The Decision Point for Dealing with Mobile Malware

One interesting thing I’ve noticed in recent months is a shift in attitude towards mobile malware. Years ago, many people seemed to view mobile malware as a construct, rather than a real world issue. While acknowledging that it was a concern, other priorities took precedence and the issue of mobile malware was something they would address at some point down the road.

With the growth in use of mobile devices over the past few years, there’s no question that we are already much further down the road. We’re long past the theoretical discussion about mobile malware and are now encountering a growing number of samples on a weekly basis. The decision point is here. The question is what to do about it.

Last week, we published research illustrating new techniques being used to distribute code with hidden agendas. We can't forget the human side of the security equation; even with the best of training, users can be fooled into doing dangerous things. We’re also seeing reports that indicate that most employees think they’re immune to security threats, and instead of taking the attitude of constant vigilance, users assume that the bad things will usually happen to someone else. Good user training always provides the foundation for good security, but we also need technology to fill the gap to protect the user from malware whenever possible, while also detecting the presence of malware and disrupting the attack.

With mobile devices, no device should be considered trusted by default. At best, a mobile device is untrusted, and at worst, it’s potentially dirty or compromised. That’s why organizations should consider classifying the conditions for using a mobile device on company networks. The common baseline for mobile devices is Internet access – many people just want to use WiFi to access their web applications. As this interaction does not necessitate privileged access to company resources, then the organization may choose to extend access to the Internet from while maintaining adherence to company policies as well as enforcing threat prevention against exploits and malware. These protections are extended to all users and all devices by the Palo Alto Networks next-generation security platform.

Greater levels of access to the company network require adherence to some ground rules, such as establishing basic device usage policies and configuration. That’s where managing the device comes into play. Managing the device is also important because the organization can safely extend greater levels of access using the condition of the device as part of the security policy. GlobalProtect Mobile Security Manager manages the device and shares information about the device state with the next-generation security platform. In conjunction with global intelligence on mobile threats from WildFire, GlobalProtect will also check to see if the device has malware on it, and take immediate action to enforce the appropriate policy based on condition.

GlobalProtect can also keep users protected by the next-generation security platform even when they are in remote locations. This is because GlobalProtect can establish a VPN tunnel on the user’s behalf to the optimal gateway for a particular location, thus providing consistent enforcement of policy, as well as protection against mobile threats, even when using the device away from the office.

The combination of these technologies (GlobalProtect, GlobalProtect Mobile Security Manager, WildFire and the next-generation security platform) provide the core technology that drives our solution for securing mobile devices. With respect to the issue of mobile malware, organizations can use our platform to check if the mobile device is already infected with malware, as well as use the threat prevention framework to stop other devices from becoming infected.

These are but a few reasons why organizations use GlobalProtect for mobile device security. Check out our GlobalProtect resources page to learn more about what GlobalProtect can do for you.