Detect and Prevent Android Malware with 2X MDM

3
Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Email this to someonePrint this pagePin on PinterestShare on TumblrBuffer this pageShare on RedditShare on StumbleUpon

With the rise of BYOD being widely adopted by countless organizations, the uncontrolled distribution of corporate network access to unmanaged devices includes the risk of exposing other corporate devices as well as sensitive internal information to malicious third parties.

With such a large selection of applications available at the thumb taps of mobile device users, cybercriminals have exploited this market by posting malware spreading apps.

2X MDM provides administrators with the ability to enforce application control policies and further monitor applications retained on these devices, to if not circumvent a security breach altogether, monitor applications installed on these devices and further action on application control violations where necessary.

Let’s walk through a ‘How-to’ guide for securing your corporate network against such threats on newly connected devices.

Configure Application Control to the Default Group Policy

Once a new device has successfully connected to a 2X MDM account, it shall automatically be added to the default group policy and settings pushed out to the device. This policy should be set to either weed out many of the currently know threats, or define applications allowed on connected devices.

Let’s take a look at the steps involved in both weeding out undesired applications by setting an application blacklist  or defining the applications allowed by the corporate network by setting an application whitelist:

Blacklist

    1. Log in to the 2X MDM portal.
    2. Navigate to the ‘Group Policies’ node and select ‘(Default)’ .
    3. Click on the ‘Application control’ tab.
    4. Select the ‘Blacklist’ radio button to add apps to the blacklist or ‘Whitelist’ radio button to add apps to the whitelist.
    5. Click the ‘Add Application’ drop down.
    6. Select the source that applications shall be added from (APK, Google Play, App Store etc.).
    7. Select or enter the applications you would like to add to the blacklist and click ‘Add’.
    8. If you want to add applications from several sources, repeat steps 5-6.
    9. Once you have added all of the necessary applications, click ‘Apply’ to implement the application blacklist to the ‘(Default)’ group.

App Management

Once connected, the 2X MDM client application shall notify the new user that applications need to be added or removed. An email shall also be sent to the 2X MDM account administrator which includes information regarding applications installed on the device which violate the set whitelist/ blacklist.

The default group should cater for generic app management when connecting new devices, before further adding these devices to specific group policies, fine tuned for specific roles.

Monitor Application Pool

Application Pool

Apart from that, you may further review a list containing all of the applications installed on all connected devices by navigating to the App Management Group and further clicking the Installed Apps node.

Remove Installed App

Should you locate a possible threat, either add this threat to the default group policy or delete directly from the installed applications node by following these steps:

  1. Select the application
  2. Click remove
  3. Click Yes

Note that applications installed by the manufacturer (pre-installed apps) may not be removed.

Review Device for Violations

Furthermore, checks may be performed per selected device to review if users are abiding by the set application control policy or not.

Application Control You may review this list by selecting a device and navigating to the ‘Applications’ tab following the next steps:

  1. Click ‘Devices’ node
  2. Locate and select a device
  3. Click the ‘Applications’ tab

Subsequently, pay special attention to the status column and further filter for specific results using the below contraints:

  • Ignored install – user selected the ignore option when prompted by 2X MDM to install app
  • Ignored Uninstall – user selected the ignore option when prompted by 2X MDM to uninstall app
  • Pending install – user has not yet selected the install option
  • Pending delete – user has not yet selected to uninstall/ delete application
  • Pending delete (Whiltelist) – user has not yet selected to uninstall/ delete applications which are not whitelisted

Congratulations! You can now put you mind at ease when adding new devices to your corporate network and should a threat arise, deal with it in an efficient and timely manner.

Sean Bianco is the marketing documentalist and technical writer at Parallels. With a bachelor’s degree in Information Technology and Networking and a three year background in software quality assurance testing and usability engineering, Sean is a subject matter expert in mobility and smartphone, app and device management. He is well-versed in developing technical articles and determining market trends. His excellent analytical and problem-solving skills, with emphasis on understanding relationships between technical problems, result in sound and effective business solutions.