It is very difficult for companies to protect mobile devices for reasons such as technical issues (some devices will not install all the desired software); low battery capacity (when performing a lot of processes, the battery goes out) and because in many cases, the mobile devices are owned by employees. This is how Palo Alto Networks’s founder and CTO Nir Zuk defined the current scenario for mobile security.
According to Zuk, while Apple iOS is very closed and won’t allow antivirus software installation, it is much more difficult for malware to infect iPhones or iPads. On the other hand, Android’s open platform is very attractive for attackers. “In addition, there is no control over Android applications to identify malware. Apple controls apps,” Zuk said.
Indeed, according to the annual Symantec Internet Security Threat Report released in April, mobile vulnerabilities increased 93% in 2011. At the same time, there was a rise in threats targeting the Android operating system. According to the report, with the number of mobile vulnerabilities rising, malware authors are not only reinventing existing malware for mobile devices, but also creating mobile-specific malware geared to exploit the unique opportunities of a device. These threats are designed for activities such as data collection, content sending and user tracking.
Sensitive information is often available on mobile devices, and the danger increases as more workers bring their smartphones and tablets into the work environment faster than many organizations are able to secure and manage them. The BYOD (bring-your-own-device) phenomenon as it is known challenges companies around the globe when employees access business networks using personal devices.
“We are worried about two things: attackers who can control the device and once the device is in the network, can access enterprise data; and data leakage because mobile phones have very sensitive information on them,” explained Zuk.
Palo Alto Networks’ founder noted that most of the mobile attacks are general with the goal of getting a contact list to sell. “Mobile attacks can achieve the same sophisticated level as PC attacks,” he noted. “But there are not many solutions to address mobile prevention; there is not a single solution, even from us.”
Right now, in order to protect mobile devices from attacks, companies can take such measures as allowing network and data access only via virtual private network (VPN); installing intrusion prevention systems (IPS); checking all download applications to search for malware; making sure all the devices’ security settings are set correctly; and encrypting data in the device.
Zuk talked to RCR Wireless News when visiting Brazil to launch Palo Alto Networks’ office in São Paulo. The company will work through a channel partner, since they do not sell directly to enterprises. Palo Alto Networks started Latin American operations about ten months ago in Mexico. The executives did not reveal further details during the meeting because the company is passing through an IPO process.