MOBILE DEVICE AGENT A behavioural risk agent assesses computing payloads of applications, network chatter and content-delivery channels
Cybersecurity and protection company Check Point has released a mobile threat-prevention system to protect business information contained in mobile devices from cyberattacks, says Check Point Security Technologies mobility product management head Michael Shaulov.
Shaulov is an entrepreneur who founded mobile cybersecurity company Lacoon, which was wholly acquired by Check Point. The mobile threat prevention system protects devices from malware, from attacks and exploits when connecting to public WiFi hot spots and also scans all file attachments for malicious content.
“The aim is to protect mobile devices from all attack vectors, and the predominant attack vector is not only public WiFi, but mobile applications (apps) that users download and install from reputable app stores and third-party app stores.”
Further attack vectors include multimedia messaging service messages and portable document format documents. The system protects against content sent to the devices that is designed to exploit the devices, he notes.
The mobile threat-prevention solution can detect and protect against threats from all these vectors because it uses a behavioural risk engine consisting of algorithms that assess applications, network chatter and all content-delivery channels, such as multimedia messages, to determine whether a device is infected, vulnerable, compromised or secure.
The solution requires that mobile devices have a low-resource app to run the algorithms, while further algorithms operate within the overarching cloud system through which devices communicate information to the enterprise and store company and workflow information.
“Once we detect that a device is compromised, we can remotely trigger a remediation process on the device and assist the user in removing the threat or in mitigating it.”
The solution relies on close integration with mobile device management vendors’ systems, which enables it to apply policies on the mobile devices, such as disconnecting compromised devices from corporate emails or prohibiting the device from accessing or opening corporate documents, Shaulov explains.
The system is available for Android and iOS mobile operating systems, and the Check Point mobile product division, under Shaulov, is examining the development of the system for devices using the Windows Mobile operating system.
One of the design criteria of the system was that it does not impact too severely on users’ devices, says Shaulov: “The mobile app agent uses limited resources on the mobile devices, and typically consumes less than 2% of battery life over 24 hours and requires negligible amounts of bandwidth to communicate.”
It is also built with stringent privacy mechanisms and does not collect personal information of users. All information sent to the cloud for management and administration is anonymised on the device prior to transmission, he adds.
The cloud portion of the system enables corporate users to view statistics and analyses across all the devices on their networks, as well as risks and attacks. It also enables users to drill down and interrogate the intention of malware, for example whether malware tried to activate a device’s camera or access contact lists, in analysing threats to an enterprise.