A common question posed by IT managers is whether or not they should be installing antivirus software on enterprise smartphones. Like almost all security questions, the answer is a clear-cut “it depends.”
First and foremost, it’s important to define the scope of protection. Antivirus is a misnomer. Antimalware gets closer, but the best way to think of these tools is as endpoint security suites, which are very similar to the endpoint security installed on corporate laptop and desktop systems. The leading products do not just protect against viruses — they are full mobile device security suites. If you find a tool that is nothing but antivirus protection, you know that it isn’t state-of-the-art and won’t be very useful. In today’s security landscape, organizations need to outfit their hardware with software that does more.
Enterprise-class antimalware tools have another characteristic: centralized management consoles. This creates some overlap with common mobile device management (MDM) and enterprise mobility management (EMM) solutions, but each software system still has its differences.
Addressing Endpoint Security
So what’s in these endpoint security tools? Well, the vendors are still trying to figure out the best features, so they often have a little bit of everything. The common denominator is basic antivirus and antimalware protection.
However, on a well-managed Android smartphone, basic antimalware protections aren’t going to come into play very often. Although malware can infect smartphones through web browsing, the most dangerous types are linked to infected applications.
IT managers who block nonapproved stores and use application whitelisting are unlikely to run into malware riding on top of normal applications. Because of the protections provided by application whitelisting and store restrictions, many IT managers who have activated these operating system protections are wondering if they really need these endpoint security suites. And that’s what brings administrators to the “it depends.”
Endpoint Security in Mobile Environments
Android endpoint security suites usually include a number of other features, which can help IT admins determine if additional software is needed or not. These features can be divided into ones that look very familiar to desktop managers, and ones that are unique to the mobile environment.
A very common feature in endpoint security suites, for both desktop and mobile, is web filtering. This blocks or alerts users who are trying to browse webpages that have web-based malware or phishing, or are out-of-policy for the enterprise. IT managers who think they are particularly susceptible to credential theft attacks might find web filtering a compelling reason to say “yes” to installing antivirus to improve mobile device security.
Because mobile endpoint security suites are integrated with enterprise consoles, IT managers can also use them as “MDM lite” tools with a restricted set of features. Many mobile device security products have the ability to control certain security policy features through their enterprise consoles. For example, features such as device unlock configuration, network access policies for unsecured Wi-Fi and remote wipe have all made their way into mobile endpoint security suites.
IT managers who have not chosen to implement a full-fledged MDM or EMM product may be able to get additional security by installing mobile antivirus. Enhanced device monitoring provided by the enterprise console is another reason to consider an antivirus suite. Unfortunately, the reverse isn’t true: Just because a full MDM or EMM is installed, that doesn’t mean that antimalware is superfluous.
Evaluating Mobile-Specific Features
Some endpoint security products also have mobile-specific features that allow for a unified set of features across different smartphone platforms. For example, endpoint security products can audit and control smartphone features such as location tracking, cameras and microphones, using the host operating system capabilities — a difficult task in laptops.
Another example is containerization, a mobile-specific feature with significant endpoint security benefits. Not every endpoint security suite has containerization, but many of them do, giving a more homogeneous experience across the end-user community when heterogeneous devices are in use. It also provides a secure environment where employees can access sensitive information, and IT professionals can have an extra layer of data protection.
In other cases, endpoint security solutions add clever features that make sense only in a mobile environment. “Find my phone” and remote wipe are well-understood mobile-specific security features, but that’s just a start. Several products watch the smartphone SIM, and can send an alert when the SIM is changed or when a phone is jailbroken — which can indicate a stolen phone or tampering.
Another application is antispam protections. Monitoring email spam and phishing is usually taken care of by the enterprise’s email service, but what about SMS spam or unwanted voice calls? Several mobile endpoint security solutions can help with that. Both of these examples are areas where IT managers looking for specific additional security, beyond basic antimalware protections, may want to turn to endpoint security suites.
The list of features, risks and mitigations makes it clear that there’s no clear answer, but installing antivirus will depend on organizational needs. IT managers who have a very low-risk profile may find that antimalware tools increase cost and complexity. Organizations that decide they need additional protections or specialized features will want to install an endpoint security suite.
Endpoint security suite vendors are working hard to earn their keep, and their products bring much more than basic protection against viruses. These should be explicitly evaluated — even if they are eventually rejected — by every IT manager.