IBM J. Res. Dev

Passive security intelligence to analyze the security risks of mobile/BYOD activities

View publication


As enterprises embrace mobile technologies and enable their employees to bring their own devices, traditional security mechanisms are challenged by the col-location of personal and business activities on employee-owned mobile devices on the enterprise network. This presents a new risk to enterprises as employee-owned devices can now be used as stepping stones for bypassing traditional enterprise perimeter security. Current Bring Your Own device (BYOD) programs usually either do not manage employee-owned devices or are limited by self-enrollment and device heterogeneity challenges. In this paper, we introduce a novel, nonintrusive big data analytics methodology to obtain visibility into mobile device usage. At the heart of the methodology is an inference algorithm that uses a dynamic decision tree in near real-time to fingerprint mobile devices and their usage by analyzing passively collected network data. Information, such as device type, device model, and operating systems/versions, as well as applications and their patch level, can be inferred - all without an agent installed on the devices. We correlate such information with supplemental security intelligence (e.g., vulnerability information) to discover previously unknown mobile devices on an organization's network and to establish their security posture and risk. Our evaluation on a major corporate network indicates that mobile devices can be reliably identified while mitigating their potential threats, thus demonstrating that our methodology provides valuable insights to enterprise security administrators.