Cybereason Mobile MDR gives enterprises a managed solution that will detect and prevent suspicious activity on mobile devices, while through Cybereason Mobile it provides access to a team of iOS and Android analysts, 24x7x365, for efficient discovery, triaging and mitigation of mobile incidents.
Cybereason Mobile uses machine learning algorithms to generate a baseline of normal activity on mobile devices to immediately detect any abnormal or potentially malicious activity. A sensor deployed on all mobile devices detects relevant information and sends it to Cybereason’s cross-correlation engine from where inferences can be drawn on the mobile behavior and any necessary mitigation enforced.
With some estimates suggesting that 60% of all emails are now read on mobile devices, mobiles can no longer be considered as separate to classical enterprise security. Compromised mobile devices are not unusual. The compromise could come from phishing via the emails, or via a malicious app unwittingly installed by the user. Once compromised, all stored credentials are at risk — including access to the corporate network.
“Cybereason Mobile,” Cybereason’s Maor Franco told SecurityWeek, “can be configured to enforce preventative actions when a new threat is identified to stop the spread of malware across the enterprise, using mobile as a way into the network. In this case, mobile is even riskier. The attacker doesn’t require a back door in the network when using the infected mobile device to enter through the front door.”
This is not a mobile device management (MDM) product. Such systems have traditionally concentrated on separating corporate and personal activity on a mobile device rather than directly ensuring its security. While Cybereason Mobile can obviously be used on company-owned devices that prohibit personal usage, separating personal and company usage on a fully protected device becomes less of an issue. It can consequently also be used on personally owned devices.
This has been well received by users. “With the escalated threat landscape, the mobile security mindset — protecting both the corporate resources available on the device as well as the user personal information — is well received,” explained Franco. “Empowering the end-users to see what is being collected, the seamless deployment to any device, and a complete protection knowing privacy is well kept is well understood and appreciated.”
Examples of the mobile security features provided by Cybereason Mobile include the detection of any app controlled by attackers, whether through initiating suspicious connections to remote addresses, modifying legitimate app libraries or injecting foreign ones, re-signing applications to elevate privileges, or distributing spyware techniques. This includes, added Franco, “a legitimate mobile app that is used for another purpose than it was published for — which is considered an anomaly, such as ToTok.”
Cybereason Mobile will also detect any system tampering, such as an attacker’s removal of the security limitations put in place by the device manufacturer. It also detects any physical USB tampering. “Thanks to recent iOS and Android exploits that allow anyone with physical access to a device to permanently jailbreak or gain root access, visibility to USB connections is a critical capability for mobile solutions. Once exploited, attackers are able to perform an array of actions, from intercepting phone calls and network traffic to later obtaining the physical location of the device.”
However, while Cybereason Mobile provides security to individual devices, it goes beyond just mobile security. Through integration with the wider cyber defense platform and use of Cybereason’s cross correlation engine, security teams can view anomalous mobile behavior in the full context of a wider attack scenario against the network.
A mobile device is as much an endpoint as a desktop computer, but the two have often been considered and treated as separate problems with separate solutions. By combining the Cybereason Mobile with the existing Cyber Defense Platform, this new Cybereason offering provides a single pane of glass for visibility into and security for both types of endpoint.
Boston, Mass-based Cybereason was founded in 2012 by Lior Div (CEO), Yonatan Amit (CTO), and Yossi Naar (CVO). It raised $200 million in a Series E funding round in August 2019, bringing the total funding raised to date to $388.6 million.