Where MDM Falls Short: The Mobile Endpoint Protection (MEP) Market
Updated: Oct 22
When people invest in a Mobile Device Management (MDM) environment, they often have misplaced expectations about what the software can do. It allows for centralized inventory, policy enforcement, software distribution and remote wipe, but many clients expect more; they believe that they can monitor employee’s apps, see what websites they’re visiting, how much data they’re using, and more, but unfortunately, that’s not how MDM’s work.
This is where MDM ends and another category of software called Mobile Endpoint Protection (MEP), begins. There are many flavors of MEP, with some leaning more towards security (such as anti-virus products like Lookout, Zimperium, or MobileIron MTD) and others leaning more towards data, content, and traffic management.
Today we will explore two MEP products that can help prevent phishing attacks on mobile, ensure that your employees are staying productive, and restrict them from using company data for personal use. Wandera and Asavie are two front runners that have a few key differences.
Both Wandera and Asavie have specific use cases:
Web Traffic: Provide visibility into how a device is using cellular and potentially Wi-Fi data (where are they surfing? Where are their apps taking them?)
Carrier Expense Management: Identify and control cellular data usage a user is consuming overall (both the amount of data being used and which websites or applications the data is being used for)
Manage Productivity: Restrict where a user can “surf” on their mobile device through curated content restrictions (for example, a blanket restriction on adult content or conditional restriction on YouTube access until after-hours or only when on Wi-Fi)
Mobile Threat Defense: Prevent users from going to potentially harmful or compromised sites that may attempt to infiltrate the device or “phish” for sensitive data
In both cases, you can choose to “protect everything” and get licenses for a broad set of your devices or you can choose to buy a small set of licenses and “move them around” to monitor specific users or use cases. While setup for the above scenario is not exactly easy from a deployment and support perspective, it is possible.
What is Wandera?
Founded in 2012, Wandera provides zero trust cloud security that empowers businesses to manage their remote users. Its services protect from threats, filter content and enable secure access to cloud and private applications. In 2021, Wandera released a product that allows for monitoring and protecting specific Verizon MiFi devices.
At the time of writing, Wandera charges $6 - $9 per device.
Wandera pros and cons
Mature management console with custom reporting
Rich security event logs
Smart MDM integration to apply MDM policies based on certain Wandera risk assessments
Generally works best when installed on an iOS, Android or even Windows device
Less focus on non-iOS, Android or Windows device types (non-carrier specific mobile hotspots).
Difficult implementation (Profile based enrollment).
What is Asavie?
Established in 2004, Asavie offers mobile security services that provide visibility and control over mobile devices. Asavie is offered directly from the carrier under different carrier-branded product names.
Asavie works at the carrier/network level therefore it can theoretically protect devices without requiring an overt install. Because of this, LINQ has deployed Asavie in cases where the client requires protecting MiFi or Cradlepoint type devices.
At the time of writing, Asavie charges $10 per device.
Asavie pros and cons
Works on standalone hotspots and Cradlepoint type devices
Great functionality at the network level requiring less implementation.
Slightly less mature management console and features
Requires additional software component to monitor the WiFi traffic for a mobile device
For some edge cases, this solution has hard-to-follow “this only works on specific carrier or device” situations
Separate management portals for Verizon and AT&T devices
It is important to understand where an MDM stops and where an MEP product begins. If managing and monitoring employee device usage is a priority for your business, MEP is likely the right option for you. Fortunately, there are at least two mature product offerings that can assist in monitoring and protecting mobile devices when it comes to content filtering, threat defense and data usage. For more information, or to find out how to get the most out of your MDM or MEP solutions, contact us.