Symantec Mobile Threat Defense: Prevent Mobile Phishing with Advanced URL Reputation

SEP Mobile uses web intelligence and URL reputation from Symantec’s WebPulse to protect organizations from mobile security threats

The evolving use of the Internet over the last few decades has brought with it immense opportunity to improve the way organizations communicate, work and access information. But with opportunity also comes risk: malicious actors are increasingly transmitting sophisticated malware, fraudulent content, and other security hazards across web-based links and apps, with user data and privacy hanging in the balance.

The risk to enterprise is compounded by the upsurge in mobile usage. Employees are increasingly demanding the ability to work from anywhere and on their preferred devices, with corporate resources being accessed more and more outside of the corporate firewall. This opens organizations up to additional attack vectors over which they may have little visibility or control, such as risky or malicious content accessed by employees on their mobile devices. As Verizon’s 2019 Mobile Security Index points out, employees are more likely to click on a phishing link on their mobile device than on a traditional endpoint. They readily grant apps excessive permissions that can be exploited, or they install apps from pirate app stores which can contain malicious code. They even access inappropriate, and sometimes unsafe, content such as adult, illegal, or gambling sites on their mobile devices.

With the sheer number of websites and apps available today, how can organizations and their mobile users navigate the murky waters of what is safe and what is not? Solutions exist that apply standard web security and URL filtering to mobile to protect against risky content threats, but these solutions are fraught with inaccuracies and false positives. The answer to addressing these risks lies in web intelligence – the deepest and most robust web threat intelligence in the world. In fact, any organization that cares about protection from mobile phishing and malicious apps must ask itself: do we have the best intelligence to combat these threats?

Powerful URL reputation for mobile

For the most effective protection against mobile threats, enterprises need intelligence based on the wisdom of the crowd and powerful web security technology. Symantec’s Modern OS Security team offers this by integrating Symantec Endpoint Protection Mobile (SEP Mobile), our enterprise mobile security solution, with Symantec’s WebPulse infrastructure, which provides unparalleled web threat intelligence.

Containing over a decade of data – longer than any other cloud security solution – WebPulse draws on the experience of real users who, together, access tens of millions of websites daily. Crowd-sourced intelligence comes directly from WebPulse’s integration with security products across Symantec’s entire portfolio, including its endpoint, email, web and mobile security solutions. These products generate 8 billion web requests every day, enabling WebPulse’s systems to more accurately identify traffic patterns and rate URLs.

The WebPulse framework also leverages inputs from the Symantec Global Intelligence Network (GIN) – the world’s largest civilian threat intelligence database to deliver the fastest and most accurate website categorization and risk assessment in the market. The GIN is fed by threat information from more than 175 million Symantec Endpoint Protection users and 3000 threat researchers and engineers.

WebPulse’s analysis of URL requests is performed in real-time and users receive feedback in milliseconds. URL category information is used to allow or block a request and can be utilized by organizations to create granular polices for web access.

SEP Mobile extends the power of WebPulse’s URL reputation to modern endpoints, ensuring they receive the same level of protection as traditional endpoints. Employees can safely access the web and apps on their mobile devices, without having to worry about false positives and productivity or latency issues, and organizations reduce the risk that devices will bring malware into the corporate network.

Use Cases

Organizations can leverage SEP Mobile’s integration with WebPulse to protect against various mobile threats, such as:

SMS phishing : SEP Mobile analyzes URLs in incoming SMS messages and uses WebPulse to receive a classification and risk score in real-time. If a link is determined to be malicious, the message is automatically placed in the “SMS junk” tab on iOS devices, so SMS phishing messages are blocked even before an end-user engages with them. On Android, users will be alerted to the risk, enabling them to delete the message from their device.

In addition to using WebPulse to determine the reputation of URLs sent in SMS messages, SEP Mobile can provide another layer of protection through text analysis. Using machine learning, we built a model that can quickly identify suspicious words and patterns in messages, helping us better understand the context and intent of the sender. By looking at both URL reputation and the contextual information of the message, we increase the accuracy of identifying SMS phishing, thereby reducing false positives and negatives.

Leave a Reply