1. /
  2. Confident Insights Newsletter/
  3. Protection for Every Endpoint

Protection for Every Endpoint

28 January 2008

Summary

Given today’s increasingly mobile workforce, it’s no surprise that more and more workers are using a wide range of devices to access corporate data. From an endpoint security perspective, that has profound implications.

Introduction

Given today’s increasingly volatile threat landscape, organizations know they need to take a more holistic approach to protecting their endpoints. Generally this has meant applying security technologies to their laptops, desktops, and servers. But today’s workforce is increasingly mobile, and that means more and more workers are using a wide range of mobile devices to access corporate data over insecure public and home networks.

From an endpoint security perspective, this development has profound implications. As mobile technologies mature and grow increasingly sophisticated, organizations would do well to ask themselves a simple question: are today’s smartphones being used more as a phone or a computer? Read on to learn why it’s essential that smartphones be safeguarded with the same security and data protection capabilities as other corporate computing devices.

The next battleground

While it’s true that the threats to smartphones are relatively rare compared to those targeting PCs, Symantec sees these devices as the next destination of hackers. In fact, the most recent edition of the Symantec Internet Security Threat Report found that threats such as spam and phishing are increasingly “going mobile.” It’s not hard to see why.

Users of mobile devices typically perceive messages received by SMS (short messaging service) as being more personal than those received by email on a desktop computer. And, since the threats against these devices thus far have been rare, users are more likely to trust those messages and to act on them. For example, last May saw the arrival of MobileSpy, a spyware application that logs SMS message and phone data and sends the gathered information to a remote attacker.

A 2007 study commissioned by the National Cyber Security Alliance and Cisco appears to bear that out. The study was based on interviews with 700 mobile workers in the United States, United Kingdom, Germany, China, India, South Korea, and Singapore. Among the findings: 73% of the mobile workers said they aren’t always aware of security threats and best practices when working on the go, and nearly 30% of them admitted that they “hardly ever” consider security risks and proper behavior.

Some industry observers have gone so far as to say that a “perfect storm” is brewing in the area of mobile security as a result of a number of key factors:
  • Adoption rates for smartphones are on the rise. Researchers at Gartner predict that, sometime this year, smartphones will outship PCs. Fellow researcher IDC, meanwhile, reports that by 2009 the number of mobile workers in the United States will account for more than 70% of the country's total workforce.
  • The technical capabilities of smartphones are catching up to PCs at a rapid rate. Email, instant messaging, online banking, online shopping, and Web surfing are all possible.
  • Research from Symantec’s Global Intelligence Network shows that, since 2004, the number of threats targeting smart devices has doubled every six months.
  • Symantec has observed viruses spread on smartphones in a variety of ways: Internet downloads, MMS (multimedia messaging service) attachments, and Bluetooth transfers. They also show up as game downloads, updates to the phone’s system, ring tones, or alerts. The latest and most sophisticated threats are known as “Pranking4Profit,” and they do things like redirect calls to a different carrier in another country.

What’s at risk?

Unfortunately, while many enterprises are using smartphones in their business today, few of them are taking sufficient measures to protect them. This can expose them to several key risks:
  • Compliance risk Not considering mobile devices will put system and regulatory audit results at risk.
  • Data and privacy risk Lost phones and mobile threats place customer data, financial data, and other confidential data at risk.
  • Business and network stability risk Compromised smartphones can disrupt network IT operations and, ultimately, the business.

Protection for all endpoints

Symantec Endpoint Security solutions protect an organization from known and unknown threats and enforce security policies on laptops, desktops, servers, and mobile devices. For systems and networks, a combination of antivirus, anti-spyware, firewall, intrusion prevention, device control, and network-independent access control provide comprehensive security.

In the case of smartphones, Symantec Mobile Security Suite protects these devices against malicious threats and unauthorized access to sensitive corporate information by utilizing antivirus technology, an advanced firewall, password enforcement, phone feature control, and encryption technology. This helps ensure both the protection of mobile assets and compliance with regulatory requirements. When used with the Symantec Mobile VPN, the Symantec Mobile Security Suite also helps ensure that only secure, policy-compliant mobile devices are able to access the corporate network via the VPN.

In addition, Symantec Mobile Security Suite provides enterprise-class management that enables administrators to centrally define and distribute security policies to mobile devices. Integration with Symantec LiveUpdate further helps to ensure timely updates of content.

Conclusion

Smartphones today are being used the same way as computers and are accessing the same information. Left unprotected, smartphones represent the weakest security link, compromising the entire network, and potentially a large-scale data leak since they carry workers’ email, contacts, and calendar.

With smartphones, the old notion of “protecting the perimeter” has acquired new meaning. That’s because with smartphones, the perimeter has been dramatically extended. The ubiquity of these devices therefore requires enterprises to include them in the list of endpoints to be protected.

Related Links

Back to Newsletter