| Executives September 11, 2017


September 11, 2017

2017​ ​Gartner​ ​Market​ ​Guide​ ​for​ ​Mobile​ ​Threat​ ​Defense:​ ​"The​ ​signs​ ​are​ ​clear​ ​that​ ​mobile threats​ ​can​ ​no​ ​longer​ ​be​ ​ignored.*"

By Santosh Krishnan

Gartner Market Guide 2017

The​ ​first​ ​sentence​ ​of​ ​this​ ​year's​ ​Gartner​ ​Market​ ​Guide​ ​for​ ​Mobile​ ​Threat​ ​Defense​ ​(MTD)​ ​delivers the​ ​report's​ ​bottom​ ​line.​ ​It​ ​begins,​ ​"The​ ​signs​ ​are​ ​clear​ ​that​ ​mobile​ ​threats​ ​can​ ​no​ ​longer​ ​be ignored.*"​ ​We​ ​believe​ ​this​ ​statement​ ​can​ ​be​ ​seen​ ​as​ another​​ ​credible​ ​call​ ​to​ ​action​ ​that​ ​leaving mobile​ ​endpoints​ ​unsecured​ ​presents​ ​an​ ​urgent​ ​risk​ ​to​ ​corporate,​ ​government,​ ​and​ ​regulated personal​ ​data.

However,​ ​the​ ​report​ ​also​ ​notes​ ​that​ ​MTD​ ​is​ ​misunderstood.​ ​Gartner​ ​writes,​ ​"There​ ​is​ ​still​ ​a​ ​lot​ ​of confusion​ ​and​ ​uncertainty​ ​from​ ​end​ ​users​ ​regarding​ ​which​ ​risks​ ​MTD​ ​addresses​ ​and​ ​how​ ​urgent or​ ​useful​ ​MTD​ ​can​ ​be." 

We​ ​see​ ​five​ ​clear​ ​and​ ​certain​ ​signs​ ​from​ ​Gartner​ ​that​ ​MTD​ ​is​ ​an​ ​urgent​ ​need​ ​for​ ​enterprises​ ​and government​ ​agencies.​ ​Read​ ​on​ ​to​ ​see​ ​our​ ​take​ ​on​ ​Gartner's​ ​recommendations.

Clear​ ​sign​ ​#1:​ ​Mobile​ ​malware​ ​is​ ​expected​ ​to​ ​grow​ ​440%​ ​in​ ​the​ ​next​ ​two​ ​years   

When​ ​an​ ​employee​ ​inadvertently​ ​downloads​ ​a​ ​malicious​ ​app​ ​that​ ​steals​ ​credentials​ ​and​ ​enables an​ ​attacker​ ​to​ ​access​ ​corporate​ ​data​ ​remotely,​ ​it's​ ​a​ ​potentially​ ​significant​ ​instance​ ​of​ ​data compromise.​ ​Yet,​ ​to​ ​fully​ ​understand​ ​the​ ​risk​ ​to​ ​data​ ​from​ ​mobile​ ​malware,​ ​it's​ ​necessary​ ​to understand​ ​both​ ​the​ ​impact​ ​and​ ​the​ ​likelihood.​ ​Gartner​ ​provides​ ​data​ ​on​ ​its​ ​growing​ ​prevalence, "​By​ ​2019,​ ​mobile​ ​malware​ ​will​ ​amount​ ​to​ ​one-third​ ​of​ ​total​ ​malware​ ​reported​ ​in​ ​standard​ ​tests, up​ ​from​ ​7.5%​ ​today." 

Clear​ ​sign​ ​#2:​ ​Enterprise​ ​Mobility​ ​Management​ ​(EMM)​ ​tools​ ​don't​ ​​protect​ ​against​ ​mobile attacks​ ​or​ ​leaky​ ​apps 

One​ ​of​ ​the​ ​most​ ​pervasive​ ​myths​ ​in​ ​this​ ​industry​ ​is​ ​that​ ​EMM​ ​is​ ​a​ ​security​ ​solution. Organizations​ ​that​ ​have​ ​deployed​ ​MTD​ ​think​ ​differently,​ ​as​ ​Gartner​ ​points​ ​out,​ ​"Enterprise concern​ ​about​ ​threats​ ​that​ ​EMM​ ​tools​ ​do​ ​not​ ​counter​ ​drives​ ​the​ ​MTD​ ​market​ ​and​ ​adoption. These​ ​are​ ​typically​ ​malicious​ ​threats​ ​(for​ ​example,​ ​eavesdropping​ ​over​ ​untrusted​ ​wireless networks)​ ​or​ ​data​ ​leakage​ ​risks​ ​that​ ​elude​ ​EMM​ ​controls​ ​(such​ ​as​ ​spyware​ ​apps)."

