Secure gateway solutions have been traditionally deployed to desktop and corporate environments since the dawn of the internet. However, most people have known them as Secure Web Gateways which are implemented as proxies or VPNs located on the network at the perimeter.

Mobile devices have become as powerful as traditional desktops, but this growth has been met with a fast moving threat landscape for exploiting them. Therefore, Secure Web Gateway Technology has needed to evolve to account for the different form factor of a mobile device – its different use cases, its different methods of connectivity and its various operating systems, etc. But much of the basic SWG technology still applies.

Why use a Secure Mobile Gateway?

These can be used for many different reasons and can often be customized to an organization’s environment. The main use-cases for implementing a Secure Mobile Gateway are:

  • Securing devices from phishing, spam, and malicious network traffic
  • Preventing personal identifiable information leaks (via unencrypted network traffic) from mobile applications and browser activity
  • Blocking unapproved content such as adult, gambling, and illegal websites and apps
  • Providing insights into corporate data usage and an understanding of employee productivity on mobile devices

Today, nearly every organization deploys a traditional Secure Web Gateway via a proxy or gateway service on their internal network, providing them with threat remediation and controls for corporate traffic and resources.
These use-cases are especially relevant to mobile devices today. As employees have migrated to an on-the-go style of working, remote access to corporate resources and security of mobile data have become more important.

Secure Mobile Gateways unpacked

Much like the traditional Secure Web Gateways which are implemented today, Secure Mobile Gateways rely on similar technologies which have been optimized for mobile devices.
Though the architecture has remained relatively the same, there are new considerations to take into account which pertain to mobile devices. To name a few – battery life, the performance of a device, and the overall end-user experience are critical to ensuring successful adoption. Therefore, these factors must be taken into account when implementing Secure Mobile Gateway technology.

Security Impact of SMGs

Data security is just as essential as overall device security, which is why Secure Mobile Gateways focus on the data security aspect of corporate devices. As SMGs are gateway based solutions that take in and process data from the mobile device, they can actively block the most severe security threats, preventing the users from interacting with them in the first place.
There are two main ways in which an SMG can automatically block attacks of this nature. The first and most basic approach is via a pre-populated list of known malicious domains or IPs. An SMG can block these requests and this prevents the user from being able to access the host website, ensuring they are never exposed to the threat to begin with.
However, it takes as little as four hours for a mobile attack to evade detection by changing the IP or domain name they are being hosted on, so the list approach is less than ideal. Mobile attacks (such as phishing or malware) are prevalent and can be generated and adapted quickly, which requires the SMG to respond in a more predictive manner and detect zero-day threats never before seen in the wild.

The importance of machine learning in Secure Mobile Gateways

The SMG must incorporate aspects of machine learning to accomplish zero-day threat defense. The machine may take into account multiple factors of the device and network state such as:

  • User behavior via the services accessed on the device
  • The OS running on the device and if it is more vulnerable to attack due to the current version or type
  • Device configurations and the ability to detect vulnerabilities present in the settings established on the device
  • Apps found on the device via app inventory scanning as well as app network activity
  • Network infrastructure scanning via joining of Wi-Fi networks and performing SSL certificate checks for risky networks and MitM attacks
  • App store to ensure public apps are vetted. This is critical as Apple does not check security of apps uploaded and the Google Play Store is free for any individual to upload an app to

Although Mobile Threat Defense solutions can help with detecting and remediating threats detected on the device, many do not provide a Secure Mobile Gateway and thus do not support active blocking of threats via this medium.Dan Cuddeford, Director of Sales Engineering at Wandera

There are also several instances of machine learning algorithms and methods which should be utilized by an SMG. Those among them which are critical and highly recommended in making educated decisions on the above data inputs are as follows:

  • Neural Networks – A very broad class of ML algorithms loosely based on imitating a biological brain. This is responsible for several recent breakthroughs especially in image processing and language translation
  • Clustering – A method of attempting to divide a set of samples into different groups such that samples in the same group are more similar to each other than samples in the other groups
  • Support vector machine – A binary classification algorithm that works by finding the dividing line between two types of input samples
  • Anomaly detection – A broad class of problems in machine learning and statistics about finding samples that are different from the norm. This can include unusual periods in time, users, apps, data consumption, etc.
  • Predictive Analysis – The field of making predictions about the future based on current data by whatever method – be that holistic or partial statistics analysis
  • Markov models – A predictive model in which a system can be in one of a certain number of states and the probability of future states depends only on the current state

With these considerations of machine learning in mind, there are several threat categories secured by an SMG. they include phishing, malware network traffic, cryptojacking, unencrypted data leak, third-party app downloads, and spam. Although the implications of these threats vary, they originate and reside on the network layer of the OSI computer model, which is where an SMG technology must also reside for detection and remediation.
[text-blocks id=”security-systems-guide”]