Mobile threat intelligence is a boon, but beware of information overload

As threat intelligence joins with mobile security to protect enterprise mobile devices it won't be without some pros and cons.

As mobile devices increasingly become the target of security threats, some organizations are applying cyber security tools specifically for threat intelligence. This provides real-time data feeds about potential threats and malicious attackers present online. Security decisions can then be made on the risks seen in the threat feed.

Read on to hear experts ring in on some of the pros and cons about using threat intelligence for mobile security.

Diana Kelley, executive security advisor, IBM:

"The number one pro is faster dissemination of threat intelligence because if we don't know there's a problem we can't take action," Kelley said. "The faster you know there is a problem the quicker you can take action, and you can limit spread."

"I think as long as good guys are sharing information about what the threats are I don't think that there really is a downside to having this information and being able to act on it," Kelley said.

Andrew Conway, senior director of enterprise mobility, Microsoft:

According to Conway, The pro here is as applications move to the cloud, and as employees work from mobile devices, centering your threat intelligence around identity is that one control point that's so critical to access control.

While Conway didn't point to a specific con about using threat intelligence for mobile security, he recommended "If you are going to go with a threat intelligence approach, you are going to have to select a tool that can help you sift through a fairly epic data set."

Ed Fox, vice president of network services for MetTel and Max Silber, director of wireless services for MetTel:

Fox and Silber said using threat intelligence to get ahead of a new or developing threat as a pro for adopting it as a security measure.

As a con, Fox and Silber think that threat intelligence can become an all-encompassing and consuming, chicken little, sky is constantly falling, kind of department. To both men, threat intelligence can grow and grow, suck enterprise money and budget dry, just because there's a neurotic manager of the "threat intelligence" feed.

David Jevans, CEO and CTO, Marble Security:

"Well, I think the pros are that this is a great way to detect, not only sort of broad-based attacks, but very specific attacks," Jevans said. "So, there's no other way than threat intelligence to detect, for example, targeted attacks where someone might release an app that is designed for your iPhone and only triggers inside your organization and does bad stuff and very few people have it. The only way to detect that is threat intelligence. For example, if you've never seen an app anywhere in the world and then it shows up on three other users devices and does weird things, we know it's a targeted attack and we can share it across all the other companies."

Jevans said broad-based threat intelligence can be a con. Enterprises need to know how to consume threat intelligence and be able to score it as a true threat versus idle chatter.

David Goldschlag, senior vice president of strategy, Pulse Secure:

Goldschlag sees the pros of using threat intelligence for mobile security is finding new attack modes. He stands by the belief that the health of the mobile device along with the user's identity are critical to the security of enterprise mobile users.

As a con, Goldschlag sees much of what threat intelligence tracks is probably the responsibility of OS vendors and will be better solved by those vendors, both from the app store perspective and from controlling how device modifications take place.

Dr. Nicko van Someren, chief technology officer, Good Technology:

"Well, I think in terms of the cons, of course as I mentioned it in many, many cases the devices are not your devices," van Someren said. "They are personal devices, so there's a not insignificant privacy implication to this soft of collection of intelligence. If you're going to start watching everything that happens on the device, watching what applications are on the device, watching what network traffic goes in and out of the device, then you're going to spend an awful lot of time watching the user doing their personal stuff."

He said, "In a BYOD scenario. there's some significant complexity in working out how to do that in a way that isn't violating privacy. I think in terms of if somebody brings a device onto the corporate wireless network . I bring my Android tablet in and I connect it to the corporate LAN, then absolutely the corporation has the right to be watching every bit of network traffic coming in and out of that device because that's using a corporate resource directly."

"That device is now behind the firewall, and if it's running some port scanning program that the user didn't know about, you sure as hell want to know and you want to be able to tell the user, van Someren said. " That's absolutely reasonable, but in that context it's much like any other device on your network. There's not anything that's really specific to mobile about that.

Larry Whiteside Jr, chief security officer of the Lower Colorado River Authority:

"One pro for using threat intelligence for mobile security is just awareness and visibility," Whiteside said. "You don't know what you don't know until you know. Being able to correlate threat information with actual data from your mobile environment adds value to you as an organization, and adds value to you as a security team, as an operations group. You can begin to prioritize the things that you need to act on."

If you see 10 mobile devices that are acting in a funny way, but you can correlate, you have information coming back based on what they're doing that can correlate that against real threats that are happening, Whiteside said.

The complexity around threat intelligence is a con to Whiteside. He said there are multiple mobile OSes and devices interacting with enterprises as behind that complexity.

Threat intelligence and your mobile security

You can expect threat intelligence to continue as an emerging mobile security solution as mobile security vendors and even mainstream enterprise network security vendors. If you are considering using threat intelligence for mobile security, due your due diligence up front about the potential solution meets your mobile security requirements and consider heeding some of the pros and cons in this article.

See also:

By Will Kelly

Will Kelly is a freelance technical writer and analyst currently focusing on enterprise mobility, Bring Your Own Device (BYOD), and the consumerization of IT. He has also written about cloud computing, Big Data, virtualization, project management ap...