The​ ​graphic​ ​below​ ​is​ ​the​ ​clearest​ ​depiction​ ​I've​ ​yet​ ​seen​ ​of​ ​the​ ​distinct​ ​areas​ ​of​ ​coverage​ ​for EMM​ ​and​ ​MTD:

Gartner Figure 2. Mobile Security Threats Addressed by EMM and MTD

This​ ​graphic​ ​was​ ​published​ ​by​ ​Gartner,​ ​Inc.​ ​as​ ​part​ ​of​ ​a​ ​larger​ ​research​ ​document​ ​and​ ​should​ ​be​ ​evaluated​ ​in​ ​the context​ ​of​ ​the​ ​entire​ ​document.​ ​The​ ​Gartner​ ​document​ ​is​ ​​available​ ​upon​ ​request​. 

The​ ​way​ ​to​ ​think​ ​about​ ​this​ ​issue​ ​is​ ​that​ ​the​ ​best​ ​practice​ ​is,​ ​"​EMM​ ​+​ ​MTD​,"​ ​not​ ​one​ ​or​ ​the​ ​other. To​ ​take​ ​this​ ​thinking​ ​one​ ​step​ ​further,​ ​choosing​ ​an​ ​EMM​ ​solution​ ​now​ ​depends​ ​in​ ​part​ ​on​ ​how well​ ​it​ ​integrates​ ​with​ ​MTD,​ ​with​ ​the​ ​understanding​ ​that​ ​MTD​ ​must​ ​now​ ​also​ ​deliver​ ​the​ ​same visibility​ ​into​ ​mobile​ ​app​ ​behaviors​ ​previously​ ​offered​ ​in​ ​a​ ​separate​ ​​MARS​ ​point​ ​product​. 

Clear​ ​sign​ ​#3:​ ​Regulatory​ ​compliance​ ​is​ ​driving​ ​MTD​ ​deployments​ ​across​ ​industries 

On​ ​the​ ​topic​ ​of​ ​who​ ​has​ ​the​ ​most​ ​urgent​ ​need​ ​for​ ​MTD,​ ​the​ ​report​ ​is​ ​very​ ​clear.​ ​Gartner​ ​writes, "Organizations​ ​in​ ​high-security​ ​verticals,​ ​those​ ​with​ ​large​ ​Android​ ​device​ ​fleets​ ​or​ ​those​ ​in regulated​ ​verticals​ ​such​ ​as​ ​finance​ ​and​ ​healthcare​ ​should​ ​plan​ ​to​ ​adopt​ ​MTD​ ​solutions​ ​sooner rather​ ​than​ ​later.*"  

The​ ​reality​ ​today​ ​is,​ ​the​ ​more​ ​organizational​ ​data​ ​you​ ​allow​ ​employees​ ​to​ ​access​ ​from smartphones​ ​and​ ​tablets,​ ​the​ ​greater​ ​exposure​ ​your​ ​organization​ ​has​ ​to​ ​the​ ​​spectrum​ ​of​ ​mobile risk​.​ ​Enabling​ ​a​ ​mobility​ ​program​ ​requires​ ​a​ ​robust​ ​assessment​ ​of​ ​mobile​ ​threats,​ ​risks,​ ​and vulnerabilities​ ​in​ ​your​ ​unique​ ​business​ ​context,​ ​regardless​ ​of​ ​whether​ ​the​ ​devices​ ​are​ ​corporate- or​ ​personally-owned.  

For​ ​example,​ ​even​ ​though​ ​the​ ​overall​ ​prevalence​ ​of​ ​​targeted​ ​iOS​ ​spyware​ ​​is​ ​low,​ ​an organization​ ​with​ ​critical​ ​trade​ ​secrets​ ​might​ ​consider​ ​their​ ​executives​ ​to​ ​be​ ​valuable​ ​targets​ ​and assign​ ​a​ ​higher​ ​level​ ​of​ ​risk​ ​to​ ​their​ ​mobile​ ​devices​ ​by​ ​protecting​ ​them​ ​with​ ​an​ ​MTD​ ​solution​ ​like Lookout​ ​Mobile​ ​Endpoint​ ​Security​. 

