I read with interest the news about FireEye’s announcement of a Mobile Threat Prevention capability today, which seemed to me to be only a half-step forward, and one that will likely cause some confusion.
There are two reasons this capability is a half step forward. First, it doesn’t cover the iPhone apps, which are far more difficult to get at than Android. Second, once you find that an app is bad news, FireEye doesn’t do anything. You must use APIs to the take some action, presumably by invoking some Mobile Device Management or other security capability.
There is no doubt that scanning apps for malware is needed. But at Zscaler, we think that its better to start with a full step. Our mobile security solution works by using a global cloud as a gateway for all mobile traffic from any device. We have our own list of Android and iPhone apps, and of malware of all sorts that may exist on PCs, Macs, iPads, tablets, etc. When we notice traffic from one of these apps, we shut it down. We can then send alerts about what is wrong or automatically invoke a response through MDM. But the app cannot do its damage because it cannot reach outside of the device.
Creating a comprehensive mobile solution is a challenging problem. Quarter, half, and whole steps may be needed to get there. However, we think it’s good to start with a solution that delivers a whole step, meaning more security on the device, from day one.