| Attack Vector | What We Detect |
|---|---|
| Device Compromise | Jailbreaks, rooted devices, outdated firmware, OS vulnerabilities |
| Network Threats | Man-in-the-middle attacks, rogue Wi-Fi, DNS spoofing, SSL stripping |
| App-Based Risks | Malware, spyware, risky sideloaded apps, data-exfiltration behaviours |
| Phishing Attacks | URL-based phishing via SMS, apps, and browsers — even zero-day links |
| Compliance Gaps | Devices falling out of policy (encryption, lock screen, OS version, etc.) |
- Global Threat Intelligence Enrichment
- Correlated Timeline & Risk Scoring
- Attack Path Mapping for Mobile Lateral Movement
- Automated Response Actions (Isolation, Notification, Lockdown)
- 24/7 Analyst-led investigation & validation
- Threat containment and remediation guidance
- Real-time visibility through the LMNTRIX XDR Console
You stay in control. We do the heavy lifting.
- Deploys via UEM/MDM/MAM
- Zero-touch activation available
- No personal data collection — privacy-first engine
- Supports corporate-owned & BYOD models
- Fully compliant with GDPR, HIPAA, PCI-DSS
LMNTRIX Mobile
What is LMNTRIX Mobile?
LMNTRIX Mobile is a subscription feature of LMNTRIX XDR. LMNTRIX Mobile is a Mobile Threat Defense (MTD) privacy-first application that provides comprehensive mobile security for enterprises. LMNTRIX Mobile is designed to protect an employee’s corporate-owned or BYO device from advanced persistent threats without sacrificing privacy or personal data.
Once deployed on a mobile device, LMNTRIX Mobile begins protecting the device against all primary attack vectors, even when the device is not connected to a network. LMNTRIX reduces risk by analyzing risky apps and jailbreaks on the device before giving access to corporate email and apps.
- Detects threats from device compromises, network attacks, phishing and content, and malicious apps
- Integrates with LMNTRIX XDR to provide CDC visibility of mobile threats and risks
- Offers unmatched forensics capabilities for devices, network connections, and malicious applications
How does LMNTRIX Mobile work?
LMNTRIX Mobile employs a robust defense strategy against threats targeting mobile devices by using machine learning. This engine operates directly on mobile devices and conducts a meticulous analysis of device behavior across various dimensions, including device activities, network interactions, phishing attempts, and application behavior. The machine learning engine has the ability to identify both familiar and previously unknown malware threats, including zero-day exploits. Its threat detection capabilities encompass a wide range of malicious software, such as ransomware, spyware, adware, trojans, and keyloggers, among others. A notable feature of machine learning engine is its self-sufficiency, as it does not rely on traditional security methods like signatures, cloud connectivity, or periodic updates to detect threats. It operates seamlessly in real-time and even offline, ensuring uninterrupted protection for mobile devices.
LMNTRIX Mobile protects users and their devices from many types of threats. These threats are broadly categorized into Network, Device and Malware threats.
What type of network threats does LMNTRIX Mobile support?
Network threats encompass attacks that take advantage of vulnerabilities within the networks utilized by mobile devices, including Wi-Fi, cellular, or Bluetooth. Several examples of network threats are as follows:
- Rogue Access Points (RAPs): These are deceptive or malicious Wi-Fi hotspots designed to deceive users into connecting to them, subsequently intercepting their data or delivering malware.
- Man-in-the-Middle (MITM) Attacks: These attacks involve an adversary intercepting and altering communication between two parties, such as a user and a website, without their awareness.
- SSL Stripping: This represents a form of MITM attack that degrades the security of a website from HTTPS to HTTP, facilitating the theft of sensitive information or the injection of malicious content.
- DNS Hijacking: This type of attack redirects users to fraudulent websites by modifying the DNS settings of the device or the network.
LMNTRIX Mobile detects network threats by analyzing both device behavior and network traffic. It has the capability to recognize anomalous or malicious network activities, including RAPs, MITM attacks, SSL stripping, DNS hijacking, and more. Additionally, it promptly notifies users and implements predefined remediation actions based on established rules.
What type of device level threats does LMNTRIX Mobile support?
