Cisco: Antivirus Isn’t The Way Forward For Mobile Security

Cisco isn’t betting on antivirus solutions as the way to protect business’ smartphones, as the networking giant foresees too many mobile security and management headaches when it comes to deploying such software.

Chris Young, global senior vice president of Cisco’s security and government division, told TechWeekEurope today there is a better approach. Given that Young is from Cisco, it won’t surprise you to hear that approach is to look to the network to provide mobile security.

Mobile antivirus provides potentially troublesome burdens for IT teams, largely in managing deployments and the extra capacity needed to support mobile AV, Young said. There is no need to have security on the end-point, he said.

Again, not surprising. Before mobile devices were ever seen as a security risk, Cisco had spent nearly ten years trying to compete in the endpoint security market, with the Cisco Security Agent for desktops and servers, but abandoned the struggle and pulled the plug on the product in 2009.

Got 99 problems, but AV ain’t one

“The challenge we’ve got with mobile antivirus is that number one, it takes up a lot of CPU,” Young said. “If we had trouble keeping these solutions up to date on company enterprise-managed laptops, with the proliferation of mobile devices, that becomes an exponentially harder problem to manage.

“With the CPU on devices right now, to support a full-scale scan on one of them, I just don’t know if the traditional way we thought of anti-malware is going to work on a lot of these mobile devices today.”

With BYOD taking off, businesses now have to provide mobile security on employees’ devices and the best way to do that is not with mobile AV, but via the network, Cisco believes.

“We want to be able to provide customers with the ability to perform as much of the security element in the network as possible. That is the part that they can actually control,” Young added.

“Many of these mobile devices are going to be disposable and will be owned by individuals. We want to give organisations the ability to posture scan these devices and allow for secure browsing.

“We’re thinking about providing more security in the network or in the cloud so that you don’t have to rely on security being on the end point. The security can be delivered via the network.”

Whilst it might seem that Cisco is only casting doubt on mobile AV so as to promote its own network-based security kit, figures indicate that many remain unconvinced by the need for smartphone antivirus solutions.

One of Cisco’s chief rivals, Juniper, pushed out research yesterday showing that just five percent of all smartphones and tablets have mobile security software installed on them. Its report also claimed worker-owned smartphones and tablets used in the enterprise will reach almost 350 million by 2014.

Yet traditional AV vendors continue to push out mobile offerings. Just today, Finnish firm F-Secure launched a new version of its Mobile Security product, aimed at Android users.

AV vendors believe that they can profit in the mobile market by using the same model they made money from in the PC space. Many point to the significant rise in Android malware as justification for pushing their mobile AV solutions. In August, research from F-Secure claimed Android malware jumped 61 percent in just a quarter.

Not for business

In the consumer space, AV could still thrive, even if figures indicate the general public is not yet convinced. Juniper predicted that over the next five years one in five mobile devices will be protected by third-party security software.

But in the business sphere, another big prohibiter for mobile AV success comes in the form of Apple. The likes of Symantec, McAfee and Kaspersky continue to struggle to get their software on iOS – Apple’s massively popular mobile operating system. Earlier this year, CEO of Kaspersky, Eugene Kaspersky, complained to TechWeekEurope about Apple not allowing security software on iPhones and iPads.

That makes catering to businesses’ mobile needs rather difficult for those vendors. If antivirus can’t run on Apple machines, it is not a viable solution for a BYOD project, which has to support all kinds of devices.

Yet mobile device management solutions, which the likes of Cisco promote via partner organisations and are becoming increasingly popular, can operate perfectly well on iOS and other mobile operating systems. For its BYOD project this year,  the London Organising Committee for the Olympic and Paralympic Games (LOCOG) chose to go with Good Technology’s containerised approach to support its workers’ various devices. It did not rollout antivirus solutions on Olympic employees phones.

Mobile AV, it seems, looks set to struggle as the BYOD boom starts to make its impact felt.

Are you a security guru? Try our quiz!