To provide a comprehensive real-time view of an enterprise's mobile and BYOD risk posture, the service identifies vulnerabilities at each layer of the mobile stack (infrastructure, hardware, operating system, and applications), correlates this data with existing threats, and scores risks within the context of an organization's security ecosystem (e.g., use of security controls such as encryption, role-based access control, etc.).
It is composed of the following components and capabilities:
Mobile Entity Repository
Provides an inventory of mobile devices and associated attributes such as operating system status (version, jail-broken, etc.), device information (serial number, model, version, open ports, etc.), and current applications (version, hash, etc.). This information is gathered via connectors to leading mobile device management (MDM) and mobile application management (MAM) solutions.
Mobile Threat Intelligence Feed
Contains threat and vulnerability data for millions of enterprise, public, or private mobile applications as it relates to malicious functionality (e.g., activity monitoring and data retrieval, system modification), vulnerabilities (e.g., sensitive data leakage, unsafe data transmission, unauthorized permission requests), and privacy behaviors (e.g., collection of phone or location data, request of data outside of application sandbox). This information is used as a baseline to correlation with data contained in the Mobile Entity Repository.
Mobile Risk Score
Application-use risk for BYOD or HYOD is calculated based on mobile entity data, mobile threat intelligence feed, and contextual data (e.g., owner's organizational role, access rights, etc.). Risk scores can be used to determine whether or not to grant a device access to the network, and what, if any, limitations should be imposed. Once mobile access is granted, continuous monitoring can be used to maintain updated risk scores. Risk tolerance can be customized by the administrator.