The graphic above appears in Gartner’s report, Market Guide for Mobile Threat Defense (MTD) Solutions*. I believe a comprehensive mobile security solution must cover all four of these quadrants and enterprises should look for single solutions that cover all aspects addressed by MTD + MARS.
In my conversations with CISOs, I repeatedly hear that one of the biggest issues they have is too many security products. They usually express different versions of, “I’ve got 50 different vendors and 50 different security products, and I simply can’t afford the personnel that I need to manage 50 different products.” I’m happy to share that at Lookout, our Mobile Endpoint Security solution is already a united single offering with capabilities that are usually considered separate parts of Mobile Threat Defense (MTD) and Mobile App Reputation Solutions (MARS) products.
The difference between MTD and MARS
Gartner defines the mobile threat defense category as: “The MTD solutions market is made up of products that protect organizations from threats on mobile platforms, including iOS, Android and Windows 10 Mobile. MTD solutions provide security at one or more of these four levels:
- Device behavioral anomalies — MTD tools provide behavioral anomaly detection by tracking expected and acceptable use patterns.
- Vulnerability assessments — MTD tools inspect devices for configuration weaknesses that will lead to malware execution.
- Network security — MTD tools monitor network traffic and disable suspicious connections to and from mobile devices.
- App scans — MTD tools identify “leaky” apps (meaning apps that can put enterprise data at risk) and malicious apps, through reputation scanning and code analysis.*”
While MARS solutions also detect malware, that is not their focus. Gartner explains, “Different from MTD, MARS products focus on identifying leaky apps — i.e., apps that can put enterprise data at risk*”
What organizations should look for is an MTD product that delivers a single solution for protecting against both malicious behaviors and sensitive behaviors (as in the graphic below).
The important nuance between malicious apps and those that exhibit sensitive behaviors is that non-malicious apps that exhibit sensitive behaviors present a data leakage risk through behaviors that include:
- Accessing sensitive data, such as calendar and notes
- Sending sensitive data that includes PII externally
- Communicating with cloud services
While such apps may not be explicitly malicious, these app behaviors present a significant risk because of their potential to cause an enterprise to be out of compliance with regulatory and/or internal policies.
Why MTD + MARS convergence is the right choice for protecting enterprise data
Achieving best in class mobile security in 2017 requires a comprehensive solution that includes the capabilities of both MTD and MARS. This is because neither MTD or MARS on their own deliver the holistic security that enterprises need.
As more data is increasingly accessed by mobile devices, attackers are targeting mobile as the way to steal sensitive data. Pegasus is a targeted device-level attack that proves this point, as does the rising sophistication of malware, and network attacks such as man-in-the-middle.
The risk from leaky apps stems from organizations not having any visibility into what the apps are actually doing (e.g., collecting and sending data, accessing different features such as the microphone, etc.) on their employees’ mobile devices. Employees often choose the apps they use in order to be productive and get their jobs done, but with this comes new risks that are often not addressed.
Enterprise security teams need a mobile security solution to protect their unique intellectual property from all four of these vectors, mitigate the risk of mobile attacks, and prevent data leakage on a global scale.
To achieve this complete protection, CISO teams can deploy Lookout Mobile Endpoint Security — or try several point solutions with the hope that it all works together.
Lookout is the only choice for complete protection of enterprise mobile data
In the Predicts 2017: Endpoint and Mobile Security report Gartner recommends that, “Security and risk managers responsible for endpoint and mobile security must: Start now to evaluate MTD tools, and gradually implement these solutions in complement to EMM.**”
Lookout is the only comprehensive mobile security solution in the market and is the result of ten years of research and software development. Lookout is unique in our ability to deliver MTD with protection from all mobile threats and MARS for app risks in a single unified solution. Lookout integrates with all leading EMM solutions — including a unique deep integration with Microsoft EM+S that enables conditional access — and achieves a 95% self-remediation rate to limit helpdesk tickets.
At Lookout, we knew early on that mobile security would be best solved as a data problem. That’s why we’ve amassed the world’s largest mobile security dataset — a global network of over 100M sensors — due to the success of our consumer product. The size of this data set is critical because it enables our platform to be predictive by letting machine intelligence identify complex patterns that indicate risk. No other MTD product even comes close to this scale.
The bottom line is that enterprises have to protect themselves from a host of different threats and risks, and to do that, they need a comprehensive solution. The good news is that one is available.
*Gartner, Market Guide for Mobile Threat Defense Solutions, John Girard, Dionisio Zumerle, July 2016
** Gartner, Predicts 2017: Endpoint and Mobile Security,” John Girard, Dionisio Zumerle, Brian Reed, Peter Firstbrook, Bart Willemsen, November 2016.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.