Cybersecurity Products: What’s What

Usually referred to as Mobile Device Management (MDM), but also Enterprise Mobile Management (EMM) and Unified Endpoint Management (UEM), MDM is the capacity to have the view and control over assets interacting with your infrastructure. For example, a user mobile device can be provisioned with specific services (e.g., corporate Wi-Fi, VPN access) and applications, but also have enforced security on it (using policies), defining what can be done on it, and eventually taking mitigations in case it gets lost or stolen. This also provides a reporting capability, useful to determine which devices are active and which services are used, optimizing license usage and costs.

Corporate data needs to be protected in its three states: in transit, in use, and at rest. 

Protection of data in use and at rest is done on the device, using encryption technologies. Depending on the device manufacturer, it is possible to encrypt data for a single app or group of apps (referred to as app containerization), a portion of the device (using workspaces), or the whole device. For devices where both private and work data are stored and used, it is recommended to enforce Data Leak Protection (DLP) policies to control what data can be exchanged (if any). 

Protection of data in transit is done by providing a secure path to connect to your corporate resources and services, wherever there are located (on-prem or cloud), and wherever your employees are accessing them from, ensuring they cannot be intercepted, accessed, or, even worse, tampered with. 

Virtual Private Network (VPN) technology has been used for years as a proven solution for home office users, connects remote offices together inside the same organization, or even for private use (e.g.,  avoiding online content geo-blocking). It is also used by most vendors to provide access to mobile devices, either the whole devices, or just some apps on the device (referred to as per-app VPN). Other vendors even provide their own private network to grant mobile devices/apps with such access in a much more transparent way for the end-user. 

Also, with the unstoppable rise of cloud-based services, known as Software-as-a-Service (SaaS), it is common for enterprises to host a great part (if not the entirety) of their IT infrastructure in the cloud. 

Zero Trust Network Access (ZTNA) is a solution that extends that capacity to provide a secure communication path, but also control traffic, not only from on-prem but also for cloud-based resources (SaaS), so you can keep visibility and control over all your corporate resources, whether internal or out in the open.

Apart from management and data protection, access control is the last component, where we ensure only the right people get access to the right resources as securely and transparently as possible from any desktop/mobile device. That security effort is known as Identity and Access Management (IdAM), which mainly focuses on authentication and authorization. 

Authenticating users is not enough, as credentials can be stolen or guessed, so it is recommended to strengthen authentication mechanisms by adding another layer of security. Multi Factor Authentication (MFA) technology does not solely rely on credentials to identify someone (as these credentials could be compromised), but also asks for complementary information that only the user can provide at a given time. There are different varieties and subsets of MFA available, depending on the number and type of factors required (2FA for Two-Factor Authentication, Two-Step Verification, Two-Step Authentication, etc.), but they are all based on the same basic concepts.  

Once authenticated, Role-Based Access (RBA) and corporate policies are used to determine which access a given user needs to be granted a specific resource or service. For example, for a CRM used to process Sales orders, one salesperson could be granted the right to generate new orders while another, like a manager, would be able to review/validate them.

To deliver a proper protection against malware, detect any suspicious activity, and respond to cyberattacks in general, we need to deploy behavior-based threat defense software which, instead of relying on a list of knowns malicious files like traditional antivirus software does, would watch what happens on the system all the time to detect any change of behavioral pattern that could indicate a potential threat. Such solutions are commonly referred to as Mobile Threat Defense (MTD) solutions for mobile devices and Endpoint Protection Platform (EPP) on desktop computers and back-end servers. 

This does require a lot of computational power, and no one computer can do all of this on its own, and this is where recent technologies like Artificial Intelligence (AI), Machine Learning (ML), and Big Data (BD) come to play, to help process this gargantuan amount of data, aiming to find the needle in the haystack that could potentially be an attack, and prevent it before it can even cause any damage. 

Since these new technologies rely on gathering as much data as possible, we need to continuously monitor our infrastructure and gather data from our endpoints to “feed” the Data Lake (DL), so that information is later processed, aiming to discover any cybersecurity threats and eventually address it in real-time. Such solutions are called Endpoint Detection and Response (EDR), and not only do they actively protect our endpoints from advanced, curated attacks, but also provide us with analytics and forensics capacity, so we can, for example, perform post-incident investigations, see how an attack was unfolding before it was prevented, or manually search for any suspicious activities (e.g., processes ran from a script, DNS requests to specific servers, etc.) The more information we work with, the more chances we must spot anything unusual. 

The smartest approach to cybersecurity is a holistic one – considering your infrastructure, all its components, and the ways in which you are prone to cyberattacks. Mobile Device Management (MDM) is key to having a comprehensive overview and control of your infrastructure, but you must also consider the need to protect corporate data in all its states – in transit, in use, and at rest – and ensuring that only the appropriate parties have access to this sensitive data, whether this is done through Multi-Factor Authentication (MFA) or Role-Based Access (RBA). 

In our next "What’s What in Cybersecurity Products” article, we will discuss Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR) in more depth. In the meantime, please feel free to contact the team at ISEC7 with any questions related to cybersecurity and protecting your environment.