A​ ​very​ ​successful​ ​use​ ​case​ ​for​ ​MTD​ ​is​ ​this​ ​​Global​ ​2000​ ​bank​,​ ​whose​ ​IT​ ​Infrastructure​ ​Manager secured​ ​9,000​ ​corporate-owned​ ​Android​ ​phones​ ​managed​ ​by​ ​VMware​ ​AirWatch​ ​EMM,​ ​and found​ ​hundreds​ ​of​ ​diverse​ ​threats​ ​upon​ ​deployment.

Clear​ ​sign​ ​#4:​ ​Mobile​ ​policies​ ​​≠​ ​mobile​ ​security 

Gartner​ ​writes,​ ​"Security​ ​leaders​ ​should​ ​recognize​ ​that​ ​the​ ​policy​ ​enforcement​ ​that organizations​ ​apply​ ​will​ ​not​ ​suffice​ ​indefinitely​ ​as​ ​a​ ​security​ ​intervention.*"​ ​Establishing​ ​policies such​ ​as​ ​forbidding​ ​app​ ​sideloading​ ​and​ ​prohibiting​ ​jailbroken​ ​and​ ​rooted​ ​devices​ ​from​ ​accessing enterprise​ ​resources​ ​won't​ ​prevent​ ​advanced​ ​malware​ ​or​ ​leaky​ ​apps​ ​from​ ​compromising​ ​data. 

Instead,​ ​use​ ​an​ ​MTD​ ​solution​ ​to​ ​gain​ ​visibility​ ​into​ ​these​ ​type​ ​of​ ​threats​ ​and​ ​​automate enforcement​ ​of​ ​mobile​ ​policies​,​ ​even​ ​down​ ​to​ ​granular​ ​app​ ​behaviors. 

Clear​ ​sign​ ​#5:​ ​Enterprise​ ​adoption​ ​of​ ​MTD​ ​is​ ​accelerating 

Employees​ ​are​ ​demanding​ ​access​ ​to​ ​corporate​ ​data​ ​through​ ​mobile​ ​devices,​ ​leading​ ​mobile threat​ ​actors​ ​to​ ​target​ ​these​ ​devices​ ​with​ ​increasing​ ​sophistication.​ ​Those​ ​threats​ ​are,​ ​in​ ​turn, driving​ ​the​ ​increased​ ​adoption​ ​of​ ​MTD,​ ​which​ ​Gartner​ ​quantifies,​ ​"By​ ​2020,​ ​30%​ ​of organizations​ ​will​ ​have​ ​MTD​ ​in​ ​place,​ ​an​ ​increase​ ​from​ ​less​ ​than​ ​10%​ ​in​ ​2017.*" 

Security​ ​leaders​ ​who​ ​are​ ​unsure​ ​of​ ​what​ ​priority​ ​level​ ​to​ ​assign​ ​a​ ​mobile​ ​security​ ​initiative​ ​in their​ ​organization​ ​should​ ​take​ ​30​ ​minutes​ ​to​ ​read​ ​the​ ​latest​ ​Market​ ​Guide​ ​for​ ​Mobile​ ​Threat Defense,​ ​and​ ​then​ ​​contact​ ​Lookout​ ​to​ ​learn​ ​more​​ ​about​ ​how​ ​to​ ​get​ ​the​ ​most​ ​value​ ​from​ ​mobile technology,​ ​securely. 

*©2017​ ​GARTNER​ ​is​ ​a​ ​registered​ ​trademark​ ​and​ ​service​ ​mark​ ​of​ ​Gartner,​ ​Inc.​ ​and/or​ ​its affiliates​ ​in​ ​the​ ​U.S.​ ​and​ ​internationally,​ ​and​ ​is​ ​used​ ​herein​ ​with​ ​permission.​ ​All​ ​rights​ ​reserved. Gartner,​ ​Inc.,​ ​Market​ ​Guide​ ​for​ ​Mobile​ ​Threat​ ​Defense​ ​Solutions,​ ​Dionisio​ ​Zumerle,​ ​John​ ​Girard, August​ ​2017.​ ​The​ ​Gartner​ ​Report(s)​ ​described​ ​herein,​ ​(the​ ​"Gartner​ ​Report(s)")​ ​represent(s) research​ ​opinion​ ​or​ ​viewpoints​ ​published,​ ​as​ ​part​ ​of​ ​a​ ​syndicated​ ​subscription​ ​service,​ ​by Gartner,​ ​Inc.​ ​("Gartner"),​ ​and​ ​are​ ​not​ ​representations​ ​of​ ​fact.


Author

Santosh Krishnan,
Chief Product Officer

Leave a comment

Submit


0 comments