Security pros are recommending that companies integrate threat intelligence -- the real-time sharing of intelligence information about cyber security threats and malicious applications \u2013 with mobile device management platforms in order to improve mobile security.The first step, according to Larry Whiteside, Jr., chief security officer of the Lower Colorado River Authority, is to make sure you\u2019re getting the same level of log information from your enterprise mobility management (EMM)\/mobile device management (MDM) provider as you would from your desktop security provider.\u201cI can't see anybody who would have a Symantec or McAfee or even any of the new tools that are protecting desktops, and just say, \u2018Yeah, just put your protections on there. We don't need to know what's hitting it. We don't need to know anything about what's going on. Just protect it and we'll trust you.\u2019\u201dBut that's what we do in mobile right now\u201d says Whiteside. He says that when companies look at MDM solutions they tend to focus on integration and capabilities, \u201cbut they don't put a lot of requirements around ensuring that they're getting some of the basic functionality, such as logs, and such as threat type.\u201dIntegration of feeds is keyBring threat intelligence feeds into your MDM system so you can use the intelligence about dangerous and malicious apps to upgrade your mobile threat defenses. That\u2019s the recommendation of David Jevans, CEO, Chairman, and CTO of Marble Security, a provider of app security services. Often, you can bring in threat intelligence feeds to your MDM\/EMM platform using an API from your MDM or threat intelligence platform provider, he says.+ ALSO ON NETWORK WORLD Threat intel sharing: Security breakthrough or flavor of the month? +\u201cThreat intelligence can give an enterprise very quick intel into which apps should not be allowed on your network, and this can be done in a matter of hours inside an enterprise,\u201d Jevans says. The idea is to get the data feed, correlate it with MDM and delete those apps immediately or notify those users.Of course, things are a bit more complicated in Bring Your Own Device (BYOD) environments, but Jevans still recommends bringing your threat feeds into your MDM. However, he cautioned that companies need to have management capabilities in place for BYOD in order to know what\u2019s running on users' devices. That typically means deploying an agent to run on user devices that let you know what the device is running, so you can correlate the device to threat intelligence.Good Technology concurs with Jevans about the unique problems that BYOD brings to threat intelligence. He also offers another benefit of feeding threat intel directly into an MDM. \u201cYou may want to stop that device from being able to connect to your corporate network, but I can't go and wipe the whole device, or stop it from talking to AT&T, or the WiFi at home because it's not my device.\u201d+ ALSO ON NETWORK WORLD How to deploy tablets to your mobile workforce +Van Someren adds, \u201cThere's a couple of different ways both on the sensing and on the actioning side that mobile is different, but at many levels it's the same activity because threat intelligence needs to be a holistic approach rather than a point solution.\u201cThat classic MDM solution is much more vulnerable than a containerized solution where the only keys in the container are keys that get you to just the resources that are specific to that containerized application and nothing else,\u201d van Someren says. \u201cThat sort of containerization solution is much better protected against the sorts of end point threats that we're talking about here.\u201d\u201cFrom a mobility point of view we don't have quite as much opportunity to collect information in the mobile space as we do in a managed physically shackled, physically controlled device that's on the corporate network,\u201d van Someren adds.There are also privacy implications. \u201cYou have to think carefully, \u2018Is it my place to be collecting information off these end points?\u2019 Then similarly in terms of actioning, if I have a device that I've ascertained is not clean, if there's something wrong with that device and it's got some bad behavior, I can't go around wiping people's devices willy nilly if it's their personal device,\u201d van Someren says.Take a holistic approachIt\u2019s important to note that there\u2019s no such thing as mobile specific threat intelligence in the eyes of cyber security experts. Threat intelligence only makes sense when it\u2019s applied across the entire infrastructure, according to van Someren.Look at threat intelligence as more than just applying individual IP addresses and domains to individual transactions, recommends Monzy Merza, chief security specialist at Splunk, a provider of operational intelligence and log management solutions.He recommends that enterprises look across the entire IT spectrum, including servers, databases and applications to see how mobile interactions are happening and apply threat intelligence to as broad a base as possible.That entails deploying tools that allow you to apply threat intel to your mobile application logs, to your firewall logs, even your email content.\u201cDon\u2019t be confined to \u2018event data\u2019 and apply threat intel across all data sources,\u201d Merza recommends.\u201cWhen it comes to getting intelligence about what your employees are doing, I think it's super important to go with the solution that gives you some reporting on who's accessing what applications, when, and getting visibility into that application access,\u201d says Andrew Conway, senior director of enterprise mobility at Microsoft.When you think about threat intelligence, what's going to happen at some point is it's going to be about accessing applications and understanding, \u2018OK, who's accessing, when, how are they doing that.\u2019\u201dAnother tip from Marble Security\u2019s Jevans is to integrate mobile threat intelligence into your network intelligence. Network intelligence data might include:Network coordinates about where malicious traffic is going from mobile devicesDevices connected to your enterprise network whether inside your firewall or connected through your VPNIntegrating mobile focused threat intelligence and network intelligence enables you to better profile and add that malicious information into your existing threat prevention system, whether it's firewalls or device management and then you can track it that way as well.\u201cYou may not be able to detect it when they're at the airport, but you can detect it when they're back at work,\u201d Jevans advises.Ed Fox, vice president of network services, and Max Silber, vice president of mobility for MetTel, a provider of network, data, and mobility services, recommend forming an internal SWAT team around threat intelligence feeds to help target information to users who are under threat of attack.Diana Kelley, executive security adviser, for IBM Security recommends putting a mobile protection environment in place internally. While not threat intel from the outside, it\u2019s still very valuable in using your MDM solution to detect jail broken or rooted devices inside your enterprise.\u201cThat's really important threat intelligence, because although it's not the big world intelligence, it's intelligence inside your environment,\u201d Kelley asserts. \u201cDid they jailbreak their device? Then you can, again, take action to shut down that device, limit its access to the corporate container, not allow it to access the corporate system.\u201dThreats against mobile devices are part of the larger threat landscape that enterprises face each day. Bringing together MDM\/EMM with threat intelligence adds a cyber security overwatch to mobile security ensuring a more expedient response to rising mobile-centric cyber security threats.Kelly is a freelance writer. He can be reached at firstname.lastname@example.org.