A look at pre-installed mobile-malware protection on new mobile devices

Samsung recently announced that it will provide anti-virus protection on its Knox-enabled Android mobile devices. Knox provides security enhancements that include integrity checks, restricted access to container apps, and with the new announcement, the ability to detect mobile malware. The announcement for this news noted that the solution is geared for the workplace, and will be especially useful for BYOD scenarios.

I applaud the steps that Samsung has taken to raise the spotlight on mobile device malware. As one of the leading developers of Android devices, it’s commendable for Samsung to recognize that mobile malware is a concern for their security-conscious customers. These actions indicate that the baseline for protection against malicious software does not rest upon the standard operating system alone, and it requires additional measures to ensure a safe environment for the device and its data.

In my mind, there’s no question that these solutions provide the individual with a layer of protection over a standard device. These users chose Knox-enabled devices because they value security, and are getting a method for malware detection not typically found on other devices.

Questions arise when considering whether the benefits bestowed upon the individual are transitive to the business for which the individual works. Will pre-installed malware protection on personally owned devices help protect the business?

As a security practitioner for an IT organization, one must not only have the means to detect malware, but also methods to apply the detection across the entire user population in equal measure. For organizations with BYOD concerns, it’s a forgone conclusion that not every user in a workplace environment will have a Samsung phone. Even among those that do, not all of them will have Knox-enabled models with malware protection. The only safe assumption that we can make is that we can't assume the device can protect itself, because there are simply too many that cannot. In fact, the users who know the least about security are unlikely to spend a premium for it, thus necessitating the need for a broader level of coverage.

Businesses also need to deal with threats at different level and scale than individuals do. Highly targeted businesses may be exposed to customized malware. Diverse populations use a range of applications with file transfer capabilities besides email and web. Encrypted network protocols let malicious software escape detection. Infected devices leverage the network to receive more code, contact C&C servers and advance the attacker's agenda. All in all, effective threat prevention for businesses requires much more than just malware detection. It requires a concerted system for instilling control across the entire threat lifecycle, whether it’s blocking the malware from reaching the device to mitigating the damage from an infected device on network. An individual only cares about whether their own phone is compromised. A business needs to know if any device used on their network has been compromised.

The direction is clear, the threat landscape for mobile devices is changing, and mobile malware is now a concern for the device manufacturers as well. But in order for businesses to secure the mixed collection of devices used by a diverse user population, one must look beyond the state of security of an individual device, and determine how to deliver the necessary protection to all devices in addition (or even in lieu) of its inherent capabilities.