We all know that computers and laptops can get viruses, malware, and ransomware, but what about smartphones? This blog will cover how to detect infected BYOD devices on your network.
It’s hard to believe, especially if you remember Motorola Razrs being the phone that made you the coolest kid in school, that in just a few years’ time you could have a tiny computer in your pocket. This tiny computer would allow you to make phone calls, send text messages, help you find the nearest gas station, and let you download games that could help you pass the time. Well here they are: smartphones. These computer-like gadgets may be pocket-sized, but they can carry regular-computer-sized risks such as malware, viruses, and ransomware. How does this happen? Well, it can occur in a number of ways.
Finding and squashing BYOD bugs
Malware, ransomware, and viruses can hit your phones the same way they can computers: risky websites and links, sketchy apps and games, and sometimes they are even pre-installed on the phone itself.
Recently, it came to light that phones given to low-income families as part of the federal Lifeline program came with pre-installed malware in the form of apps already on the phone. While one of the applications can be removed, it’s very tricky and embeds itself in the phone’s settings. I won’t go too deep into this, but you can find more information on CNET.
Much like on a computer, signs of a virus can include slowness, the appearance of programs that you did not download, and your phone battery draining faster than it should. Thankfully, most of these can be removed with apps made by Malwarebytes, McAfee, and ReiBoot for Android.
But the thing is, these some of the symptoms can be written off as signs of a phone getting old or needing a new battery, so most people don’t even consider that there could be something bad hiding in the depths of your apps. If that happens, and that phone connects to your network, what do you do? Well, the first step of course is to find the problem.
How Scrutinizer and FlowPro can help
While Scrutinizer and FlowPro cannot boot devices off the network or block traffic, they can work together to quickly and effectively find bad actors that may be floating around your network.
Scrutinizer on its own is an incredible solution, but when it teams up with our FlowPro Defender, you can detect and alert on malware behavior, botnet detection, DNS data leaks, and even domain reputation. This can be done by spanning a port to our FlowPro Defender, then sending traffic through that span port and off to Scrutinizer.
Once Scrutinizer detects what it believes to be behavior indicative of a bad actor, even if it’s from a BYOD device that has connected to your network, it can send you an alert and post the information to Scrutinizer’s Alarms tab. Once posted in the Alarms tab, you can look at a flow report showing source and destination IP addresses. If you’d like help setting up reports like these in Scrutinizer or would like to give Scrutinizer and FlowPro Defender a try, do not hesitate to reach out to us via phone at 207-324-8805 extension 4 or by filling out a form on our website.