MONITORING ANDROID DEVICES BY USING EVENTS AND METADATA

Mobile devices such as smartphones and tablet PCs are increasingly used for business purposes. However, the trustworthiness of the operating system and apps is controversial. They can constitute a threat to corporate networks and infrastructures, if they are not audited or monitored. The concept of port-based authentication using IEEE 802.1X restricts access and may provide statistical data about users entering or leaving a network, but it does not consider the threat devices can pose if they have already been authenticated and used. Security information and event management (SIEM) software has to incorporate information about mobile devices during their usage. Those devices have to gather and publish information to make this possible. This can be achieved by using a client on the mobile device, which is proposed here. It collects metadata including information about device specific data, platform or system state, which is sent via multiple supported protocols to a central SIEM component, where the data is analyzed in assessment procedures for threat analysis by using artificial intelligence and rule-sets.