Content

Network-level protection is better than device patches for SMS vulnerabilities.

FOR

Mobile devices have become the primary medium for business and personal communications. Mobile spam, as a relatively new means of duping unsuspecting users, can spread quickly so immediate action must be taken to protect users. For many reasons, patch management and client side application are not the solutions for SMS vulnerabilities.

First, the process of getting millions of subscribers on the network to update their devices to the latest patch level or security applications, across multiple smartphone operating systems is ominous. Second, some devices don't even support over-the-air provisioning – leaving users to manually upgrade their devices. This process can take months which leaves users vulnerable to serious attack.

Solutions that provide SMS protection in the network infrastructure could immediately prevent these attacks for all network users. Network level solutions are able to block malicious SMS messages before they are sent to the device, preventing the messages from even being delivered.

– Jamie de Guerre, CTO, Cloudmark

AGAINST

Defense-in-depth is widely accepted as the proper way to approach security. To argue that network level protection is better than device patches for any vulnerabilities is to promote single point of protection over defense-in-depth.
While network level security does make sense and has a place, it would be absurd to not fix a device vulnerability in the mistaken belief that network-level security is infallible. Whenever and wherever software is found to have exploitable vulnerabilities, the problems need to be addressed immediately, rather than ignored.

There is no perfect security in this world, but when your first line of defense is also your last line of defense, it is not a good position to be in.

There is no doubt that the network has a critical role to play in preventing malicious SMS attacks. However, anything that can be done to make the devices themselves more resilient to such attacks enhances overall security, and that is a good thing.

– Randy Abrams, director of technical education, ESET

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.