The “bring your own device” (BYOD) trend is in full swing at many organizations these days, and one real challenge for administrators is ensuring security when dozens of different devices and operating systems can access internal as well as external resources.
Trend Micro’s Mobile Security for Enterprise 7.1 is not simply an antivirus or antimalware client for each device. The total system includes a master server and policy server, a Microsoft SQL server, directory services (usually Active Directory), and a certificate authority and simple certificate enrollment protocol (SCEP) server.
Getting all the pieces installed and communicating with each other is tricky, but this is mostly a function of the requirements of the platform, such as the BlackBerry Enterprise Server (BES) for BlackBerry devices. Once the servers and certificates are set up, delivering the software to each mobile device is straightforward. During testing, one threat was detected: the airline reservation phishing e-mails that take users to a site that installs a Trojan. Clicking on the link generated a warning, and the site was blocked.
Trying to ensure some level of protection against malware is difficult, and many of the products available are unique to a given platform. Mobile Security for Enterprise 7.1 is one of a few products that support nearly any type of mobile device, including Windows mobile devices, iOS, Android, Symbian and BlackBerry.
In addition to installing and updating security software, the system can implement specific policies. This includes a remote wipe of data on lost or stolen devices, encryption enforcement, and for Android phones, call filtering that can restrict incoming or outgoing calls.
The clients provide antimalware scanning, a firewall feature to block incoming threats, web security to keep users from inadvertently visiting malicious websites and SMS antispam that prevents the device from receiving SMS messages that are malicious or uninvited.
The overall system of the OfficeScan and Mobile Security Server policy server and mobile-device components offers the administrator a unified approach to securing mobile devices. This ensures that data on the devices remains secure and that mobile devices don’t become unintended holes in the organization’s firewall, allowing attackers a back door into the network.
The system can also block certain actions, such as USB connections or data copying, which keeps the device from being connected to unauthorized systems. It also can restrict specific types of traffic, such as incoming calls from 800 numbers, depending on the mobile platform.
One major disadvantage is not unique to Trend Micro, but to the category as a whole: Each device manufacturer has different requirements, and supporting all available platforms may take quite a while to figure out. Fortunately, Trend Micro has done a good job of documenting the procedures necessary. Also, figuring out costs can be tricky, as the OfficeScan server licenses and Mobile Security licenses are separate and vary with the numbers of licenses purchased.