Posted: 3 Min ReadExpert Perspectives

When EMM Alone is Not Enough

Mobile Threat Defense to the rescue

Is Enterprise Mobility Management (EMM) sufficient against threats? The short answer: No. 

While EMM is designed to control and manage an organization’s mobile devices, it falls short when it comes to detecting and stopping mobile-specific threats, like malicious apps, phishing and man-in-the-middle (MITM) attacks.

That’s why Symantec Mobile Threat Defense (MTD) is key to filling those gaps. MTD detects and defends against mobile-specific threats like malicious apps, phishing and network attacks. EMM vendors depend on MTD providers to monitor activity, identify threats, and enforce mobile security policies.

Still skeptical? Let’s look at the data.

Symantec recently examined the very mobile incidents you want to mitigate at a real-world Fortune 500 company with more than 400,000 global employees. Our team analyzed the threats that would've been successful if the company had relied on EMM alone. Here are two real-world attack scenarios we uncovered where MTD proved essential—threats that would likely have succeeded with only EMM in place.

Attack #1: Active Directory—the keys to the kingdom

The attack
A threat actor targeted the company's Active Directory by exploiting mobile security weaknesses, bypassing Multi-Factor Authentication (MFA) to capture Microsoft Identity Tokens through a MITM attack.

How it went down
It started with a mass SMS phishing campaign. Threat actors sent messages disguised as an IT update after harvesting employee contact information from public or dark web sources. When clicked, these messages downloaded and installed a malicious profile on the employee's iOS device. These profiles rerouted and decrypted previously encrypted traffic, allowing the attacker to intercept sensitive data and credential tokens required to access company resources like Outlook and Intune.

Example of how an attacker might access a user’s Outlook account
Example of how an attacker might access a user’s Outlook account

With the captured token, the attacker achieved lateral movement within the network, gaining unrestricted access without triggering any logs or alerts. 

How Symantec Mobile Threat Defense intervened
Symantec MTD identified and stopped this attack chain at the endpoint. With the protections of MTD:

  • 3% of users in the Fortune 500 company were targeted and protected from SMS phishing attacks.
  • 400 users with installed untrusted profiles were blocked from accessing internal services and data.
  • 25% of users were saved from potential MITM attacks before internal company services and data were exposed. 

To see this attack unfold, watch this brief walkthrough

Attack #2: Public Business App, Public Data Disclosures

The attack
Even approved business apps can harbor dangerous vulnerabilities. Insecure cloud buckets and hard-coded access tokens in mobile apps are significant security risks for businesses that often lead to the leakage of sensitive information.

How it went down
In this case, an approved business app was pushed to employees' devices via their Enterprise Mobility Management (EMM) platform. Despite the perception of security in publicly available apps, this app contained a hard-coded Amazon S3 token, which accessed resource files and internal backup files with sensitive data for all its users.

How Symantec Mobile Threat Defense intervened
Symantec MTD protection identified and mitigated this vulnerability. Symantec MTD flagged the app and helped the company report the issue, prevent a data breach and switch to a safer alternative app. 

Unfortunately, this type of threat is not uncommon. Our team found nearly one in four devices (24%) in the Fortune 500 company had at least one app containing a hard-coded Amazon S3 credential. Most organizations can't afford to block a quarter of the mobile fleet—but with a solid MTD, businesses gain the risk visibility they need to fine-tune protection policies and keep operations running securely.

The bottom line

EMM provides a foundation for endpoint device management, but it can’t keep up with today’s pressing threat landscape. EMM on its own can expose your organization to risks that can lead to costly attacks and employee productivity setbacks. MTD solutions like Symantec’s Mobile Threat Defense are the answer to today’s mobile device security challenges–and the key to stopping attacks before they harm your business.

Read the full analysis and findings in the whitepaper, Protecting Your Mobile Enterprise: When EMM Alone is Not Enough

Symantec Enterprise Blogs
You might also enjoy
4 Min Read

How Retailers Can Ring Up a Secure Black Friday

By protecting point-of-sale devices, retailers proactively protect their business on Black Friday and beyond with App Control

Symantec Enterprise Blogs
You might also enjoy
5 Min Read

Harnessing Zero-Day Protection for Microsoft Exchange Servers and Beyond

Unpacking data center security and why it’s paramount to your defense against emerging threats

About the Author

Kevin Watkins

Security Researcher

Kevin is a security researcher in Symantec's Modern OS Security (MOS) division. He's constantly researching new and innovative ways to automate discovery of threats impacting mobile users.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.