The Device threat vector is one of the categories of threats that LMNTRIX Mobile identifies and mitigates. This category pertains to attacks that exploit vulnerabilities within the device’s operating system, kernel, or configuration. Examples of device threats include:
- OS/kernel exploits.
- Modifications to profile configuration.
- System tampering.
- Exploits targeting physical USB or SD card interfaces.
- Tracking using smart tags.
- Unpatched mobile operating systems.
- Vulnerable mobile operating systems.
LMNTRIX Mobile leverages machine learning to analyze the device’s behavior, allowing it to detect any deviations from the normal state. This proactive approach enables LMNTRIX Mobile to identify and respond to device threats effectively, enhancing the security and integrity of the device and its data.
Can LMNTRIX Mobile detect provide protection against malware?
Malware threats refer to malicious applications that can inflict harm on mobile devices by stealing data, spying on users, or engaging in undesirable activities. LMNTRIX Mobile, a mobile threat defense solution, is equipped to detect and thwart these malware threats effectively. LMNTRIX Mobile harnesses advanced machine learning algorithms to scrutinize the behavior of both the device and its applications, thereby enabling it to identify known as well as previously unknown malware threats. Several examples of malware threats that LMNTRIX Mobile can detect include:
- Spyware: This category encompasses malware that operates covertly to monitor the user’s activities, such as phone calls, messages, location data, or browsing history. It then surreptitiously transmits this information to a remote server.
- Ransomware: Ransomware is a malicious software that encrypts the user’s data or locks the device, typically demanding a ransom for the restoration of access.
- Banking Trojans: Banking trojans are malware designed to target financial or banking applications, with the goal of pilfering the user’s credentials, account information, or financial resources.
- Rootkits: Rootkits are a class of malware that acquire root or administrative privileges on the device, effectively concealing their presence from detection and removal tools.
To safeguard mobile devices from these malware threats, LMNTRIX Mobile employs a multi-faceted approach. It promptly notifies the user of any detected threats and takes predefined remedial actions.
Does LMNTRIX Mobile provide policy enforcement?
LMNTRIX Mobile allows for highly customizable policy enforcement across user defined device groups. Customizable policy sets exist for:
- Privacy
- Control access to device location, network information, application details, browser and device information.
- Threats
- Control on device alerting, automated response and notifications for more than one hundred different types of device-based threats.
- Phishing
- Control protection for phishing links received on the device, including custom filtering and web category handling.
- App settings
- Control ML malware detection and the availability of other features through the LMNTRIX Mobile application.
- App Policy
- Control alerting based on application IDs, versions, developer signatures, etc.
- Network Policy
- Control access to specific WiFi networks, SSL Certificates & sinkhole network access ot specific IP addresses, Domains, or Countries.
- Device Inactivity
- Control alerting based on device and application inactivity.
- OS Risk
Control alerting based on device OS being out of compliance.
How is LMNTRIX Mobile deployed?
Deployment of LMNTRIX Mobile is accomplished in one of two different ways:
- For managed devices, LMNTRIX Mobile can be integrated with a mobile device management (MDM) or enterprise mobility management (EMM) solution, such as VMware Workspace ONE, Microsoft Intune, IBM MaaS360, or MobileIron to allow for zero touch provisioning.
LMNTRIX Cloud collects and processes the following AWS telemetry:
- Configuration metadata describing the account settings and its deployed cloud resources, including EC2 instances, databases, security groups, and users.
- CloudTrail logs providing event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS service account activity related to actions across your AWS infrastructure.
- Note: CloudTrail logs are collected by LMNTRIX cloud Security from S3 buckets.
- VPC Flow logs capture information about the network traffic going to and from network interfaces in your VPCs.
- CloudTrail S3 Data event logs capture data events for objects stored in an S3 bucket. Once enabled, these S3 data events are delivered by AWS as part of the regular CloudTrail logs. LMNTRIX recommends that you enable CloudTrail S3 Data event logs for those S3 buckets that hold information critical for your business. For more information, see: https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-fors3.html
LMNTRIX cloud makes use of the following read only permissions (granted to LMNTRIX cloud by assigning IAM permission policies to a cross-account role created for LMNTRIX cloud security in the customer’s AWS account.):
- Security Audit policy—An AWS-managed policy provided out-of-the-box. This policy grants access to read security configuration metadata, such as information about the configuration of users, servers, databases, and more.
