🇵🇱 Przejdź do polskiej wersji tego wpisu / Go to polish version of this post

Mobile Threat Defense (MTD) is a topic that is still treated as a stepchild in many companies.

Let’s not kid ourselves – most of you, when thinking about smartphone security, picture a PIN code, encryption, and possibly remote data wiping when an employee leaves their phone in a taxi. This is the absolute basics, digital hygiene. But in 2026, this is definitely not enough.

Why? Because thieves and hackers have also moved with the times. Today, no one steals a phone to sell it at a pawn shop for parts (okay, it happens, but it’s marginal). Today, a phone is a gateway to your cloud data, to Microsoft 365, to Salesforce, to banking. And the key to this gateway is no longer a crowbar, but sophisticated phishing, a malicious „flashlight” app that reads SMS messages, or fake Wi-Fi in a hotel lobby.

That’s why today we’ll take a look at a solution we know well – TechStep Essentials MDM (formerly Famoc), but this time paired with Pradeo technology.

What is it, how does it work „under the hood,” and why is it worth your attention? Let’s dive in.

What exactly is Pradeo?

If you’re in the security industry, you’ve probably heard this name. Pradeo is a French company (I emphasize: French, meaning European, which matters – but more on that later), which is one of the world leaders in Mobile Threat Defense (MTD). It’s a company that from day one has focused on one thing: protecting mobile devices and applications. And it does it well enough to be featured in reports by Gartner, Forrester, IDC, and Frost & Sullivan as a leading provider in the MTD category.

So in short: Pradeo is like a very intelligent digital bodyguard that sits inside your phone and analyzes everything that happens. But it doesn’t work like a classic ’90s antivirus that scans files looking for signatures (though it does that too). Pradeo works behaviorally. It looks at the behavior of applications, networks, and the operating system.

Protection is based on three pillars / attack vectors (so-called 360-degree protection):

Application threats (77% of all mobile threats)

And this is where Pradeo shines brightest. The system analyzes actual application behavior, not just declared permissions. The difference is colossal. Take TikTok (every admin’s favorite…) — in its permission declarations it looks innocent, but behavioral analysis reveals that the app collects geolocation, contacts, messages, call history, and even financial data. Pradeo detects this and classifies it as an invasive application.

The same applies to 0-day malware — malicious software that doesn’t yet have a virus signature in any database. According to Pradeo, as much as 95% of mobile threats are 0-day. Traditional antiviruses don’t see them. Pradeo detects them based on behavioral analysis — it observes what the app actually does (whether it records audio, sends data to suspicious servers, tries to install other apps, modifies system files), rather than looking for it on a blacklist.

At the application level, Pradeo also detects:

• Known malware with virus signatures
• Analyzes data processing (audio/video recording, access to files, SMS, contacts)
• Identifies invasive and vulnerable third-party libraries
• Detects suspicious behaviors: uninstalling CA certificates, forcing restarts, hiding icons

Network threats (9% of mobile threats)

Here Pradeo detects:

• Phishing, Smishing, and Quishing (phishing via QR codes) — regardless of channel
• Man-in-the-Middle (MitM) attacks
• Rogue Cell Towers
• Fake Wi-Fi access points and ARP poisoning attacks

A MitM attack on public Wi-Fi is not a theoretical threat. During one of TechStep’s webinars, they cited a case from Germany where soldiers lost confidential data precisely by connecting to public Wi-Fi. Pradeo detects such attacks in real-time and disconnects the device from the dangerous network.

System threats (14% of mobile threats)

That is, everything admins „love” most: root/jailbreak, operating system vulnerabilities, outdated OS versions, host file modifications, debugging and developer mode. From SDK version 1.6.0, hook detection was also added — attempts to hook into running processes.

Game Changer: Integration, or „One to Rule Them All”

Okay, you’ll say: „Tomek, but MTD is nothing new. We have Check Point, Zimperium, Lookout.” Agreed. However, there are three types of solutions operating in the mobile security market, and it’s worth distinguishing them:

MTD with deep behavioral analysis (Pradeo): This is Pradeo’s approach. The AI engine analyzes millions of applications and understands what is normal behavior and what is an anomaly. This allows detection of 0-day threats and invasive applications that technically aren’t malware.

EDR extended to mobile (CrowdStrike, TrendMicro, MS Defender): They originate from PC. They often don’t understand mobile specifics (containerization, sandboxing).

MTD based on risk analysis (CheckPoint, Zimperium, Lookout): Solid in network, but at the application layer they often limit themselves to known threat databases.

What specifically does Pradeo do better?

In the case of TechStep Essentials MTD, we’re dealing with something that we admins love most: total integration.

