Lookout Mobile Endpoint Security has worked with Microsoft to connect through APIs the functions of Lookout to act as a signal for device compliance, thereby supporting Conditional Access based on the health of applications installed on the device.
Lookout Mobile Endpoint Security features
Protection from app-based risks – Lookout’s app analysis technology is powered by intelligence from over 50 million iOS and Android apps.
Protection from web and content threats – The mobile device opens up new routes attackers can use to gain access to users’ credentials beyond corporate email. Lookout alerts users to phishing attempts from any source on a mobile device including:
- Phishing emails on personal or corporate accounts
- Text messages with shortened links to malicious websites
- Browser URL addresses that are obscured
- Apps containing URLs that download malicious plug-ins
Protection from device-based risks – the built-in security of the operating system can be bypassed. Lookout creates a fingerprint of each mobile device and compares it against the 150 million devices in our security platform to identify anomalies and risks.
Protection from network-based risks – By analyzing network connections from our global sensor network, we effectively mitigate false positives while detecting high impact threats.
What is Mobile Threat Defense
Mobile Threat Defense allow you to leverage your chosen Mobile Threat Defense vendor as a source of information for your compliance policies and conditional access rules. This allows IT administrators to add a layer of protection to their corporate resources such as Exchange and Sharepoint, specifically from compromised mobile devices.
Companies need to protect sensitive data from emerging threats including physical, app-based, and network-based threats, as well as operating system vulnerabilities. Historically, companies have been proactive when protecting PCs from attack, while mobile devices go unmonitored and unprotected. Mobile platforms have built-in protection such as app isolation and vetted consumer app stores, but these platforms remain vulnerable to sophisticated attacks.
Mobile Threat Defense and Intune
The connector protects company resources by creating a channel of communication between Intune and your chosen Mobile Threat Defense vendor. Intune Mobile Threat Defense partners offer intuitive, easy to deploy applications for mobile devices, which actively scan and analyze threat information to share with Intune, for either reporting or enforcement purposes.
If enabled, Intune collects app inventory information from both personal and corporate-owned devices and makes it available for Mobile Threat Defense (MTD) providers to fetch, such as Lookout for Work. You can collect an app inventory from the users of iOS devices.
This service is opt-in; no app inventory information is shared by default. An Intune administrator must enable App Sync for iOS devices in the service settings before any app inventory information is shared.
Lookout mobile is installed and run on mobile devices. This app captures file system, network stack, and device and application telemetry where available then sends it to the Lookout cloud service to assess the device’s risk for mobile threats. You can change risk level classifications for threats in the Lookout console to suit your requirements.
The compliance policy in Intune includes a rule for Lookout Mobile Threat Defense based on Lookout risk assessment. When this rule is enabled, Intune evaluates device compliance with the policy that you enabled.
Conditional Access is the name given by Microsoft to the range of capabilities that provide protection for your data on devices which are not under your full control. By allowing access to that data only on devices which are compliant with your company policy, you can have greater assurance that the data on those devices is protected. Conditional Access can regulate access to Exchange On-Premises, Exchange Online, SharePoint Online, Skype for Business Online, and Microsoft Dynamics Online, as well as any SaaS app which you have configured through the Azure App Gallery.
Lookout Machine Learning
Lookout has over 100 million devices providing input into machine learning, backed up by an investigative team, to review the millions of apps available to users throughout the world. Lookout provides intelligence on the applications your users are using – particularly those apps which you are not providing to your users.
Lookout has analyzed over 50 million apps for all dimensions of app risk.When Lookout recognizes a risky app on the device, it immediately notifies the user of the issue and recommends a remediation. At the same time, Lookout notifies the Lookout console and the Microsoft Intune system. Lookout also monitors the device for compromised networks and for OS based risks. Lookout will pass a risk level to Intune, based on the risk level for each type of risk that you provide in the Lookout console.Based on this risk level, Intune will invoke a Conditional Access response, blocking data access and apps on the device, and marking the device as non compliant in the Intune console.SaaS apps may be configured in the Azure App Gallery to require a compliant device, and thus access to those apps would also be blocked on the affected device. Lookout interacts directly with your user on their device with no action required by IT when a problematic app is installed on the device. The user is informed what type of risk the compromised app presents and makes recommendations for remediation of the issue.
Lookout integrates with Intune to provide another signal to indicate the health of the apps on the protected device. Lookout not only helps protect your corporate data, but also helps protect your user from leakage of their personal information, apps that over-share data, and apps that may put the user’s device at risk in other ways.Lookout enables you to protect against non-compliant mobile apps that pose a data leakage risk.
Why Lookout Mobile Threat Protection?
Billions of devices are daily connecting to corporate environments and downloading mail without being actually being managed by the company via a Mobile Device Management solution like Intune. Those devices can be rooted, jailbroken and numerous of malicious mobile applications can be installed from the different app stores or directly side loaded to the device. Even if a device is managed through an MDM solution, administrators cannot really control what apps are installed or not. What they can check if a device is rooted, jailbroken or when some security settings are not compliant.
Lookout and Intune
Lookout did already integrate with other vendors like MobileIron, as the third major vendor Microsoft Intune is been added to the list. In short the integration between Intune and Lookout MTP will bring us conditional access based on if a threat has been found and what severity the thread is. Lookout integrates with both Azure AD and Microsoft Intune, more on this in the next blog about the architecture of the solution.