods. The most common are malicious emails, compromised websites and infected physical media such as USB drives, according to Microsoft.
Windows malware manifests itself in many ways. Viruses corrupt files and applications or launch denial-of-service attacks. Worms replicate across corporate networks and hog valuable bandwidth. Spyware steals user data. And Trojans seize control of computers.
A common use for Trojans is to install ransomware, which renders computers inoperable -- and their data inaccessible -- until the victim pays the attacker. Mobile malware increasingly focuses on ransomware as well, because it can make significantly more money for attackers than traditional viruses can.
For that same reason, mobile banking attacks are also on the rise. This form of mobile malware uses phishing techniques to lure users into submitting their financial information to what appears to be a legitimate banking or e-commerce service. Security vendor Kaspersky Lab detected more than 94,000 mobile banking Trojans and 544,000 mobile ransomware Trojans last year, according to its report on mobile malware in 2017.
Why Windows malware protection isn't enough
Windows malware protection has traditionally involved an agent-based approach, in which software installed on the PC scans the device for known threats and takes action to fix or remove any infected files. This type of antimalware product is still an important part of overall enterprise security, but it is not sufficient, for a few reasons.
Security vendors perform continuous research and monitoring of customer infrastructure, but so many threats exist today that it is impossible to detect them all. And if a vendor doesn't know about a threat, its antimalware software can't do anything to protect against it.
Further, agent-based malware protection does not work on Apple iOS devices. Agents require access to all applications and files on a device to ensure their security, but iOS runs each app and its data in a sandbox and limits their interactions with each other.
As a result, new technologies have emerged to help organizations with desktop and mobile malware detection. Those include the following:
- Mobile threat detection, which monitors a variety of systems and metrics to spot malware, vulnerabilities and other potential risks. A mobile threat detection product may inspect operating system and application APIs, other app attributes, network traffic to and from the device and more.
- Unified endpoint management (UEM), which includes mobile device management (MDM). IT administrators can use MDM to blacklist malicious apps, authenticate users and enforce other policies aligned with mobile malware detection and prevention. Some UEM products can also respond to mobile threat detection alerts, such as by automatically fixing or deleting compromised apps.
- Micro-virtualization, which runs operating system and web browser processes in isolation from one another. This approach prevents viruses from spreading and keeps ransomware from shutting down entire systems and networks. Microsoft has incorporated micro-virtualization technology into Windows 10.