Agentless Mobile XDR, a Real Solution for Mobile App Threat Defense
There’s a lot of buzz about extended detection and response or XDR, and it’s well deserved. XDR solutions provide a wide range of visibility, detection, and response capabilities in dealing with threats and attacks. But there’s a big catch when it comes to XDR for Android and iOS applications. Most mobile XDR solutions have a troublesome prerequisite – the need for an on-device agent in order to function. This blog covers the most challenging aspects of agent-based XDR products and details why agentless mobile XDR is the right solution for most mobile environments today.
What is XDR?
Gartner defines XDR as a “unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components.” XDR solutions attempt to consolidate cyber threats and alerts so that security analysts can make sense of the never-ending barrage of alerts they receive each day and prioritize (and presumably act on) the most important incidents.
What are Security Agents or XDR Agents?
Traditional mobile XDR solutions rely on a brute-force way to monitor and collect threat and attack data directly from the monitored mobile endpoints. They require the installation of ‘security agents’ or ‘XDR agents’ on the device, which need administrative control over the physical mobile device in order to function at all. Because these XDR agents gain administrative control over the physical device, they do make it easy for the XDR vendor to monitor a specific endpoint and detect suspicious or malicious activity. However, the necessity of an agent has kept XDRs out of the biggest market areas that matter most to mobile brands globally – namely, providing attack detection and response in consumer-facing mobile apps and mobile apps used for work on unmanaged mobile devices. Keep reading to learn why XDR-agents limit XDR applicability to your business.
Top 5 Challenges Solved by an Agentless Mobile XDR
Appdome’s agentless mobile XDR solution offers all the power of XDR in mobile without the need to install agents and control mobile devices, or overstep privacy regulations applicable to the remote workforce or mobile consumers. With Appdome’s agentless Mobile XDR solution, you can avoid the following challenges that plague agent-based XDR solutions:
Complexity & Support of XDR Agents
Mobile agents are separate mobile app products that require their own development, maintenance, support, and investment. These products are specific to a given XDR solution and also specific to the device, OS, firmware, or other physical characteristics of the mobile device that the XDR intends to monitor. They present another point of failure, cannot support all users, and may impact the usability of other mobile applications on the device. If you’re a bank, insurance company, food delivery app, rideshare, social media, chat app, or healthcare app, would you make your mobile app business dependent on a 3rd party app or agent? The short answer is, no you would not.
Poor Adoption of the Mobile Agent
As any mobile brand will tell you, getting users to download (and not delete) a mobile app takes a lot. Even the smartest brands spend a ka-jillion hours and dollars on branding and download campaigns for their mobile app to do just that. Now imagine, to implement an XDR solution, the XDR vendor tells you that their XDR requires the installation of an agent on your end users’ devices. Do you now spend time and money to get your users to download the XDR vendor’s agent app? Of course you would not. In an enterprise environment, agents are typically ‘pushed’ to the endpoint via some centralized MAM, MDM, EMM, UEM or other management systems. But in both the mobile consumer and unmanaged device use cases, no such system can be used. The free will of the device owner (ie: the mobile user) reigns supreme and, as a result, mobile agents will face poor adoption.
Mobile Permission Challenges for XDR Agents
A mobile XDR agent is a local, on-device, software program, or a standalone mobile application that requires administrative control over the end user’s mobile device to carry out functions on behalf of the XDR provider. However, on Android & iOS phones, the end user must grant the XDR agent app permission to exercise that control. In an enterprise context, particularly where the employer owns or provides the mobile device to the user (a rapidly declining use case), the IT department may be able to install an agent on the device and accept the permission on behalf of the enterprise. As an example, see the image below to gain an understanding of the types of permissions that an MDM agent requires in order to perform its functions.
In all other environments where the user uses a personal device, such (overreaching) permissions are typically rejected by the end-user or not allowed by regulation, even if the user agrees to download the agent mobile app. Without the required permissions, the XDR mobile agent app can’t function and is little more than a logo on the device.
When Users Turn Off the XDR Agent
As a mobile app developer or brand, let’s assume, for the sake of argument, that you can get users to download the XDR app/agent and grant the requisite permissions, a tall tale on its own. Since you don’t own or control the mobile consumer’s device, there is no way of ensuring that your agent/XDR app will stay active/open, and you won’t even know if the user deletes the app, which they can do at any time. The user can also revoke the requisite permissions at any time, which would render the XDR agent app useless.
And finally, in some mobile XDR apps, the app itself allows the customer to turn the mobile XDR agent off to allow the user to use other mobile apps on the device that the enterprise doesn’t need to manage (or isn’t allowed to manage). Once the user turns off the XDR agent, the enterprise now must campaign to users to turn the agent back on, and convince them why the agent is needed. Needless to say, while the XDR agent is off, attacks can and do happen.
Mobile Privacy Challenges for XDR Agents
A mobile XDR agent’s administrative actions can include taking device inventory, confirming the state of the device, tracking user actions, monitoring user’s use, and/or evaluating risks and threats to the device and networks. Tracking a user’s personal device will typically not be allowed by regulations, work norms, or corporate policy. For example, some Mobile XDR agents we reviewed use an abusive permission known as Query_All_Packages, which allows the agent to take an inventory of the apps on the device. Google banned the use of Query_All_Packages for privacy reasons. This presents a challenge for mobile XDR agents even if the user accepts the permission. And if this is not enough, look no further than the scrutiny Tik Tok and other apps that overreach on permissions are facing from regulatory bodies, culminating in efforts by the US Federal Government to break the company up.
With Appdome’s agentless mobile XDR, mobile brands and enterprises can avoid the need to install agents on or control devices, and also avoid overstepping privacy regulations applicable to the remote workforce and mobile consumers alike, and not to mention without annoying your mobile users – all with one single mobile app security solution. That’s a huge win for all parties involved.
How Does Agentless Mobile XDR Work?
ThreatScope Mobile XDR brings real-time attack and threat intelligence inside Android & iOS apps, eliminating the need for an external XDR agent or administrative control over the end user’s device. With ThreatScope Mobile XDR, brands and enterprises can combine the power of mobile attack and threat data, telemetry, and intelligence with “click-to-protect” agility inside Appdome’s mobile Cyber Defense Automation Platform. Mobile dev and cybersecurity teams get access to real-time attack data to make informed decisions, deploy the right protection measures, and ensure the security of each mobile app release. Today, ThreatScope gathers thousands of threat signals from mobile app security threats, hacking, fraud, malware, cheating, and bot attacks from inside each of hundreds of millions of deployed mobile apps, and translates that data into brand-relevant views that cyber, fraud, and business teams can use to evaluate and respond to mobile threats and attacks in real-time.
Appdome combines ThreatScope Mobile XDR with its in-app Threat-Events framework to create threat-aware mobile apps capable of responding to each threat and attack in real-time.
Want to learn more about ThreatScope Mobile XDR? Click the button below to request a free 20-minute demo.Request a Demo