Hey, Boss – I’m gonna take the Domain Controller out for coffee

Before mobile hardware and bring-your-own-device policies, IT infrastructure was stationary and access to your hardware, networks, and services was controlled physically and virtually. No one in their right mind would ever bring an unknown ethernet cable into the data center and plug it into a critical server (and anyone who tried would be met with a security escort).

With mobile devices, however, this happens all the time, disguised under the wonderful words “Free Wi-Fi”. When the modern employee leaves the office, they have that wonderful, useful, always connected mobile device sitting in their pocket or bag, happily connecting to Wi-Fi networks at each coffee shop.

There are very few devices that cross physical and virtual security perimeters daily, and it will only be a matter of time before mobile devices are attacked to become delivery mechanisms for nastier payloads intended for the internal network and systems. They can even be incredibly useful (for malware) as “phone” home mechanisms – by simply waiting until the connected network is another open Wi-Fi network that is definitely not running your enterprise data leak prevention software.

While there is an ongoing back-and-forth discussion about the severity of current mobile malware, it’s an undeniable fact that allowing mobile devices into an organization increases the risk profile substantially. It logically follows that these devices will only increase in attractiveness for malicious players as they become more ubiquitous and successful attacks can have more impact.

Mobile endpoint security is commendable so far, but one excellent, untapped resource is the context of the device. Mobile devices are well aware of their physical location, the networks they connect to, and other indicators of the context they are operating in. We have only begun to see the potential of using context to advance our security goals, and are excited to see the ideas coming over the next few years.

Our OptioCore product already provides an excellent set of context-based actions, such as changing the security policy of the device or disabling OS functionality such as the camera, but I envision that OptioCore and similar products will continue to evolve and utilize device context to advance organizational security in new and exciting ways for years to come.

By Hamilton Turner, Optio Labs Director of Malware Research

 

Share this blog