Proactive Remediation for Next Generation of Mobile Security Tools
Alex Lisle, Chris Gogoel and Melissa Gaffney
May 3, 2022
The threat landscape has evolved and expanded alongside the explosion of application development. In fact, global application development software is projected to expand at a compound annual growth rate of 24.3% from 2021 to 2028, according to a report from Grand View Research. As application development continues to grow, it has put a spotlight on the lack of cybersecurity resources to manage updates and patches for the hundreds of applications. With the average time to fix a critical cybersecurity vulnerability being 205 days, it proves that security leaders must proactively remediate vulnerabilities to combat modern day threats.
If we look at the successful attacks, they have opened our eyes to a new reality – that traditional scan-and-patch tactics are no longer enough to protect our valuable information. The premise of being able to trust a machine or user because they’re within an artificial boundary such as your internal network has been proven time and again to be false. East to west migration is an established attack pattern which has been leveraged to great effect time and time again. Although monitoring and reacting to violations is still important, there needs to be a bigger discussion and emphasis on proactive remediation. Shifting from a classic reactive cybersecurity model to proactive remediation means identifying vulnerabilities and risks before they are exploited. This contrasts with the current approach of MTD solutions that monitor and react to active risks on devices.
Reactive remediation necessitates monitoring sensitive information on channels (i.e. network) for an active risk and responding to remedy it in real time. While proactive remediation is gained by performing in depth assessment of the device, applications, and configuration prior to a risk being active and then adjusting configuration or trust level to prevent the risk from materializing.
In the context of an application like TikTok who was identified as a company who shares data with China. With a reactive approach this would be identified when an application sends user data on an end user device to China, monitoring the user’s network traffic and then blocking these requests in real time. Alternatively, a proactive approach may be taken by performing Mobile Application Security Testing (MAST) type solution on the application before it is deployed, and while it is in deployment, and intelligently remediating to prevent the risk from being exploited by blocking connections to the destinations or removing the application before any data and information is sent to China and without invasively monitoring the user’s network traffic. A proactive approach allows organizations to prevent risks from being present on a device rather than reacting to risks already active on a device.
As threats continue to evolve and hackers become more sophisticated, businesses need to reevaluate their cybersecurity strategy. Organizations can benefit from proactive remediation, with the correct tools in place businesses eliminate the need for any manual threat removal because the threat would be caught earlier on and there will not be as many remediation demands. Also, discovering a threat before it is exploited reduces downtime and gives IT and your cybersecurity staff time to focus on critical issues.
We can no longer afford to leave vulnerabilities unaddressed for 205 days or more. Getting ahead of the attack curve means not only advancing beyond the traditional scan-and-patch tools that are often too late. Staying ahead requires augmenting them with early insights and proactive remediation solutions to make smarter and faster security decisions.