What is Mobile Threat Defense (MTD)?

Mobile threat management is a term that encompasses many forms of threat prevention on mobile devices. While it often goes by different names and alphabet soup-like acronyms, the most accepted term (and the one we're using) is Mobile Threat Defense, or MTD for short.

In a nutshell, MTD is a catchall term for solutions that work exclusively to minimize the security risk brought on by threats to devices, users and the sensitive data stored on them. This also covers devices used both for work and personal use.

Mobile Threat Defense is a lot like the Iron Man suit of armor

The Mark I armor Tony Stark built was the first Iron Man suit he created. It was designed to meet a number of requirements, aiding him in his quest to:

• Protect himself using defense capabilities
• Allow himself to perform offensive attacks
• Sustain his body long enough to seek medical attention
• And ultimately escape his captors

Framed in this context, Mobile Threat Defense solutions are a lot like the Iron Man suit of armor. There’s so much capability crammed inside this solution that works in harmony to provide the best level of defense-in-depth protection against an amalgam of security risks and cybersecurity threats.

This does not mean nor imply that it is the fabled “silver bullet." The one-size-fits-all solution that takes care of anything and everything that seeks to harm your users, data or network does not exist. But a Mobile Threat Defense solution does deliver the goods when protecting your device fleet against many common attack vectors that threaten modern-day mobile computing users.

Ok, so what is it? I thought you’d never ask! MTD is mobile threat protection that safeguards your device fleet against common security categories, such as:

• Malware: In all forms and shapes like adware, ransomware, spyware and trojans.
• Phishing: The number one threat to computer security also holds the top threat slot in the mobile space— bad actors are cleverly leveraging truth and lies to get users to divulge sensitive data like credentials or remote access.
• Network attacks: These threats leave victims open to compromise from rogue APs, data exfiltration and eavesdropping via Main-in-the-Middle (MitM) attacks.
• Misconfigured settings: Devices that are improperly configured or have default settings in place are more vulnerable to attack.
• Compliance: A lack of compliance with industry regulations or company policies often leads to harmful consequences due to loss of data through theft, data breach or unauthorized use of apps/services.
• Device health: Even with proper security controls in place, devices may still have risky apps/services installed or they may be missing critical patches that highlight potential risk areas.

Each of these categories, while separate, are often blended by threat actors looking to find a way into your device. They exploit this access and pivot to other devices, apps and services connected to the same network in an attempt to perpetuate a full-scale data breach.

Mobile threat detection “Do. Or do not. There is no try.”

Mobile threat detection, prevention and compliance remediation make up the core of the capabilities present in Mobile Threat Defense. Under those central tenets, additional functionality is available that furthers the mobile threat protections afforded to endpoints. Features such as:

• Anomaly detection: Applying heuristics, MDT can detect potential threats based on behavioral analytics, stopping threats before they can take hold. This applies to potentially unwanted software applications, actions that are performed on behalf of the user (or by the user themselves). Like, say, by malware or any suspicious actions taken.
• Network security: MTD automatically encrypts network traffic when connecting to networks, such as your cellular connection or Wi-Fi hotspots. These are known to expose endpoints to a variety of different threats, such as rogue access points for data exfiltration. Additionally, critical data can often be leaked by trusted apps that may be vulnerable without the developer even knowing. MTD protects against that, as well.
• Vulnerability management: As mentioned prior, device health plays a large role in how risky certain apps and services could get. Performing regular health checks allows MTD to assess endpoints against certain criteria. If devices fail to meet any of the desired requirements, devices are flagged, and users are notified that remediation is necessary.
• Intrusion prevention: Conditional access policies or rules that require a specific set of criteria to be met before access to an app, service or resource may be granted fit hand-in-glove with device health checks. If an endpoint is missing a critical update, then access to the resources may be denied until the issue is remediated to minimize risk and exposure of sensitive and/or private data to unauthorized actors.
• Risk assessment: In addition to the above, MTD routinely performs risk assessments on endpoints, ensuring management of risk stemming from several threat categories determined by IT and Security teams such as:
  • Limiting the use of unsanctioned services or apps (shadow IT)
  • Hardening devices with the correct configuration settings
  • Ensuring compliance with regulations on data access and control permissions
  • Auditing app permissions and privacy data for compliance with corporate policies, industry and/or governmental regulations
  • Enforcing Acceptable Use Policies (AUP), supporting enterprise processes and usage caps on data pools
  • Detection of rooted or jailbroken devices; this includes third-party app stores which allow downloading of unsupported apps and are known to allow access to unlicensed applications and apps that have had their integrity compromised by malware (trojans)
  • Filtering of web content, such as unacceptable websites and domains used in phishing campaigns

Mobile Threat Defense “Good for you and good for me.”

It is important to note, however, that MTD and MDM are not mutually exclusive. That is to say that either may be run separately from each other and are not required to gain the benefits of device management (MDM) or mobile endpoint protection (MTD).

With that said, when MTD is deployed alongside an MDM solution like Jamf Pro, these tools in tandem make for an incredibly powerful, cloud-based solution. It allows IT and Security teams to dig in their heels, so to speak, and granularly inspect each endpoint, their network communications, the apps and services running on each device. This helps them to gain insight into patch and update levels while preventing mobile malware and:

• Phishing defense from SMS, email, social media and messenger apps
• Cybersecurity threat protection
• Advanced mobile security and remediation workflows
• Network threat protection, covering all network connection types
• Hardware and software vetting

This is all while granting support teams unprecedented access to robust device management. That includes automation of policy-based remediation workflows that enable advanced mobile endpoint protections that work completely in the background. These are invisible to the end-user, allowing your hybrid or remote workforce to focus on their productivity while Mobile Threat Defense works to keep your devices secure and to safeguard enterprise and privacy data.