Safeguard Mobile Devices with Symantec Endpoint Protection Mobile Edition

For large enterprises, preventing viruses and Trojans from compromising the integrity of mobile devices is no small task. Management of mobile devices on a large scale requires policy enforcement and configuration control. If your mobile devices run on Windows Mobile or Symbian OS, Symantec’s Endpoint Protection Mobile Edition may be just what your organization needs to keep its mobile workers operating securely.

Symantec acquired Altiris specifically for the purpose of adding this product to its lineup. The integration of the Symantec Management Platform with Symantec Endpoint Protection, Mobile Edition allows security administrators to configure security policies and implement from a centralized administrator’s console. To manage any type of technology platform, you might expect that for any leading enterprise application.

The Cool Features

Mobile phones and mobile devices are generally susceptible to Trojans and viruses in the same way that laptops and workstations are susceptible. Additionally, if data is stored on the mobile device, it is vulnerable to being exploited if proper safeguards are not in place. Like on a laptop or workstation, sensitive company information should be encrypted and perimeter protection should be in place to serve as a firewall security barrier from Internet based attacks.

 Symantec Endpoint Protection Mobile Edition has the ability to encrypt files, scan for viruses and Trojans, block Internet threats, inventory all the devices, and log policy violations and other activities. An additional add-on, Symantec Network Access Control Mobile Edition, extends the security by adding on a firewall and additional host integrity checking safeguards. The Network Access Control add-on checks the integrity of the device before it connects to the enterprise network.

Mobile Devices Are Bound to Get Lost

Mobile workers tote their wireless phones and handhelds around everywhere and therefore, it’s quite common for even responsible users to lose these devices. According to the 2010-2011 Computer Crime and Security Survey published by the Computer Security Institute, 33 percent of the respondents experience loss or theft of their mobile device. According to the Ponemon Institute, only a third of all laptops lost at airports are reclaimed. I’d say it’s a safe bet that that statistic holds true for all mobile devices including smart phones.

Since it’s quite possible for a mobile device to fall into the hands of an unauthorized user, the device needs to be able to authenticate authorized users prior to giving them access to sensitive information. The Mobile Host Integrity policy determines if the integrity of the devices has been compromised prior to giving the device access to the corporate network. Administrators can configure the software to prevent access to the corporate network if any security policies have been violated.

Firewall Offers Predefined Rules

Firewall rules are configuration settings that tell a device whether to block or allow a particular service through a TCP or UDP port. With Symantec Endpoint Protection Mobile Edition, administrators can configure custom rules, or use a predefined set of rules for protection levels designated as Low, Medium, or High. An example of a few of the rules that are part of the High protection level predefined set are found in Table 1. Administrators can start out with a predefined rule set, edit it and customize it and make it their own.

Table 1. Subset of Rules for High Protection Level Configuration

Rule Name

Direction

Rule ID

Protocol

Local     Port

Remote Port

Allow DHCP client

Both

15

UDP

67

68

Allow IKE

Both

16

UDP

53

*

Allow IPSec NAT-T 10000

Both

31

UPD

10,000

10,000

Allow HTTP

Outbound

20

TCP

*

80

Allow HTTPS-TCP

Outbound

23

TCP

*

443

Allow POP3

Outbound

50

TCP

*

110

Allow ActiveSync Time Server

Both

9

TCP

5678

*

 

Unique Features for Lost or Stolen Mobile Devices

Over the air deployment is one of the best features of Symantec Endpoint Protection Mobile Edition. Administrators can deploy policies on their enterprise configuration to all corporate users without a need for the mobile devices to be connected to a desktop. Through the Remote Control administrator window, administrators can remotely control and view the mobile device. End users can continue to use their mobile devices while the IT department is performing updates.

Aside from performing updates, administrators can push out new apps for the mobile devices, perform an enterprise inventory, and execute programs all remotely. Administrators can also use Symantec Endpoint Protection Mobile Edition to setup anti-virus scans remotely on a schedule, or after a particular user action has occurred. Infected files can be quarantined, deleted, repaired, or have access denied to them.

If a mobile device is lost or stolen, Symantec Endpoint Protection Mobile Edition has the ability to communicate with the lost device and obtain a list from it of all the files that were last accessed. It can request the lost device to send this list back to the management console encrypted and without the knowledge of unauthorized users. Further it can disable the device remotely, or simply remove the sensitive data, but allow a thief to continue using the device for the purpose of tracking and identifying the thief.

Extensive Logging Features

When you lose a mobile device, that is a security incident. Without logging capabilities, it’s hard to respond to the incident. With Symantec Endpoint Protection Mobile edition, the mobile devices can be configured so that they automatically upload their device event log to the management server. The management agent includes a Mobile Security Status Dashboard that continually reports security events over the air to the dashboard.

By using the dashboard, administrators can determine whether any sensitive information has been compromised or not which has the potential to close the incident much more quickly. The logging features are also ideal if you are trying to satisfy NIST auditing standards for the purpose of FISMA compliance.

Who Needs Symantec Endpoint Protection Mobile Edition?

Symantec Endpoint Protection Mobile Edition is ideal for road warriors, teleworkers, and every day business users who have sensitive information that they need to protect. IT organizations that issue large numbers of Windows Mobile or Symbian OS devices and need to provide centralized management will find that the software enables them to protect their information, protect their devices, and protect their systems and networks all-in-one.

Windows Mobile and Symbian mobile devices can now be managed with essentially the same important security features known to BlackBerry devices. Traditionally, businesses that worried about security usually selected BlackBerrys due to the built-in enterprise security features. Today, businesses now have more choices when deploying mobile devices. Taking into consideration a Windows Mobile or Symbian OS based enterprise smart phone solution is now worth a second look.

 

TAGS:

security, mobile, smartphone, Symantec, mobile security

Comment and Contribute



    (Maximum characters: 1200). You have 1200 characters left.