How data and machine learning are turning the tables on mobile attackers

Mobile devices are powerful, highly fragmented, personal, and portable. They connect to a huge range of networks and download a flood of information, and software in the form of apps at an unforeseen velocity and scale.

While this has increased the surface area of possible attacks, presenting a host of new security challenges for businesses, it has also created a deluge of mobile data that, when analysed through machine learning, could be the difference between a breach and a prevented mobile attack.

Take a glass half-full approach and you’ll realise that the very ubiquity of smartphones and vast volume of information they process create a new opportunity for security. In this ocean of big data, it’s important that companies don’t miss important security signals amid the noise.

> See also: How to tackle the 7 mobile app security deadly sins

The future of mobile security in the enterprise will use big data and machine intelligence to turn the tables on mobile attacks.

What’s wrong with the way we protect our systems now?

Simply put, traditional signature-based and behavioural-based detection strategies, popularised by PC anti-malware solutions of the 1990s, are no longer sophisticated enough on their own to protect against advanced mobile threats of today.

Standalone signature-based security is antiquated. Malware authors have long-since learned that if you change a very small piece of your malicious app’s code you’ll be able to trick anti-virus detection that relies on signatures.

A behavioural-based security is better, but also not enough on its own. It’s like putting code into an isolated environment and poking it with sticks to see what it does. If it does nothing it’s safe, right? Wrong. Malware authors innovate and have developed ways to hold back their malicious behaviour while living in these virtual behavioural detection systems and begin exhibiting bad behaviour only once the coast is clear. Behavioural analysis only catches lazy malware developers.

But we are now witnessing the transformative impact predictive analytics and big data can have, when used intelligently.

So, what’s this predictive bit?

To be predictive you need to have insight into the whole world’s mobile code. Predictive security takes into account both signature- and behavioural-based analyses, but adds in a layer of machine intelligence.

The machine intelligence compares any new code to the existing dataset of the world’s mobile code and is able to then predict what will happen based on what has already happened. It takes into account what bad code and bad behaviour looks like and then matches it to potentially bad apps so that an attack can be stopped before any harm is done.

For example, predictive security, in using both machine intelligence and big data can begin to see and understand the styles of coding that an attacker might use. Just like any artist, an attacker may simply have a way of doing things, in the same way a painter might have a style.

When an attacker builds a piece of malware, but signs it with a different signature and holds its malicious behaviours back, it tricks traditional signature- and behavioural-based security methods, but the predictive layer may be able to detect similarities in the code that send a up a red flag: ‘This looks similar to some bad stuff we already know about! It’s not quite the same, but you should watch it anyway.’

Without this data – or the machine intelligence used to process it – security technology will never mature to the point where it can predict when an app is about to go bad.

What now?

The reality is mobile malware in the enterprise is on the cusp of some major change. In fact, a recent study from BT states that mobile breaches affected 68% of global organisations in the last 12 months. I can think of a few threats that corporate networks should be paying attention to right now: Wirelurker, XAgent, and NotCompatible.

> See also: Mobile data security: finding the balance

This reactionary security landscape is not working and as threat vectors continue to open, we’ll need to start thinking about security from a macro and micro level. The sheer scale of mobile fundamentally changes the way security needs to be approached in the connected world.

We need get ahead of the curve, and start thinking about how we can predict threats. Combining big data with machine intelligence is certainly a step towards allowing the security industry to develop agile, machine-driven analytics which can identify threats before they do harm. 

Sourced from Aaron Cockerill, Vice President, Enterprise Products at Lookout

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...