Overcoming BYOD Security Challenges with Flow-Based Monitoring

Mobile devices are expected to exceed PCs in both shipments and spending this year. As commercial devices trend towards being more stylish and sophisticated, employees are growing to expect universal access to workplace resources from any kind of device, whether that be a smartphone, tablet or laptop.

The bring-your-own-device (BYOD) movement has substantial efficiency and financial benefits. However, with the immense amount of devices flooding companies’ networks, it is creating a number of serious problems for IT administrators who are still coping with the fact that the attack surface has expanded while the efficacy of perimeter defenses is diminishing.

According to data from Aberdeen, IT consumerization is flourishing, with 75 percent of companies currently allowing employee-owned smartphones and/or tablets to be used at work. However, more than 50 percent of U.S. information technology leaders say that employee-owned mobile devices pose a greater risk to the enterprise than mobile devices supplied by the company.

There are many challenges facing corporations as a result of BYOD, including:

- Scarce knowledge of each device type, operating system, and patch level

- Limited control over policies governing which resources each device can and cannot access

- Incomplete information about who owns the device

- Lack of visibility into what the device is doing on the internal network and how confidential data is moving around

- Little understanding of the impact of the device on the network

Administrators are struggling with the decision to either provide the business and employees with the resources they are asking for, or to provide a secure, locked-down environment. To balance out these risks with the business benefits of BYOD, organizations must adopt a more effective mobile security strategy.

To compound the problem, mobile users often circumvent corporate security policies and safeguards to gain convenient access to resources, and it is too cumbersome – and often impossible – to install and manage security software on every new device that enters the network. Unfortunately, traditional threat detection mechanisms such as antivirus, IDS/IPS and other probe devices quickly become cost prohibitive, ineffective and unfeasible within a BYOD environment.

To overcome BYOD challenges, IT administrators need real-time visibility into every single thing a mobile device is doing on the network. Without that, it is impossible to effectively ensure that the device is not accessing confidential, privileged data or carrying malware that could spread to other assets, for example. The best way to regain this total visibility is to utilize the existing network. The network knows about every transaction crossing it, and it can provide this information through the “flow data” inherent in routers, switches and other network infrastructure devices

The use of flow data to monitor network and host activity provides a cost-effective solution for analyzing the behavior of mobile devices. With flow data, organizations can proactively detect issues stemming from any device on the network without having to install additional software on the devices or deploy expensive probes.

Next-generation, flow-based monitoring solutions can detect both externally-launched, zero-day attacks such as botnets, worms or advanced persistent threats that bypass perimeter defenses, as well as internal risks such as network misuse, policy violations and data leakage. The clock is ticking for companies and IT administrators to re-evaluate and strengthen their mobile device security tactics to fit evolving network infrastructure and enterprise needs.

While traditional defensive strategies are losing their efficacy amongst a constantly-changing security environment, emerging solutions are leveraging existing infrastructure to provide end-to-end security monitoring for any device that enters the network. These next-generation solutions are empowering enterprises to regain the network visibility they need to maintain superior levels of security in light of IT consumerization and BYOD.

Joe Yeager is director of product management at Lancope. Prior to Lancope, Yeager was a Product Manager for Hewlett-Packard in its Application Security Center division.

Like this article? Please share on Facebook and give The Tech Herald a Like too!