Skip to main content
        • Products

          Q-Scout

          Leading edge mobile device security delivering dynamic, actionable intelligence for fleet-wide protection applications

          Q-MAST

          Comprehensive testing for developers who build, use, and manage mobile applications

          Q-Vet

          Mobile app vetting for curated and enterprise managed app stores

        • Solutions by Want

          Mobile Application Security Testing

          Advanced analysis utilizing static, dynamic & interactive analysis of Android and iOS mobile applications

          BYOD

          Secure devices connecting to the enterprise network in the work and live anywhere world

          App Vetting

          Transparent and high-confidence results using pass/fail security evidence

          End Users

          Airtight digital security that empowers you to make informed decisions on what apps you do and do not give access to

          Regulatory Compliance

          Automated compliance testing for the latest privacy and security standards

        • Untitled Document

          All Resources

          Blogs

          The latest industry news in cybersecurity’s ever-evolving landscape

          Newsroom

          Press releases, news stories and media highlights from Quokka

          Webinars

          Videos and content where you can learn about the latest threats, trends and issues in cybersecurity

          Whitepapers

          Insights and helpful assets for exploring cybersecurity and digital security

          Datasheets

          An in-depth description of Quokka solutions

        • Partners

          Learn more about Quokka’s technology partners

        • Company

          Careers

          There are jobs - and then there is a career at Quokka

          Industries

          Solutions designed for security needs of your organization

          Leadership

          Quokka’s global management team comprised of security experts and industry leaders

  • Support

Proactive Remediation for Next Generation of Mobile Security Tools

Alex Lisle, Chris Gogoel and Melissa Gaffney | May 3, 2022

Alex Lisle, Chris Gogoel and Melissa Gaffney

May 3, 2022

The threat landscape has evolved and expanded alongside the explosion of application development. In fact, global application development software is projected to expand at a compound annual growth rate of 24.3% from 2021 to 2028, according to a report from Grand View Research. As application development continues to grow, it has put a spotlight on the lack of cybersecurity resources to manage updates and patches for the hundreds of applications. With the average time to fix a critical cybersecurity vulnerability being 205 days, it proves that security leaders must proactively remediate vulnerabilities to combat modern day threats.

If we look at the successful attacks, they have opened our eyes to a new reality – that traditional scan-and-patch tactics are no longer enough to protect our valuable information. The premise of being able to trust a machine or user because they’re within an artificial boundary such as your internal network has been proven time and again to be false. East to west migration is an established attack pattern which has been leveraged to great effect time and time again. Although monitoring and reacting to violations is still important, there needs to be a bigger discussion and emphasis on proactive remediation. Shifting from a classic reactive cybersecurity model to proactive remediation means identifying vulnerabilities and risks before they are exploited. This contrasts with the current approach of MTD solutions that monitor and react to active risks on devices.

Reactive remediation necessitates monitoring sensitive information on channels (i.e. network) for an active risk and responding to remedy it in real time. While proactive remediation is gained by performing in depth assessment of the device, applications, and configuration prior to a risk being active and then adjusting configuration or trust level to prevent the risk from materializing.

In the context of an application like TikTok who was identified as a company who shares data with China. With a reactive approach this would be identified when an application sends user data on an end user device to China, monitoring the user’s network traffic and then blocking these requests in real time. Alternatively, a proactive approach may be taken by performing Mobile Application Security Test (MAST) type solution on the application before it is deployed, and while it is in deployment, and intelligently remediating to prevent the risk from being exploited by blocking connections to the destinations or removing the application before any data and information is sent to China and without invasively monitoring the user’s network traffic. A proactive approach allows organizations to prevent risks from being present on a device rather than reacting to risks already active on a device.

As threats continue to evolve and hackers become more sophisticated, businesses need to reevaluate their cybersecurity strategy. Organizations can benefit from proactive remediation, with the correct tools in place businesses eliminate the need for any manual threat removal because the threat would be caught earlier on and there will not be as many remediation demands. Also, discovering a threat before it is exploited reduces downtime and gives IT and your cybersecurity staff time to focus on critical issues.

We can no longer afford to leave vulnerabilities unaddressed for 205 days or more. Getting ahead of the attack curve means not only advancing beyond the traditional scan-and-patch tools that are often too late. Staying ahead requires augmenting them with early insights and proactive remediation solutions to make smarter and faster security decisions.

Leave a Reply

Close Menu