Mobile EDR limits

Today, the cybersecurity market sees a set of solutions extending their existing offering to mobile, to cover the whole cyberattack surface at once. But as mobile and PC systems handle data and protocols very differently, cyberthreats targeting both systems are distinct.

Endpoint Detection & Response (EDR) is the evolution of legacy antivirus. It quarantines files, detects indicators of compromise, and provides in-depth analysis to enforce post-attack rollback. EDR’s strength lies in its investigation capabilities and the cross-platform visibility it provides.

But when it comes neutralizing mobile threats, advanced analysis is not enough. Inevitably, when EDR is used to protect all endpoints in an indistinct manner, it creates a security gap at the mobile level.

WHY EDR FALLS SHORT OF PROTECTING MOBILE DEVICES

Limited integrations with UEM, friction with
existing mobile ecosystem
As freshly covering mobile devices, most of EDRs do not have any integration with Unified Endpoint Management solutions. This lack of collaboration with enterprise mobility leaders significantly complexifies the unification of management and protection.
Lack of sufficient automation, no containment of threats
EDR offers various security capabilities. First, it enables pre-attack known-threat detection by crossing its findings with virus databases. Then, EDR searches across endpoints for indicators of compromise (IOCs) and realizes in-depth analytics which result in security alerts. EDR porvides limited options to contain or eradicate threats.
Long detection times, manual investigations
With EDR, the mean time to identify a breach is 197 days1, and the mean time to contain a breach is 69 days1. Such a long detection process is caused by the volume of alerts that requires human investigation, while security teams are already overburdened.
(1 - IBM Security-Ponemon Institute 2018: Cost of a Data Breach Study)
No particular understanding of mobile applications
An application can be compared to an iceberg as most of its actions are performed in the background, making it tricky to unravel whether it’s safe to use or not. Without any app analysis capability, experience nor knowledge to rely on, EDR only detects known behaviors, while letting all 0-day malwares, leaky and vulnerable applications slip through.
(2 - “Mobile security report”, Pradeo, 2021)
MOBILE THREAT DEFENSE TO CLOSE THE MOBILE SECURITY GAP
“In response to the dynamic nature of the immediate threat landscape, Gartner recommends that organizations invest in security solutions that are agile enough to evolve alongside it. Many organizations waste time on legacy security technologies that have lost efficacy, or they continue to needlessly tune effective controls." said Jonathan Care, senior research director at Gartner.

SECURITY FEATURES REQUIRED TO PROTECT MOBILE DEVICES

Endpoint Detection & Response Mobile Threat Defense
Prevention
App threat
Network threat
OS threat
Detection
Mean time to detect threat 197 days* Real-time
Leaky / intrusive application
Unknown malware (95% overall)
Malware with viral signature (5% overall)
Network attack
OS exploit
Remediation
Mean time to contain an attack 69 days* Real-time
Automation
Analytics
Threat hunting
In-depth mobile application security analysis
Compatibility
Multiprofile security for Android Enterprise devices
Advanced integrations with UEMs

* IBM Security-Ponemon Institute 2018: Cost of a Data Breach Study