Mobile Deployment Modes and Protection

In the Cybereason Mobile platform, you can utilize different deployment modes for connected mobile devices. These modes help you minimally protect the network traffic of your devices but also extend protection to threat detection of certain events on mobile devices.

In this topic:

Mobile device ecosystem and supervision levels
What deployment modes are available?
What type of deployment mode should I select?
Tamper-resistant protection
SIM tampering protection

Mobile device ecosystem and supervision levels

In today’s mobile device ecosystem, there are many different devices, and different levels of ownership and supervision. Device users in your company can have iOS or Android devices, depending on their personal preference or work requirements.

For each type of device, you can provide various levels of supervision:

Device type

Supervision available

iOS

For iOS devices, you can have supervised or unsupervised devices.

You make an iOS device a supervised device through the Apple Device Enrollment Program (DEP).

Android

Android have both partially managed and fully managed devices through Android Enterprise.

For fully managed devices, you can have:

Company-owned devices
Employee owned devices

For partially managed devices, you add a Work Profile to user devices. You can use the Work Profile for:

Company-owned devices
Employee owned devices

Before you select your deployment mode, you need to evaluate the devices in your organization and asses what types of devices you have and the required level of supervision you need.

For each device type and level of supervision, the effect on and the needs of the device user vary:

Device type	Supervision	Device user involvement
iOS	Supervised	The device user manages the settings and controls for the device. Through your UEM/MDM, you can install applications and profiles without the need for the device user to perform any actions. There are a limited number of permissions that require the device user’s approval.
iOS	Unsupervised	The device user is in full control of the device. You can use these devices with your UEM/MDM, which will give you partial control and visibility into the device. However, all required apps, profiles, and permissions required the full cooperating of the device user to perform the necessary actions.
Android	Fully managed	For company-owned devices, the device is in the control of the organization. In general, these devices are locked down and only used for specific actions. While the device settings and controls are managed by the device user, you can install apps and profiles without the need for the device user to take any action. A limited number of permissions will require device user interaction. For employee-owned devices, the device user is in full control of the device. Use of these devices requires manual steps by you and the device user.
Android	Partially managed	For both company-owned and employee-owned devices, the device uses the Work Profile. For employee owned-devices, the device user must install the Work Profile with the apps and settings required. For company owned devices, the profile installation is done automatically. The mobile sensor is installed inside the Work Profile. Both types of devices enable the device user to maintain control over device settings.

What deployment modes are available?

Deployment modes include:

Level

Details

Proxy

The proxy protection level provides a secure proxy for your mobile devices to access the network. Cybereason Mobile routes device traffic through the proxy to provide protection against network-based attacks.

Secure Access Layer (SAL)

This protection level extends the proxy protection and provides additional benefits:

The ability to create a secure network when needed, such as a type of network-based threat is detected
Detection of threats to the device based on certain activities

You perform the necessary setup and configuration for these modes with your Customer Success team as part of your onboarding process.

What type of deployment mode should I select?

To help you select the deployment mode you need, consider your device types, level of supervision, and the required deployment mode.

The table below indicates what deployment mode is supported for each type of device and supervision level:

Device type/supervision	Proxy mode supported?	Secure Access Layer mode supported?
iOS supervised	Yes	Yes
iOS unsupervised	Yes	Yes
Android fully managed employee owned devices	Yes (with Samsung Knox)	Yes
Android fully managed company owned devices	Yes (with Samsung Knox)	Yes
Android partially managed employee owned devices	Yes (if sensor is installed outside of the Work Profile)	Yes (only with Work Profile)
Android partially managed company owned devices	Yes (if sensor is installed outside of the Work Profile)	Yes (only with Work Profile)

Tamper-resistant protection

In addition to the protection provided through the deployment modes, Cybereason Mobile provides tamper-resistant protection. This happens in a multi-layered way, through the Cybereason mobile app and associated profile:

If a user tries to remove the Cybereason Mobile app, protections are in place that prevent the simple deletion of the app from a device. For iOS users, you can require the entry of a dynamically-generated PIN number as part of the removal process. For Android users, your Cybereason Mobile administrator must remove the app from the device.
Even if a user is somehow able to remove the app, the associated profile still protects the device traffic. This profile remains on the device unless an administrator removes it, providing protection without the presence of the app.

SIM tampering protection

Furthermore, Cybereason Mobile provides protection against SIM tampering, including reporting when a device SIM card does not match the expected device configuration in Cybereason Mobile and detection of the removal of a SIM card from a protected device.