In previous blogs posts, we talked about the growing need for organizations to strengthen their security posture by way of a cybersecurity strategy. This strategy should keep their data secured, comply with evolving regulations, and respect user privacy at the same time. We also presented different products and solutions to address such security challenges from different perspectives. This week, we want to present you with an option to address all these challenges from a simple yet efficient and easy-to-deploy solution that could be a great fit for many organizations, especially SMB/SMEs that might not have a large, complex infrastructure but still need to protect their assets from most common use cases. Plus, for organizations that are seeking cybersecurity insurance, most will require minimum security products and processes in place.
What is Lookout Security Platform?
Founded back in 2007, Lookout offers a cloud-based, singe platform, mobile-focused security solution called Lookout Security Platform solution, to protect
organizations from threats on mobile devices and endpoint-to-cloud solutions.
It is comprised of three core elements:
· Security Graph: A graph-based Artificial Intelligence (AI), analyzing data from more than 200 million devices, 150 million apps and more than 4 million URLs daily to help detecting unknown and known threats
· Lightweight endpoint app: Available for Android, iOS and ChromeOS devices, to be deployed on all endpoints, managed and unmanaged, running in the background and continuously analyzing risks, with few to no impact on processor speed processor speed or battery life
· Software modules: Depending on the size of the organization and the complexity of its infrastructure, several security modules can be implemented granularly, to deliver a full cybersecurity response, top-to-bottom, from Mobile Threat Defense (MTD) protection for mobile endpoints, Threat detection, prevention and response (EPP/EDR), as well as more advanced Data Loss Prevention (DLP), Conditional Access (CA), Cloud Access Security Brokers (CASB) and Zero Trust Network Access (ZTNA) for endpoints-to-cloud solutions protection.
This will help cover many, if not all the requirements from most cybersecurity insurance companies in terms of network security liability, including endpoint protection from phishing and ransomware attacks, vulnerability and patch management to ensure all systems are kept up to date, as well guaranteeing the security of sensitive data, in compliance with privacy laws and regulations.
How does Lookout help with common threats?
MALWARE: Right now, the most common threats are ransomware attacks, where a malicious software called malware gains access to a system, usually after a successful phishing attack, then encrypts all the data on the system and prompts for a ransom to be paid in return. The consequences can be catastrophic, depending on the range of the attack, the criticality of the data rendered unavailable, and the presence or absence of a proper plan. Lookout would help by first detecting phishing attacks, that is, the point of entry, then block malware from reaching the infrastructure and prevent lateral movement to other systems.
DATA LEAKAGE: Another risk to consider is potential corporate data leakage via the use of collaboration tools. This typically happens when employees use unapproved, consumer instant messaging solutions like WhatsApp or Telegram to share information with other colleagues, customers, or partners. Although this is an attack, this is a data exfiltration and represents a high risk, as the security of the communication is not secured, at least not at an enterprise grade, neither is there any control as soon as the information is in the hands of the recipient. Lookout helps by performing real-time, on-the-fly classification of data on all devices, automating control of user privileges (only authorized employees can access), and encrypting data as it is downloaded so unauthorized users, even if they manage to retrieve it, won’t be able to read it.
INSIDER THREATS: Often overlooked and very difficult to detect as they are not threats coming from the outside like a malware, but the inside, insider threats are due to over-entitlement to corporate resources. For example, an employee might download a large amount of data or document from an internal back-end servers, for example a CRM solution. If so, Lookout would detect that unusual behavior and block data downloads in real-time.
COMPROMISED USER: Lookout also helps determine whenever employees’ accounts might potentially be compromised, by detecting potential credentials abuses, for example when an
employee is supposedly connected from multiple locations at the same time. It can deny access from specific and/or unusual locations and apply granular access policy to restrict compromised account movement.
COMPROMISED DEVICE: Lookout can also help detect compromised devices (e.g., running outdated OS version) by performing continuous threat monitoring and, if need be, applying access restrictions to endpoints and advising users on steps to fix the issue.
Integration with Other Products
Lookout can work as a standalone solution, which is a great option for smaller organizations with a low number of employees, limited IT team, and no Mobile Device Management (MDM) solutions in place. Employees only need to download Lookout mobile app on their device and enroll it to start protecting their device and, by extension, the whole organization.
Also for larger organizations with dedicated IT or security teams and using enterprise management solutions like Unified Endpoint Management (UEM), Identity and Access Management (IAM), and Security information and event management (SIEM) systems, it can be integrated with those systems in order to send them threat information, so they can take enforcement actions when needed, depending on the risk level. The enrollment process is also greatly simplified, as the Lookout mobile app can then be silently pushed on managed, corporate-owned devices.
With today’s ever-increasing security threats, ensuring your infrastructure and devices are protected is paramount. While those risks will always exist, leveraging your solution to its fullest capability can help prevent cyber-attacks and deter malicious actors. The team at ISEC7 is a global Lookout reseller and has been at the mobility security forefront, working with companies in the private and public sectors to ensure their ecosystems are protected and their security posture endures through training and best practices. If there are any questions about how your solution can be leveraged better, please reach out to the team at ISEC7, and we can complete a security assessment and help you navigate the options available to you to help strengthen and protect your infrastructure.
(C) Rémi Frédéric Keusseyan, Global Head of Training, ISEC7 Group