- AWSWAFReadOnlyAccess policy—An AWS-managed policy provided out-of-the-box. This policy provides read-only access to AWS WAF configuration metadata.
- Read-access permissions to the S3 buckets in the AWS account(s) storing the CloudTrail and VPC Flow logs:
- s3:ListBucket
- s3:Get*
- In addition, you need to set up SNS notifications in your AWS account. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_SetupSNS.html
- For unmanaged devices, users simply download the LMNTRIX Mobile application & scan a provided QR code to enrol their devices.
What are LMNTRIX responsibilities during the LMNTRIX Mobile onboarding process?
- Provide a license to use the LMNTRIX Mobile service consistent with the parameters of your purchase.
- Provide the customer or partner with the required information to complete the enrolment of their devices with LMNTRIX Mobile.
- Provide assistance with configuration of mobile security policy & MDM integration.
- Provide 24-hour access to our Cyber Defense Center (“CDC”) so that you may ask questions related to the Service. While LMNTRIX will do our best to answer your questions immediately, some inquiries will result in a ticket for the Senior Intrusion Analyst Team which will be addressed during LMNTRIX’ normal business hours, Monday through Friday, 8:00-5:00 U.S. Eastern Standard Time excluding U.S. holidays (“Normal Business Hours”).
What are Client responsibilities during the LMNTRIX Mobile onboarding process?
- Complete the LMNTRIX Mobile section of the starter pack.
- Supply all requested details of mobile endpoints & users.
- Integrate LMNTRIX Mobile with MDM solution where applicable.
- Enrol devices in LMNTRIX Mobile.
We know that every day you have everything on the line, and that with so much at risk it can seem like adversaries have all the advantages. Together we can take the power back. Where other cybersecurity providers see a vendor and a customer, we see a united team of defenders who are stronger as one.
I couldn't believe the level of detail during testing using an unannounced red team. In real-time, LMNTRIX analysts were baiting attackers and actively pursuing them in our environment-it was like something out of a movie.
Matt Kraus
IT Manager, Alliance Funding Group
LMNTRIX XDR didn't just do one thing; it covered all the bases: endpoint, network, cloud, mobile, identity, moving target defense and proactive threat hunting. To build this ourselves, we'd need 50 different products, and then we'd need to find security analysts capable of managing them all. The hyper-converged and holistic approach that LMNTRIX takes is a real game changer in my opinion.
Kim Green
CISO, World Market
I appreciate that working with the LMNTRIX team feels collaborative, and they leverage their extensive knowledge of current trends and attack techniques to guide us effectively. With our small team, we lack the resources to constantly research emerging threats—LMNTRIX fills that gap, providing us with vital information that helps us prioritize and refine our security strategy.
Shaun Hay
Group Manager Technology and Systems
LMNTRIX seamlessly integrates with our team, making their analysts an extension of our own resources. Their deep understanding of our environment allows my internal team to focus on other essential security initiatives that drive Dentons' success.
Victor Yeo
Head of Information Security
Our approach to detection is something we take seriously. While many MDR companies can set up a SOC and connect with various technologies to pass on alerts, LMNTRIX stands out by providing the critical context we need. They bridge the gap between us and our tools, delivering insights that truly matter. It's like LMNTRIX is playing chess, while others are just playing checkers.
Eduard Pieters
Chief Information Officer
LMNTRIX stood out in our evaluation as the sole provider that developed its own sophisticated cloud detections instead of merely relying on GuardDuty as an intermediary. Unlike other vendors who claimed capability in managing our cloud alerts, LMNTRIX was the only one that substantiated its capabilities.
Integrating our SIEM with the LMNTRIX XDR platform has provided a more comprehensive view of our security events and alerts across Microsoft 365, Defender, and Azure Active Directory. This integration facilitates quicker and more precise incident responses. The streamlined workflows and reduced manual processes have freed up valuable time, allowing us to address additional security priorities.
John Smith
Director of Cybersecurity and Incident Response
