Symantec Endpoint Protection Mobile (SEP Mobile) Security Research Lab is always investigating the mobile threat landscape with two core goals:
- Uncover vulnerabilities before an attacker does, so that software manufacturers can release patches before attackers can do any damage. This cycle helps keep mobile threat defense proactive to minimize damage, as opposed to relying on strategies that are reactive and costly to fix after-the-fact.
- Use research findings to enhance SEP Mobile’s threat analysis engine, and augment the crowd-sourced intelligence apparatus, so that end users and their devices benefit from the most up-to-date information.
The Most Prolific Mobile Security Research in the Industry
SEP Mobile’s Security Research Lab has exposed more major mobile vulnerabilities than all Mobile Threat Defense, Mobile Threat Protection and Mobile Threat Prevention competitors combined. Vulnerabilities exposed by SEP Mobile Research have been acknowledged by Apple in the last three major versions of iOS. In addition to Apple, Google has also acknowledged and fixed multiple Android vulnerabilities reported by our Security Research Lab. Here are just a few examples of mobile vulnerabilities that the Research Lab has identified in the past few years:
Shared Cookie Stores used to happen when a user connected to a captive portal network, the embedded browser shared the Safari Cookie Store with that of the captive portal.
Shared Cookie Stores
No iOS Zone uses a carefully crafted SSL certificate and scripting to crash apps on iOS devices, opening the door to massive distributed denial of service (DDoS) attacks.
No iOS Zone
Invisible Malicious Profiles, like Malicious Profiles, grant hackers deep device access, but are also invisible to the user, in that they do not appear in the list of profiles for easy removal.
Invisible Malicious Profiles
WiFiGate allows network-based attackers to set up a rogue Wi-Fi network that imitates one of many pre-defined network configurations pushed out by carriers.
Malicious iOS Profiles are not apps, but give potentially unlimited device access. When first disclosed, exploded the myth that iOS users enjoyed nothing but peace and security.
Malicious iOS Profiles
LinkedOut is a classic example of a mobile app that collects too much information and, worse, sends the data to their servers for storage and potential viewing by others.
By working diligently to discover these vulnerabilities and others, and working with Apple and the Google Android team to fix them, every mobile user and business is more secure.
Unique and Proprietary Patented Technology
Advanced research and patents propel SEP Mobile to the leadership position in Mobile Threat Defense
Selective Resource Protection (SRP)
- SEP Mobile is the only solution that proactively protects your most precious corporate resources, without shutting down productivity.
- If a threat is detected, communications to pre-identified selected corporate resources are immediately cut off from the compromised device, so no sensitive data is even transmitted, eliminating the chance of exposure. Users still have full corporate access from other devices and non-critical communications on the compromised device.
Secure Connection Protection (SCP)
- Functioning in cooperation with SRP, SEP Mobile users are assured they can remain productive while protecting critical resources.
- Simultaneously with the activation of SRP, SCP attempts to create a secure connection using the SEP Mobile VPN. If successful, then SRP automatically deactivates and the user is fully productive and protected. If not, SRP remains active for the duration of the exposure to the threat.