* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Ignite](https://www2.paloaltonetworks.com/blog/category/ignite/)
* 2016 Prediction #2: The "...

# 2016 Prediction \#2: The "What" Matters More than the "Who" in Mobile Security

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2015%2F11%2F2016-prediction-2-the-what-matters-more-than-the-who-in-mobile-security%2F)  
[](https://twitter.com/share?text=2016+Prediction+%232%3A+The+%E2%80%9CWhat%E2%80%9D+Matters+More+than+the+%E2%80%9CWho%E2%80%9D+in+Mobile+Security&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2015%2F11%2F2016-prediction-2-the-what-matters-more-than-the-who-in-mobile-security%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2015%2F11%2F2016-prediction-2-the-what-matters-more-than-the-who-in-mobile-security%2F&title=2016+Prediction+%232%3A+The+%E2%80%9CWhat%E2%80%9D+Matters+More+than+the+%E2%80%9CWho%E2%80%9D+in+Mobile+Security&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2015/11/2016-prediction-2-the-what-matters-more-than-the-who-in-mobile-security/&ts=markdown)  
\[\](mailto:?subject=2016 Prediction #2: The “What” Matters More than the “Who” in Mobile Security)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Nov 18, 2015  
6 minutes  
[Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown)  
[Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)  
[Gunpoder](https://www.paloaltonetworks.com/blog/tag/gunpoder/?ts=markdown)  
[iOS](https://www.paloaltonetworks.com/blog/tag/ios/?ts=markdown)  
[mobile security](https://www.paloaltonetworks.com/blog/tag/mobile-security/?ts=markdown)  
[WireLurker](https://www.paloaltonetworks.com/blog/tag/wirelurker/?ts=markdown)  
[XcodeGhost](https://www.paloaltonetworks.com/blog/tag/xcodeghost/?ts=markdown)

*This is the second in our [series of cybersecurity predictions](https://www.paloaltonetworks.com/blog/predictions/) for 2016. Stay tuned for more through the end of the year.*

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/11/Top-10-Predictions-Banner.png)  
[![Top-10-Predictions-Banner](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/11/Top-10-Predictions-Banner-500x175.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/11/Top-10-Predictions-Banner.png)

As we look toward 2016, I think there's good reason to consider several shifts that we've seen in tactics used in recent attacks. Developments in several of these areas will play a significant role in mobile workforce security planning strategies for the year to come.

### Inverting the Hierarchy of Policy Enforcement

While many organizations are primarily concerned with perimeter security: controlling what people on the outside can do to the organization, there's still a lot of work to be done about the flip side of the equation: controlling what people on the inside can do to the organization. It is all too common to think of internal security as a matter of what can attach to the network, rather than asking the deeper questions of what those people and devices connected to the network should be able to do.

Twenty years ago, organizations relied on physical security to secure their network (no access unless you can get into the building). This notion started to crumble with wireless networking, in which authentication became the gating factor to control who was on the inside.

In both cases, however, these measures stop short of addressing the questions of what can a person or machine do once connected, and which applications can they access. This is particularly true when looking at the lifecycle of a cyberattack, where compromised endpoints are often employed to conduct lateral movement and exfiltrate information, all because many organizations do not have controls that inspect traffic inside the organization.

Network segmentation provides a part of the answer because compartmentalization can establish borders. However, while segmentation is a good first step, more needs to be done to control what traffic crosses the boundaries between segments.

These changes have been a long time coming, but, in 2016, I foresee significantly more emphasis on these issues, driven by the growing diversity of mobile devices in use. It has never been sufficient to simply allow or block devices from connecting. The next step is making sure we know what these devices are doing, and that's going to take better enforcement of security policy inside the network.

### Attacking the Person Behind the App

When taking a look at some of the attacks employed against mobile devices -- such as recent iOS attacks like [XcodeGhost](https://www.paloaltonetworks.com/blog/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/) and [WireLurker](https://www.paloaltonetworks.com/blog/2014/11/wirelurker-new-era-os-x-ios-malware/) -- what's interesting is that the techniques were far more nuanced than they might appear. Instead of just developing a piece of malware, the people behind these attacks customized the delivery system that would get the malware onto the mobile device.

