The SCAN Principle: A new way of thinking about mobile security
Consumers and enterprises looking to secure their mobile data face a challenge. Mobile devices offer a broad attack surface, attack methods are constantly evolving, and the security solutions that worked for traditional computing (i.e. laptops and workstations) just don’t translate to mobile. To meet this challenge, we’ve focused on a principle for mobile security that we call SCAN, which examines the key layers of protection _ Systems, Configurations, Apps and Networks _ in order to provide a comprehensive, in-depth evaluation of your device’s vulnerabilities and begin addressing these risks. For more information about how you can use the SCAN principle to better secure your mobile ecosystem, contact us.
System testing is used to determine issues like whether your device is running the most current version of the operating system, as a number of exploits take advantage of known flaws in previous versions. Many users are less than vigilant about upgrading in a timely manner, and our free mobile security app NowSecure Mobile can determine what version of an operating system is installed on your device and recommend updating to improve your overall security score.
Configuration testing involves investigating significant security issues such as a lack of passcode or a jailbroken device. NowSecure Mobile will alert you if your device configurations are potentially putting your data at risk.
Unsecured apps are the biggest threat facing mobile device users today. Too often in the app development cycle, speed-to-market trumps robust security testing. Last year we tested 100 popular apps in a variety of categories, examining them for man-in-the-middle and SSL attack vulnerabilities, whether they stored passwords and other sensitive data in their memory, and other common security concerns. Our study found that 60% of apps received a”High” risk rating in one or more categories. All of these were apps offered through official app stores Google Play and iTunes, where the security bar is considerably higher than third-party app marketplaces. NowSecure Mobile can warn you if you have an app with known vulnerabilities installed on your device, can tell you where your apps are sending information and whether that data is encrypted. The NowSecure Mobile Apps will also determine if you are running the latest version of your apps in order to keep you up-to-date with any security patches the vendor might have included in new releases.
As you go about your day _ commuting to work, stopping off at the coffee shop, going to the gym, the grocery store, etc. _ your mobile device may be connecting with a variety of wifi networks. But not all of these networks are secure. Insecure wi-fi connections can allow attackers to intercept traffic from your device and mine it for sensitive data. NowSecure Mobile can prevent this by testing whether your connections are secure and warning you in real-time when they are not.
But what about malware?
You might notice that the SCAN method doesn’t include anti-virus scanning or address malware detection. The hard fact is that while malware is a legitimate security concern, the anti-malware approach to mobile security just doesn’t work. Attacks evolve too quickly and malware detection depends on checking against a database of known bad code – it won’t do much to protect you against code the attackers will be using tomorrow. A recent study at Northwestern University concluded that the leading mobile anti-virus programs were”susceptible to common evasion techniques” that rendered them largely ineffective. Anti-virus programs worked great for traditional computing, but mobile security is a new paradigm requiring broader-based solutions.
How can you apply the SCAN principles to your enterprise?
Find a mobile security solution that provides comprehensive mobile protection – system, configurations, apps, and network. The NowSecure Mobile Apps provide risk ratings for individual devices and BYOD organizations based on these four principles to provide you the most advanced BYOD protection available.