Usually, MTD deployment looks like this: you have an MDM agent (for management) and you need to install a second application (for protection). This means:

• two icons on the desktop
• two processes draining the battery (users love that, right?)
• two management consoles (one for policies, another for alerts)
• synchronization issues

With the TechStep + Pradeo duo, it looks different. Pradeo technology has been embedded directly into the Essentials MDM agent.

How does it work technically?

The SDK (Software Development Kit) mechanism is used here. Pradeo’s code is part of the Essentials application. For the user, it’s transparent. There’s no second application. No additional login.

From the admin’s perspective:

1. You enter the Essentials console
2. Select a policy
3. Slide the „Enable MTD” toggle (Activate on demand)
4. Enter the license key
5. Done

The agent on devices receives the signal, activates the Pradeo module, and starts protecting. This is the famous Zero Touch in practice. You don’t have to ask users: „Please install this antivirus.” You do it for them, remotely, with one click.

Under the Hood: RASP, Core and Advanced – How Does It Work?

Since we’re on technical details, let’s go deeper. The effectiveness of this solution is based on RASP (Runtime Application Self-Protection) technology.

I know, it sounds like gibberish, but in practice it’s a piece of solid engineering. RASP means that protection works inside the application (in this case the MDM agent) in real-time.

Pradeo in this edition works on two tracks:

1. CORE level (local)

This is the first line of defense. It works directly on the device, even offline.

• Detects known threats (virus signatures)
• Detects root/jailbreak
• Checks device configuration (whether debug mode is on, whether encryption works)
• Responds immediately

2. ADVANCED level (cloud + AI)

This is the „brain” of the operation. If the agent on the phone sees something suspicious that it doesn’t recognize (e.g., an app starts behaving strangely), it sends metadata (not files, only information about behavior!) to Pradeo’s cloud. There, artificial intelligence (Machine Learning) analyzes it in the context of millions of other events. Thanks to this, it detects so-called Zero-Day Threats – threats that are so new they don’t yet have signatures.

Below is an illustrative chart showing real-time attack activity at the application layer.

What Does This Protect Us From? Real-Life Examples

Theory is theory, but what does this give in practice?

Intrusive Apps

During one of the webinars organized by Techstep, a great example of TikTok or Temu was given. These aren’t viruses. Google Play allows them. But these apps can extract huge amounts of data (phone book, location, clipboard). Essentials MTD can block such apps on the work profile or completely prevent their installation, not based on „whim,” but on real analysis of what the app does with data.

Network Espionage

Remember the story of German soldiers who connected to hotel Wi-Fi and their conversations leaked? That’s a classic Man-in-the-Middle. Pradeo detects that the SSL certificate of the site you’re connecting to has been replaced, or that the GSM base station you’re connected to is not a real operator station, but a „spy suitcase” (IMSI Catcher).

Quishing (QR Code Phishing)

A new plague. An employee scans a QR code on a parking meter (fake, stuck over the real one), which redirects them to a page phishing for M365 login credentials. Pradeo analyzes the URL before the page loads and blocks access.

Data Sovereignty – Why Does It Matter?

Finally, an argument that for many companies (especially government and financial) may be decisive.

Both TechStep (Norway/Poland) and Pradeo (France) are European companies. Pradeo’s infrastructure is located in Europe (mainly France and Germany). This means full compliance with GDPR and upcoming NIS2 and DORA directives.

In an era when transferring data to the US or China raises (justified) concerns, having a security provider that is subject to EU jurisdiction is a huge advantage. Your threat data doesn’t land on servers overseas.

Summary

The integration of TechStep Essentials MDM with Pradeo is for me one of the most interesting moves on the market recently. We’re turning two separate entities (management and security) into one cohesive organism – this is the first solution I’ve seen where security isn’t glued on with duct tape, but sits inside the MDM agent.

Why is it worth it?

1. Convenience: one console, one application, one deployment
2. Automation: threat detection -> automatic MDM response (e.g., device quarantine)
3. Effectiveness: protection against what antiviruses don’t see (app behaviors, network)
4. Legal peace of mind: European solution, compliant with regulations

If you already have Essentials MDM, ask your account manager (e.g., at Plus operator, which is a certified Techstep partner) about testing the MTD module. It’s usually a matter of a few clicks, and the security level of your fleet jumps up several levels.

And if you don’t have it – well, maybe it’s a good time to rethink your strategy before someone scans a „fake” QR code in the company parking lot.

Until next time!

Puść ten artykuł w świat

XLinkedInMastodonFacebookWhatsAppFollow.itMessengerUdostępnij

×

Otrzymuj nowe artykuły na swój e-mail

Podając swój adres e-mail wyrażasz zgodę na przetwarzanie Twoich danych przez serwis follow.it. Zapoznaj się z Regulaminem oraz Polityką Prywatności serwisu.