In the case of WireLurker, it was a matter of infecting the owner's laptop -- hijacking the process for synchronizing and backing up the mobile phone's content. The attacker was able to insert the malicious content into the host and transfer the app via USB onto the mobile device.

In the case of XcodeGhost, the attackers went up the food chain and attacked the app developers themselves by distributing a modified version of the coding tools for building iOS apps. The resulting apps had dormant functionalities inside them that were not immediately visible to either the developer or the end user.

Both attacks were capable of inserting malware into non-jailbroken mobile devices. This is possible because mobile devices do not exist on an island. They are always connected to an interface with a variety of systems, some of which they inherently trust. When attackers are capable of inserting themselves into, and abusing these trusts, new threat vectors emerge.

With this in mind, in 2016, security teams will need to think about what they need to protect (e.g., endpoint, network and mobile devices) in a blended effort, rather than counting on each one separately. This is because the intelligence and protection in one area serves as the compensating control for the other. If it's unknown whether a mobile device is compromised, then securing network traffic serves as a compensating control to catch malicious behavior. If malicious command and control traffic emerges from an endpoint, then any such traffic from a mobile device should also be closely scrutinized.

### Pushing the Boundaries of Gray

Categorically, there is a growing amount of software that isn't so easily defined as being safe or malicious. These grayware applications fall between the lines because the software typically interacts with a third party, and that third party's motivations, intent, and even identity may be unknown to the end user. At times, the end user may not know there's a third party involved at all. One person's remote desktop application is another person's remote access tool.

The prevalence of grayware in mobile app stores has weighed toward adware, especially from third-party ad networks. These packages include functions that the end user (and the developer in many cases) does not know about. In the haste to use an app, a user may not scrutinize the permissions given, thus providing advertisers with access to a treasure trove of data. These ad networks slip into the realm of grayware because, even though they may have the permission to access the data, there is no guarantee that the data will be used in an ethical manner.

It's my belief that more apps will use the cloudy edges of the grayware definition to slip in more malicious activity than advertising. Early signs of this activity can already be felt from the discovery of [Gunpoder](https://www.paloaltonetworks.com/blog/2015/07/new-android-malware-family-evades-antivirus-detection-by-using-popular-ad-libraries/). When an app store evaluates an app for security risks, it is often done without the full view of the dynamics of how the functionality branches in the real world. In addition, without the context of threat intelligence, other clues about the activity conducted by the third party may not be clear. The only way to truly understand how an app operates is to see what it's doing on the network in real world conditions when it's being used, and that's the role of network security.

*Want to explore more of our top 2016 cybersecurity predictions? [Register now](https://boom.weboom.com/sites/paloaltonetworks/ignite2016/forms/regform.html) for Ignite 2016.*

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/11/Ignite-2016.png)  
[![Ignite 2016](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/11/Ignite-2016-500x124.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/11/Ignite-2016.png)

*** ** * ** ***

## Related Blogs

### [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### 2016 Prediction #1: Online Marketing Trends Will Change Web-Based Threats... Slightly](https://www2.paloaltonetworks.com/blog/2015/11/2016-prediction-1-online-marketing-trends-will-change-web-based-threats-slightly/)

### [Distributed Enterprise](https://www.paloaltonetworks.com/blog/category/distributed-enterprise/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Reusable Mobile App Libraries Introduce Reusable Security Issues](https://www2.paloaltonetworks.com/blog/2014/07/reusable-mobile-app-libraries-introduce-reusable-security-issues/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust](https://www2.paloaltonetworks.com/blog/2026/01/public-sector-cyber-outlook/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2026 Predictions for Autonomous AI](https://www2.paloaltonetworks.com/blog/2025/11/2026-predictions-for-autonomous-ai/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)

[#### AI-Driven, Quantum-Ready Network Security](https://www2.paloaltonetworks.com/blog/2025/10/network-security-ai-powered-quantum-ready/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma AIRS 2.0 Is Powering the Next Wave of Secure AI Innovation](https://www2.paloaltonetworks.com/blog/2025/10/prisma-airs-powering-secure-ai-innovation/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language