Machine Learning-Based Threat Protection Extends Mobile Security for Agencies

AI Cyber World machine learning-min

When it comes to protecting mobile devices and applications, Federal agencies need security capabilities that travel with devices and proactively protect them against all types of cyberattacks, experts say.

According to the Department of Homeland Security (DHS), the government’s increasing reliance on mobile technology has made it an attractive and lucrative target for cyberattacks. “The enhanced capabilities mobile technologies provide, the ubiquity and diversity of mobile applications and devices, and the typical use of the devices outside agencies’ traditional network boundaries requires a security approach that differs substantially from the protections developed for desktop workstations,” according to DHS’ Mobile Security R&D Program Guide, released in April 2018 by the department’s Science and Technology Directorate.

For enhanced protection agencies can tap into an emerging set of tools, described by Gartner as mobile threat detection (MTD). MTD extends enterprise mobility management (EMM) and mobile device management (MDM) solutions with additional security capabilities. The research firm IDC calls this market segment mobile threat management (MTM) while other research companies use the term mobile threat prevention (MTP).

Whatever they are called, these solutions consist of a mix of capabilities, including vulnerability management, anomaly detection, behavioral profiling, code emulation, intrusion prevention, host firewalling, and transport security technologies to defend mobile devices and applications from advanced threats.

“MTD solutions protect mobile devices against a wide array of mobile threats through application scanning and risk management, network protection, behavioral anomaly detection, and vulnerability management,” Patrick Hevesi and Michael Isbitski, research directors with Gartner for Technical Professionals, write in Gartner’s Comparison of Mobile Threat Defense Solutions, released in July 2018.

Traditional EMM/MDM security tools access signature databases that can flag certain signs of known attacks. However, high-value data is prone to zero-day attacks unlisted in any database. Gartner recommends layering MTD on top of EMM and MDM solutions to yield greater protection.

Machine Learning-Based Protection

Other cybersecurity experts note that machine learning software on the device can proactively protect devices wherever the user travels.

Mobile devices pose significant information security risks to government agencies, according to Gary Bradt, vice president of public sector with Zimperium which provides cyber threat protection for mobile devices including smartphones, tablets, and Internet of Things (IoT) devices.

Cyber criminals can compromise devices and steal government information through a variety of attack methods, such as compromising WiFi connections, the use of malicious access points, attacks on mobile operating systems, side-loading of applications, and introduction of risky/non-compliant apps.

The mobile devices of government employees are the weak links in the mobile security armor, exposed to hackers who can target users’ smartphones or devices while they are connected to Wi-Fi networks at coffee shops like Starbucks, Bradt noted.

Protection against persistent threats and zero-day attacks requires on-device machine learning software that looks for anomalies in device behavior. “If there is bad behavior on the device, it should be able to notify users that they’re under attack,” Bradt said. The MTD solution should be able to monitor the entire mobile device for malicious behavior regardless of the attack entry point. A device-wide resident approach does not rely on external IDs or malware signatures and does more than app scanning, he noted.

“The whole point of machine learning is to detect things that you’ve never seen before,” said JT Keating, vice president of product strategy at Zimperium. Machine Learning capability is critical for mobile devices because users are the administrators and decide when they are going to update software.

“Consistently about 70 percent of devices in our environment are at least one or two operating system versions behind,” Keating said. This means there are publicly-available or easily-accessible exploits on the internet that can take over these devices. If a user doesn’t have machine-learning capability when a hacker tweaks his exploit, it won’t be detected. However, like a stone thrown across a lake creates ripples, attackers create ripples when they try to compromise a device–when they elevate privileges or take root access. A good MTD solution will detect those ripples. MobileIron and Symantec are other companies providing MTD solutions.

“Intelligence gathered by machine learning is only valuable if agencies have a large enough global dataset to train machine threat models on to understand if a potential threat signal is normal, rare or truly anomalous,” said Bob Stevens, VP of Federal Systems at Lookout. “Using a cloud-first, machine learning-driven MTD analysis engine for on-device security enables a faster, more secure approach,” he said.  Lookout is a cybersecurity company for the post-perimeter, cloud-first, mobile-first world. Powered by the largest dataset of mobile code in existence, the Lookout Security Cloud provides visibility into the entire spectrum of mobile risk.

Meanwhile DHS’ Science and Technology Directorate is developing innovative security technologies to accelerate the adoption of secure mobile technologies by DHS, the entire Federal government, and the global community. Current areas of development underway spanning mobile device security and mobile application security are: mobile software roots of trust, firmware security, virtual mobile infrastructure, continuous validation and threat protection for mobile apps, and tools to integrate security throughout the mobile app development life cycle.

DHS also has identified a need for a new research and development project focused on security and resilience of mobile network infrastructure, according to the Mobile Security Program Guide. The hope is that by intermeshing these newly developing technologies, Federal agencies can begin to rely more on mobility computing while mitigating some of security risks that poses today.

Recent