I'm researching an intrusion detection and prevention system that helps keep mobile devices safe by using network traffic behavior monitoring. In what cases would this be beneficial over a traditional network IDS/IPS?
Ask the Expert
Perplexed about network security? Send your network security-related questions today! (All questions are anonymous)
In short, traditional network IDS/IPS and mobile IDS/IPS are used in completely different ways. For example, a traditional IDS/IPS is typically installed at or near a network's gateway in order to inspect every packet that enters and exits the network. When a packet or set of packets that fits a pre-defined signature crosses its path, the packet can be either dropped or blocked.
In the case of mobile IDSes/IPSes, the majority of these systems reside on the mobile devices themselves, while a portion (usually the scanning engine) resides in the cloud. Once such a product is deployed, it begins learning the behaviors and tendencies of the mobile device that it is installed on, along with those of the mobile device's owner. Therefore, it may be said that it is providing a heuristic security approach to its mobile device customers.
A typical day in the life of a mobile device may result in it entering and exiting any number of different networks, all with different security postures and different gateway security deployments. For example, a device may log into a coffee shop network in the morning. Two hours later, the same device may log into a corporate Intranet. Afterwards, the device may simply communicate via cellular signal. Then at the end of the day, the device may log into its owner's personal Wi-Fi network.
As this example illustrates, protecting mobile devices with traditional IDSes or IPSes is only partially feasible and depends greatly on the network environments that each device is exposed to. It would be greatly beneficial for mobile devices that connect to multiple networks to have a mobile IDS in place that will offer a far more comprehensive security posture.
This was first published in February 2014