Why Mobile XDR is a critical piece of your security puzzle

Last month we wrote about how XDR can minimize the time to detect and respond to threats, and now we want to dive a little deeper into the XDR pool to show you how to better protect your organization’s mobile devices. Mobile devices pose a growing threat to most organizations, and need no less protection than any other endpoint. And XDR is an excellent fit for the kinds of attacks mobile devices increasingly face.

Once, mobile devices were under-emphasized in a lot of security ecosystems. You might deploy email settings, set passcodes, and manage WiFi configuration to prevent man-in-the-middle attacks. Those all remain valid elements of mobile security.

Now, though, there’s so much more to consider.

Mobile device usage is changing—so security needs to follow suit

Most notably, both the nature and amount of mobile use have broadened dramatically. Mobile devices now account for almost 55% of global website traffic, making secure browsing a priority. Phones are mini-computers and users want to be able to use them for work as a matter of course. With more people working remotely, this trend is accelerating.

(When we say “mobile devices”, we tend to mean phones. But we’re also referring to any other device that runs Android or iOS; Tablets, for example. And while Chromebooks are generally quite well locked down, they do need protection from phishing and web-based threats, as well as installing unwanted extensions which might be insecure.)

But while the mobile device is starting to supplant, or at least supplement, the desktop for work and web browsing, users are still likely to treat it as a personal belonging. Whether or not you operate a “bring your own device” (BYOD) policy, a device feels different when you keep it in your pocket at all times.

For example, a user might have a different, less-guarded frame of mind when their phone’s in their hand. Their browsing behavior will likely be different, and the immediacy of messaging alerts—coupled with a smaller screen size—can make them more likely to fall foul of phishing.

Sophisticated threats need a new, all-round approach

And here’s the problem: while many cybersecurity ecosystems haven’t kept up with mobile’s growing role in day-to-day work, the hackers certainly have.

Threat actors understand that mobile devices are often the weak spot in an organization’s perimeter. As a result, they’re using increasingly sophisticated attacks to target users via their mobile devices. This might take the form of cross-device social engineering; for example, using a text message to make a phishing email seem more legitimate on the desktop.

We’ve also seen attacks exploiting confusion around COVID-19 arrangements; for example, prompting users to download a bogus “contact tracing” app outside of the Play Store. Once installed, the app accesses sensitive information including received messages—and, in some cases, the phone’s location and camera.

A good Unified Endpoint Management (UEM) solution can go a long way to help you keep your mobile devices updated and secure. Depending on the operating system, and whether it’s a company-managed or employee-owned device, you can segregate business data, set policies, scan for malicious apps, and intercept threats.

There are also things a standalone management solution can’t do. It can monitor the health of a mobile device, but won’t give you context for your entire organization. It can tell you what the user did next, but not if they switched to working on their desktop. And it can tell you the situation now, but not what happened two weeks ago.

For that, you need to aggregate and store data from your mobile devices alongside your other cybersecurity controls. And that’s exactly where XDR comes in.

Enhanced visibility, context, and history

XDR gives you the complete picture. Sensors on the device send telemetry data to a secure data lake in the cloud, where it’s aggregated alongside your other mobile devices, as well as any other XDR-enabled cybersecurity solutions you might have.

This allows you to surface suspicious activity and investigate it across your entire estate. The data lake allows you to understand the full context as it contains the events from mobile devices, traditional endpoints, servers, firewalls, email and cloud security solutions. It provides you with the whole picture, and the ability to go back in time to see the history of the suspicious activity.

These capabilities fit well with the challenges of keeping mobile devices secure:

Better visibility over device vulnerabilities and health. For mobile, cybersecurity and device management are inextricably linked—so it’s valuable that you can investigate the data lake however you want. For example, Sophos Mobile XDR can show you all the devices running out-of-date operating systems, have been jailbroken/rooted, or lack enough RAM to update. Or you could look for sideloaded apps, like the COVID tracing example.
More context to understand potential threats. Because the data lake includes signals from other parts of your security ecosystem, you can easily pivot to see what else was going on for the user at the time—for example, their desktop activity or firewall traffic. This means you can guard against multi-stage phishing and social engineering attacks, and spot behavior of concern.
Historical telemetry data to explore. Imagine a new threat is discovered, where compromised devices communicate with a certain domain. Or an app that was thought to be legitimate is found to be malicious, removed from the Play Store, and deleted from devices by its authors. Based on live information, you’d have no way to screen for past activity. With the historical data in the data lake, you can see whether any devices in your estate have communicated with a domain, or had the app installed.

The exact nature of the information stored in your XDR data lake can vary based on the device’s operating system, and whether it’s a company-owned or personal BYOD device. And, since privacy is an critical consideration for any data collection, we focus strictly on only collecting the data that’s relevant to cybersecurity.

Better protect your mobile devices with Sophos Mobile XDR

It’s clear that mobile devices can no longer be treated as an outlier; they’re a central part of your users’ working life and need to be part of your joined-up cybersecurity approach.

At Sophos, we know this way of working is here to stay. Our vision for the future is to secure your devices irrespective of where they are or how they’re accessing your corporate resources. Bringing mobile into the XDR family is an important step along that path.

Visit our website to learn more about Sophos Mobile and initiate a 30-day no-obligation trial. Existing Sophos Central users can activate Sophos Mobile for free for a month directly within their management console; simply click on the Free Trials button and follow the links.

Latest Posts