IBM MaaS360

 View Only

Unlocking the Full Potential of Mobile Threat Defense: Key Role of Permission

By Manish Ranjan posted 6 days ago

  

Unlocking the Full Potential of Mobile Threat Defense: Key Role of Permission

In the ever-evolving landscape of cybersecurity, mobile devices are increasingly targeted due to the sensitive data they carry and the huge dependency of human on handheld devices. MaaS360 MTD provides a robust solution to detect, manage and mitigate these threats, ensuring that devices and enterprise data remain secure. 
 
However, a device permissions play crucial role in security framework and device security depends on proper configuration of the permissions. Let’s explore how MaaS360 MTD works and why providing required permissions is critical for its effectiveness.

What is MaaS360 Mobile Threat Defense (MTD)?

Mobile Threat Defense (MTD) is a feature of MaaS360 that integrates advanced threat detection capabilities to protect mobile endpoints from different threats. It monitor and identify threats in real-time, including: 

  • Network threats: Man-in-the-middle attacks and insecure networks. 

  • App-based threats: Malware or applications with malicious behavior. 

  • Device-level threats: Jailbreaking, root exploits, or unauthorized system changes. 

With MTD, administrators can view of threats, allowing them to respond proactively and minimize risks. 

Who can leverage MaaS360 MTD?

Non-federal customer with Mobile Threat Defense offering can have access to non-compliance feature. The Mobile Threat Defense offering supports both iOS and Android Enterprise devices. 

How to avail Mobile Threat Defense?

The Mobile Threat Defense Advanced offering is under limited availability currently. Please reach out to IBM MaaS360 Technical Support if you need this enabled on your account. 

Once Mobile Threat Defense Advanced is enabled the IBM MaaS360 MTD app is automatically added to the App Catalog in IBM MaaS360 Portal. The required app configurations are automatically applied to the IBM MaaS360 MTD app in IBM MaaS360 Portal. The risk rules for the IBM MaaS360 MTD app are added to the Risk Rule Configurator dashboard. 

Note: As a part of setup few items are created and the admin must not modify or delete them. These items are created for the functioning of MTD. 

  • Portal admin 

  • App Access Key 

  • Default MTD group 

  • IBM MaaS360 MTD app for iOS and Android OS 

  • App Configurations for iOS and Android OS IBM MaaS360 MTD app 

How to start with Mobile Threat Defense?

On enablement of service another important task is to configure Endpoint security policy (ESP). Select the existing ESP policy and under Mobile threat defense tab enable the checkbox attributed as “Advance protection".  

Device Permissions: Backbone of MTD functionality 

While MaaS360 MTD offers advanced threat detection, its effectiveness lies on one crucial factor: device permissions. Without the proper permissions, MTD cannot function optimally, leaving devices vulnerable and enterprise data at risk. Let’s explore why these permissions are so vital. 

The role of permissions in MTD functionality 

To detect and mitigate threats effectively, Maas360 MTD app requires specific device permissions. These permissions enable the MTD sdk to collect telemetry data crucial for threat analysis. Missing permissions compromise the app’s ability to function as intended, rendering the device non-compliant for MTD and creating security blind spots. 

Commonly required permissions 

The missing permissions, sometime referred as "Compliance Events" for MTD within MaaS360, are critical for ensuring optimal device security and include the following 

  • VPN Permission Required - Secure Wi-Fi  

    • It is required by the app to protect network data in the event of a malicious network attack.  

  • VPN Permission Required - Secure Web 

    • It’s required to keep devices safe from risky websites. 

  • Storage Permission Required 

    • This permission is required by the app to scan the device's local storage to identify risky or malicious apps that may steal personal or sensitive information. 

  • Notification Permission Required 

    • It is required by the app for users to receive on-device alerts about mobile security. 

  • Location Permission Required: iOS 

    • In iOS this permission is required by the app to include location information when reporting mobile threats. Location data provides real-time information on nearby Wi-Fi risks.

    • For Android it required by the app to protect devices from sophisticated network attacks. 

  • Local Network Access Permission Required 

    • Local network access is required by the app to enable the protection of devices from sophisticated Wi-Fi-based network attacks. 

  • Link Verification Disabled - Safari Extension 

    • Link verification often refers to the process of ensuring that links are legitimate and trustworthy. This being disabled will impact checking for malicious or phishing URLs. 

  • Device Admin Permission Required for Samsung Knox 

    • Device admin permission is required by the app to enable Samsung Knox functionality to protect devices from mobile threats. 

  • Bluetooth Permission Required 

    • Bluetooth permission is required by the app to detect unknown tag trackers that could be tracking the device's location. 

  • Battery Permission Required 

    • The app requires battery optimization permission to allow it to stay active when running in the background and ensure continuous protection on the device. 

  • Always-on VPN App Set 

    • An app has been configured as an always-on VPN on this device. The app may monitor device communications with the Internet. Denying permissions to it may increase the threats it poses on the Internet.  

If any of these permissions are missing, the device will be unable to accurately detect and report potential threats. This limitation can result in significant gaps in security, as the device may fail to identify vulnerabilities, malicious activities. Such gaps increase the risk of attacks or unauthorized access, potentially compromising the overall safety of the network and sensitive data. Ensuring that all required permissions are granted is critical to maintaining robust threat detection and response capabilities. 

 How MaaS360 handles missing MTD permissions?

Workflow Architecture 

Below is the architecture diagram illustrating the workflow: 

  1. Detection: The MTD app identifies missing permissions and reports them to the  MTD cloud and these events are pushed to Maas AWS. 

  1. Aggregation: These events are filtered, transformed and stored in an OpenSearch index of Maas.  

  1. Reporting: The MaaS360 displays these events and highlights them in the security dashboard. 

  1. Notify: Maas notifies users via notification on their device for missing permissions also user can see missing permissions onto the Maas application with the list of missing permission. 

  1. Actions: The administrator has the ability to take specific actions to manage devices that are deemed non-compliant. These actions may include placing the device in quarantine to restrict its access to email, wi-fi, sending notifications to the user of the device to inform them about the missing permission. 

Why ensure no MTD permission is missing? 

How to maintain device compliant with MTD? 

   Regular Audits: Use the MaaS360 dashboard to monitor missing permission statuses and notify device so that user can ensure necessary permission are given to MTD app.

    1. Note: To support this kind of Audit new compliance UI will be introduced which focuses on only those devices which do not meet the criteria set for being compliance.

Compliance UI On Security Dashboard

A new dynamic widget highlighting device setup errors will be introduced to the security dashboard landing page for customers with MTD enabled. The widget will display the count of devices with compliance errors. If there are no non-compliant devices, the widget will remain hidden.

If user wishes to see details about the devices click on ”View devices” which in turn opens a list of devices which are non-compliant. This page also provides various filters and search on device.

    Actions: Admin have provision to view the non-compliant devices and supports various actions. If a user device fails to comply to give permissions to the device and posing a threat, admin can either notify device or quarantine the device.

Maas360 App: Maas360 app highlights and displays the missing permission in the security container. From where user can give the missing permissions and allow MaaS360 MTD to work to perfection.

Summary: 

Necessary permissions is the key element in MTD solutions 

In today’s world mobile security cannot be taken lightly. MaaS360 MTD offers an advanced, proactive defense solution against a range of threats. However, its effectiveness depends on ensuring that all required permissions are in place. By staying compliant and leveraging MaaS360’s capabilities, organizations can ensure their mobile security posture and stay ahead of evolving threats. 

0 comments
13 views

Permalink