"We have seen a number of mobile threats that act as bots, for example," says Oliver Friedrichs, senior VP of the cloud technology group at Sourcefire, explaining one of many risky scenarios posed by unchecked BYOD. "So, mobile devices connect through your corporate network through command-and-control servers. When you have a compromised device on your internal network that's already bypassed your firewall, you have all of the inherent problems that something can bounce through that device and use it as an entry point into the corporate network."
According to the recent InformationWeek 2012 Mobile Security Survey, 86% of organizations support or plan to support BYOD. However, the survey also showed that only 20% of organizations say they have systems to detect malware on all their device platforms. Even more startling, another survey conducted by SANS Institute this spring showed that just 9% of organizations have complete confidence in their knowledge of what devices have access to all of their IT resources.
This lack of control may already be manifesting its consequences within enterprise IT. According to Ponemon Institute's Global Study on Mobility Risks report released earlier in the year, 59% of organizations say they experienced an increase in malware infections during the past 12 months as a result of insecure mobile devices.
"Based on what we found, some CIOs need to put the brakes on BYOD initiatives until they can get policies and education in place," warned Michael Finneran in the InformationWeek report on the 2012 Mobile Security Survey results released last month. "Giving users a green light to use their own devices may provide a morale boost, but it's a potentially costly one if corporate data falls into the wrong hands."
Sourcefire is hoping to help enterprises change their BYOD policies and gain better control over their devices with the introduction this week of two new mobile products, FireSight and FireAmp Mobile.
FireSight gives organizations better visibility into the number and types of devices connecting to network resources, be they iPhones, iPads or BlackBerry or Android devices. It also offers insight into the applications they're running and inspects mobile protocols to identify vulnerabilities and potential attacks through these apps.
Meanwhile, FireAmp Mobile extends the existing cloud analytic engine introduced by Sourcefire earlier this year to offer real-time detection of new threats.
"One of the challenges that we saw with our customers is that they have up-to-date network security, they have up-to-date endpoint security, but they're still seeing advanced malware threats that are bypassing those layers of defense. That's largely because detection rates for endpoint security today are hovering around 50%, which means that your chances of blocking a threat are no better than a coin toss," says Friedrichs. "What we've done with FireAmp is we've used a big data analytics approach and a cloud-based approach to monitor devices for all new files that are being introduced into the environment."
The new FireAmp Mobile is designed to examine not just PCs, but also mobile devices for potentially malicious applications, particularly those running on the open Android platform.
"The ease by which applications and particularly malicious applications can be distributed to the android user base is relatively easy because of the distribution model," says Friedrichs. "At the same time, there's now a large captive audience and user base that can be targeted by Android-based threats. Making it even easier is the fact that most phones and deployments are tied directly into billing systems, which means that attackers have a way to monetize their threats relatively easily."