Cybersecurity is here to stay, and chances are you already have some tools to protect your network, users, and devices. Most organizations are already using a multitude of tools and solutions to manage and secure their entire mobile fleet, endpoints, and network, but are they making the most out of them? Your Security Posture is not about deploying all security solutions and turning all the switches on, but identifying the risks, assessing them accordingly and applying the solution to address your vulnerability.
In this new series, we will share Best Practices to get the most out of your solutions that a lot of your organization already have in place. This week, we will see how to leverage your Unified Endpoint Management (UEM) solution to secure your devices and prevent mobile security threats; after all, while protection and defense are necessary, prevention remains key to avoid most cybersecurity threats.
Your Unified Endpoint Management (UEM) solution is the most prominent solution that your end users would see. It’s also your first line of defense to prevent most of the existing mobile security
threats at all levels (device, network, and applications), using IT policy rules to disallow some features and compliance enforcement to take mitigation actions in case a device is compromised.
Although we may not even realize it, IoT has become more and more prevalent in our daily lives for many years now.
This is a common challenge as some applications do require the installation of specific profiles onto the OS to work properly. This includes services like consumer VPN solutions that, although perfectly legitimate, would still represent a risk as data might potentially be transmitting via a server or network over which the company has no control nor access. Most UEM solutions can leverage IT policy rules to prevent users from manually installing VPN profiles on the device or within the workspace.
OS Vulnerability Exploit
Operating System (OS) vulnerabilities are a weakness in the code that can be exploited by malicious actors to gain privileged access to the device and perform unauthorized actions that would cause serious damage and compromise the whole device. It is mandatory to first identity these vulnerabilities as soon as they are discovered and published, then take remedy actions ASAP, usually installing a security patch (when available) or disabling some features as a first response and protective measure.
OS updates can be triggered by the UEM solution on managed devices, whenever a new version is available, and compliance rules are enforced to take mitigation actions on the devices that are not in compliance.
Jailbroken or Rooted Device
Jailbreaking is a privilege escalation exploit executed on iOS-based devices to remove some restrictions present in the OS, like the installation of applications from outside of the official App Store. Rooting is the equivalent on Android devices, but instead of removing some restrictions, it allows the user to gain complete control over the device OS (root privileges). Unlike some other security threats, an OS vulnerability is consciously exploited by the device user themself to bypass some of the vendor restrictions, thus being completely avoidable if the proper mechanisms are in place. Compliance rules, for example, can be enforced by your UEM solution to take mitigation actions on the devices that are reporting a jailbroken or rooted status.
Wi-Fi is one of the favorite methods for hackers to steal valuable information from our devices, either personal (e.g., credentials, credit card information, etc.) or work-related (e.g., emails, classified documents, etc.) Man-In-The-Middle (MITM) is one of the most common attacks, where an attacker manages to intercept communications between two parties to alter them, while these parties believe they are legitimately exchanging information between themselves – like impersonation. Some of the techniques used include “DNS spoofing” or “DNS hijacking,” where the attacker manages to intercept DNS queries and return an alternative address to redirect traffic to a rogue server under his control, instead of the legitimate one.
Another is eavesdropping, also known as “sniffing,” where an attacker is secretly listening to the communications between two parties to gather valuable information, typically user credentials, credit card information, or anything that can be extracted from unsecured data transmissions.
To help avoid MITM attacks and eavesdropping, IT policy rules can be enforced by a UEM solution to prevent users from manually connecting to unknown and/or unsecure Wi-Fi networks, or even completely disabling Wi-Fi on the device if needed.
Malware is a piece of code or software designed with malicious intentions, like causing disruption, stealing/leaking information, and gaining unauthorized access to a system. Thankfully, the Mobile Application Management (MAM) feature can be used by UEM solutions to define which specific apps are authorized on managed devices, and compliance rules enforced to take mitigation actions on uncompliant devices.
With today’s ever-increasing security threats, ensuring your infrastructure and devices are protected is paramount. While those risks will always exist, leveraging your solution to its fullest capability can help prevent cyber-attacks and deter malicious actors. The team at ISEC7 has been working with companies in the private and public sectors to ensure their ecosystems are protected and their security posture endures through training and best practices. If there are any questions about how your solution can be leveraged better, please reach out to the team at ISEC7, and we can complete a security assessment and help you navigate the UEM options available to you to help strengthen and protect your infrastructure.
(C) Rémi Frédéric Keusseyan, Global Head of Training, ISEC7 Group