Security For BYOD: Your Network Holds The Key

The constant evolution of consumer mobile devices has created a serious challenge for IT administrators. As employees clamour for the latest and greatest iPhone, iPad or Android device, they are also expecting to bring them into the office and use them for business purposes without any roadblocks.

It has been predicted that by the end of this year, the number of mobile-connected devices will exceed the number of people on earth. And according to data from Aberdeen, 75 percent of companies currently allow employee-owned smartphones and/or tablets to be used at work.

Unfortunately, the bring-your-own-device (BYOD) movement is leading to further demise of the network perimeter, while adding complexity to network infrastructure and substantially increasing the attack surface. This is rendering traditional threat detection mechanisms such as antivirus, IDS/IPS and firewalls less effective and, often times, unfeasible.

To compound the issue, mobile users are frequently circumventing corporate security policies and measures to obtain convenient access to business applications on whichever device they desire. And, unfortunately, it is too cumbersome – and often impossible – to install and manage security software on every new device that enters the network.

In a recent industry poll, half of the respondents reported that mobile devices increase overall network traffic on average by 50 percent. The survey respondents also indicated that as mobile device traffic increased on their networks, confidence in their organisation’s security posture decreased.

The main problems with BYOD are that most organisations have:

  • Scarce knowledge of each device type, operating system, and patch level entering the network
  • Limited control over the devices’ security posture because device owners have administrative rights and can add or remove programs
  • Incomplete information about who owns the device
  • Lack of visibility into what the device is doing on the internal network and how confidential data is moving around
  • Little understanding of the impact of the device on the network

Administrators are therefore struggling with the decision to either provide the business and employees with the resources they are asking for, or to deliver a secure environment to protect users and assets from attack. By utilising existing network infrastructure, organisations can effectively do both, obtaining visibility into every single thing a mobile device is doing on the network without having to install additional software on the device or deploy expensive probes. This way, they can allow employees to use the device of their choice without compromising network security or integrity.

The best way to regain this total visibility is to monitor and analyse every transaction crossing the network through the use of flow data. With flow data, organisations can proactively ensure that mobile devices are not accessing confidential, privileged data or carrying malware that could spread to other assets, for example.

Already inherent in routers, switches and other network infrastructure devices, flow data can cost-effectively detect issues stemming from any device on the network, including users’ personal smartphones, tablets and laptops. Flow data can uncover both externally-launched, zero-day attacks such as botnets, worms or advanced persistent threats,as well as internal risks such as network misuse, policy violations and data leakage.

Advanced flow-based analysis solutions can also trace issues to specific users and applications for greater contextual awareness, resulting in expedited incident response and more comprehensive forensic investigations. Other advanced features such as automatic threat prioritisation and mitigation further streamline troubleshooting, eliminating the need for manual analysis and saving organisations vast amounts of time and resources.

As consumer devices flood into corporate networks, now is the time for enterprises to re-evaluate and strengthen their mobile security strategies. While conventional defences are losing their efficacy amidst a rapidly-evolving technology and threat landscape, next-generation solutions like flow-based monitoring are coming to the forefront and enabling organisations to regain visibility and control over BYOD environments.

Joe Yeager is director of product management at Lancope, responsible for the innovation and advancement of the company’s six StealthWatch product lines. Prior to Lancope, Yeager was a Product Manager for Hewlett-Packard in its Application Security Center division where he oversaw WebInspect, an industry-leading Web application security solution. At Hewlett-Packard, he successfully brought large-scale product releases to a market of over 1,300 customers worldwide. Earlier in his career, Yeager was in charge of pre- and post-sales support for all international customers of SPI Dynamics, based in its London office. He holds a B.S. in Computer Science from the Georgia Institute of Technology.

Our latest thought leaders