It’s 2015. Are we any closer to consensus on mobile anti-malware?

Back in February 2014, I wrote an article called "What can we say about the role of mobile anti-malware? Right now there are more questions than answers."

Back in February 2014, I wrote an article called “What can we say about the role of mobile anti-malware? Right now there are more questions than answers.”

Now it’s June 2015. Do we have any more answers yet?

Reports from Verizon and from Google both pointed to low incidences of mobile malware. And Android has more built-in features like Verify Apps and Safety Net to help avoid malware.

Mobile anti-malware still doesn’t get much attention from the big EMM vendors. It’s mostly legacy desktop antivirus vendors that are pushing it.

Instead, the closest related technology that’s getting traction is app reputation. (App reputation takes a much more holistic view of apps, with the central idea being that even if apps aren’t outright malware, they still have the potential to be risky, to varying degrees). (Some anti-malware vendors also do some form of app reputation, so maybe this is all just a semantics issue...?)

Besides app reputation, mobile security vendors (as opposed to general EMM vendors) are working hard on other things like network-based protection, authentication, hardening enterprise apps, and network access control.

But in general, there still doesn’t seem to be a standard accepted practice for mobile endpoint security issues.

In the mean time, EMM in general is more mature—nobody’s debating whether or not these things are a part of the enterprise anymore. We have most of the MDM and MAM tools we need. Today’s conversations are more about mobile enablement.

So where does that leave us on on the endpoints?

The focus today is on securing apps with MAM; secure remote connectivity; getting EMM tighter with identity and access management; single sign-on; authentication; network security (including things like that AirWatch/ VMware NSX network micro-segmentation effort); and even file-level mobile management (like the Microsoft Azure RMS Document Tracking and MobileIron’s Content Security Service).

So can we safely say that mobile malware isn’t a big deal to the enterprise, and that we have bigger fish to fry? Or are we being complacent? And if you think so, then are you doing anything about it in your environment?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

FYI - MaaS360 has integrated anti-malware leveraging the Trusteer cloud service (used by most banks in the world).


CraigC981 - Thanks, good to know, I'll be sure to ask them about this the next time I talk to them. Have you used it?