IT managers often wonder whether they should be installing antivirus software on enterprise smartphones. Like most security questions, the answer is a clear-cut “it depends.”
First and foremost, it’s important to define the scope of protection. Antivirus is a misnomer; antimalware is more accurate. But the best way to think of these tools is as endpoint security suites, very similar to the endpoint security installed on corporate laptop and desktop systems. Leading products don’t just protect against viruses, they’re full mobile device security suites. If you find a tool that’s nothing but antivirus protection, you’ll know it isn’t state-of-the-art and won’t be very useful to you. In today’s security landscape, organizations need to outfit their hardware with software that does more.
Enterprise-class antimalware tools have another characteristic: centralized management consoles. This creates some overlap with common mobile device management (MDM) and enterprise mobility management (EMM) solutions, but each software system still has its differences.
Addressing endpoint security
So what’s in these endpoint security tools? Well, the vendors are still trying to figure out the best features, so their tools often provide a little bit of everything. The common denominator is basic antivirus and antimalware protection.
But on a well-managed Android smartphone, basic antimalware protections aren’t going to come into play very often. Although malware can infect smartphones through web browsing, the most dangerous types of malware are linked to infected applications.
IT managers who block nonapproved stores and use application whitelisting are unlikely to run into malware riding on top of normal applications. Many IT managers who have activated these operating system protections are wondering if they really need an endpoint security suite. And that’s what brings administrators to the answer of “it depends.”
Endpoint security in mobile environments
Android endpoint security suites usually include a number of other features, which can help IT admins determine if additional software is needed. These features can be divided into ones that look familiar to desktop managers and ones that are unique to the mobile environment.
A very common feature in endpoint security suites, for both desktop and mobile, is web filtering. This blocks or alerts users who are trying to browse webpages that have web-based malware or phishing or are out-of-policy for the enterprise. IT managers who think they’re particularly susceptible to credential theft attacks might find web filtering a compelling reason to install antivirus so they can improve mobile device security.
Because mobile endpoint security suites are integrated with enterprise consoles, IT managers can also use them as “MDM lite” tools with a restricted set of features. Many mobile device security products have the ability to control certain security policy features through their enterprise consoles. Features such as device unlock configuration, network access policies for unsecured Wi-Fi and remote wipe have all made their way into mobile endpoint security suites.
IT managers who haven’t chosen to implement a full-fledged MDM or EMM product may be able to get additional security by installing mobile antivirus. Enhanced device monitoring provided by the enterprise console is another reason to consider an antivirus suite. Unfortunately, the reverse isn’t true: Just because you have a full MDM or EMM installed doesn’t mean antimalware is superfluous.
Evaluating mobile-specific features
Some endpoint security products also have mobile-specific features that allow for a unified set of features across different smartphone platforms. For example, endpoint security products can audit and control smartphone features such as location tracking, cameras and microphones by using the host operating system capabilities — a difficult task when it comes to laptops.
Containerization is another a mobile-specific feature with significant endpoint security benefits. The endpoint security suites that have containerization provide a more homogeneous experience across the end-user community when heterogeneous devices are in use. Containerization provides IT professional an extra layer of data protection and provides employees a secure environment where they can access sensitive information.
How to build an effective incident response plan
White Paper
Get this free guide on how to respond to mobile security breaches — or thwart them altogether. Download Now
In other cases, endpoint security solutions add clever features that make sense only in a mobile environment. “Find my phone” and remote wipe are well-understood mobile security features, but they’re just a start. Several products watch the smartphone SIM and can send an alert when the SIM is changed or the phone is jailbroken, which can indicate the phone has been stolen or tampered with.
Another application is anti-spam protections. An enterprise’s email service usually monitors email spam and phishing, but what about SMS spam or unwanted voice calls? Several mobile endpoint security solutions can help with that. Both of these areas are examples of where IT managers looking for specific added security — beyond basic antimalware protections — may want to turn to endpoint security suites.
The different features, risks and mitigations make it clear that there’s no clear answer. Installing antivirus software will depend on your organizational needs. IT managers with a very low-risk profile may find that antimalware tools increase cost and complexity. Organizations that decide they need additional protections or specialized features will want to use an endpoint security suite.
Endpoint security suite vendors are working hard to earn their keep, and their products bring much more than basic protection against viruses. These products should be explicitly evaluated by every IT manager.
Ensure your business devices are secured with Knox Suite, which combines Knox Mobile Enrollment, Knox Platform for Enterprise, Knox Manage and Knox E-FOTA in a single product. And discover which biometric authentication method keeps your devices most secure.
