Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security

on

  • 144 views

Mobile devices are always on the move, switching from network to network and place to place constantly. The best way to keep your company's information safe is through a unified approach securing at ...

Mobile devices are always on the move, switching from network to network and place to place constantly. The best way to keep your company's information safe is through a unified approach securing at the device, app and network levels.

Statistics

Views

Total Views
144
Views on SlideShare
144
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • A series of questions and answers.
  • Frustrated IT people <br />
  • This is information technology (IT) <br /> The old way <br /> How you can be a blocker
  • This is Business Technology (BT) <br />
  • - security only as good as weakest link <br /> - matching a solution to the type of risk/problem you have
  • Transition: Important to quantify now as risks are increasing quickly
  • Story for this one: Syrian electronic army
  • Nice diagram of app protection, network, device, and tying back into corporate network, getting the analytics off of it (auth?) <br />
  • Mobile network activity a BLIND SPOT
  • Tyler says “No roadblocks” and user experience really important
  • I think keeping a consistent placement of image (right) and text alignment (left) on each screen gives the deck order and orients the eye through the flow. <br />
  • I’d talk through our infrastructure here wit the history

Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security Presentation Transcript

  • 1. Webinar: A Three-Pronged Approach to Mobile Security
  • 2. • View Webinar Archive: http://go.mojave.net/webinar-3pronged- mobile-security • Learn more about Mojave Networks: http://www.mojave.net Information
  • 3. Primer on Mobile Security Tyler Shields, Forrester Research 3
  • 4. Making Leaders Successful Every Day
  • 5. Mobile Security Trends Security Requires More Than Just MDM! Tyler Shields Senior Analyst, Mobile and Application Security June XX, 2014
  • 6. © 2014 Forrester Research, Inc. Reproduction Prohibited 6 What doyour USERSwant! Anywhere Access No Roadblocks Any Device All Data
  • 7. © 2014 Forrester Research, Inc. Reproduction Prohibited 7 What willthey DO to get it! 16% 22% 35% 42% Installed unsupportedsoftware that will help me do my job Use awebsiteor Internet-based servicethat my company doesn’t support to help me do myjob Bought somethingwith my own money to help me do myjob Use my ownpersonal computer or smartphoneto help me do myjob SHADOW IT BYOD
  • 8. © 2014 Forrester Research, Inc. Reproduction Prohibited 8 • What mobile device managementoptions are there? Vendor selection? • How do I get off of Blackberry? Should I get off of Blackberry? • We don’t think MDM is quite enough. Which technologies do I need to secure my environment? • How do I apply application security and managementto my mobile strategy? • What should I do to secure the content that is on my mobile devices? What isthe ENTERPRISEasking?
  • 9. © 2014 Forrester Research, Inc. Reproduction Prohibited 9 What SHOULD theENTERPRISEbe asking? • What level of security do I need to offset my mobile risk? • What combination of technologies can help me meet my business goals? • Where is the real risk in mobile? • How can I securely enable my users to get their jobs DONE!
  • 10. © 2014 Forrester Research, Inc. Reproduction Prohibited 10 10 22% 20% 14% 26% 26% 27% 26% 22% 48% 48% 46% 45% 45% 38% 42% 45% 24% 23% 36% 18% 19% 17% 16% 26% Support a wider variety of mobile devices and platforms (e.g., tablets, iOS, Android) Improve or modernize our mobile app(s) to deliver more information or transaction support Update our security technologies and processes to better support mobile interactions Re-architect traditional or back-end apps to make it easier to interface with and support mobile front-end apps Re-architect our middleware to better support mobile front-end applications Expand machine-to-machine (M2M) or 'Internet of things' initiatives Create a set of standard APIs or services that allow mobile app developers to more easily access functions from transactional business applications Expand or enhance data center infrastructure to handle increasing volume of customers' mobile interactions Low priority High priority Critical priority “How important is each of the following initiatives in your firm's mobility strategy for supporting your customers over the next 12 months?” Base: 891 North American and European enterprise network and telecommunications decision-makers Source: Forrsights Mobility Survey, Q2 2013 82%
  • 11. © 2014 Forrester Research, Inc. Reproduction Prohibited 11 44% 29% 59% 64% 33% 45% The number of different platforms/operating systems Rate of releases of the different operating systems/platforms Providing device security Securing the apps and data Complying with regulatory requirements Managing devices that are used for both personal and corporate apps “What challenges, if any, does your firm face when managing smartphone/tablet applications and devices?” Source: Forrsights Mobility Survey, Q2 2013 Base: 891 North American and European enterprise network and telecommunications decision-makers
  • 12. © 2014 Forrester Research, Inc. Reproduction Prohibited 12 AreYouOverwhelmedYet?! • Mobile Device Management • Enterprise Mobile Management • Mobile Application Management • Mobile Security Platform • Application Wrapping SDK • Mobile Static Analysis Competing Visions and Solutions • Application Wrapping • Secure Network Gateways • Machine Learning • Mobile Behavioral Analysis • RBMM Emerging Technologies
  • 13. © 2014 Forrester Research, Inc. Reproduction Prohibited 13 Mobile Device Management Containerization Virtualization Application Hardening Application Wrapping Anti-Malware App Reputation Mobile Authentication Device Reputation Mobile DLP Mobile Endpoint Security Static Code Analysis Secure Mobile Content Sharing Secure Mobile Network Gateways 1. Application hardening 2. Application wrapping 3. Containerization 4. Mobile anti-malware 5. Mobile application reputation services 6. Mobile authentication solutions 7. Mobile device management 8. Mobile device reputation services 9. Mobile DLP 10. Mobile end point security 11. Mobile static code analysis 12. Mobile virtualization 13. Secure mobile content sharing 14. Secure mobile network gateways Mobile Security Technologies
  • 14. © 2014 Forrester Research, Inc. Reproduction Prohibited 14 TechnologiesBy Layer The Mobile Security Stack
  • 15. The Future State of Mobile!
  • 16. © 2014 Forrester Research, Inc. Reproduction Prohibited 16 Impact of User / Admin Experience on Technology Success Minimal B-Value Add Moderate B-Value Add Significant B-Value Add Anti-malware Mobile Device Reputation Mobile Content Sharing Virtualization Mobile DLP Mobile Device Management App Hardening Mobile Application Reputation Secure Mobile Network Gateway Application Wrapping Mobile Authentication Mobile Static Code Analysis Containerization Good Experience Moderate Experience Bad Experience Unknown
  • 17. © 2014 Forrester Research, Inc. Reproduction Prohibited 17 Impact of User / Admin Experience on Technology Success Minimal B-Value Add Moderate B-Value Add Significant B-Value Add Anti-malware Mobile Device Reputation Mobile Content Sharing Virtualization Mobile DLP Mobile Device Management App Hardening Mobile Application Reputation Secure Mobile Network Gateway Containerization Mobile Authentication Application Wrapping Mobile Static Code Analysis Good Experience Moderate Experience Bad Experience Unknown
  • 18. © 2014 Forrester Research, Inc. Reproduction Prohibited 18 Device Management 2012 2012 andBEFORE Mobile Device ManagementMobile device management (MDM) solutions use platform API hooks to impose control onto smartphones and tablets. This technology allows support for multiple platforms and form factors, extends management and security policies to both corporate-liable and employee-owned devices, and automates service desk support.
  • 19. © 2014 Forrester Research, Inc. Reproduction Prohibited 19 Secure Network Gateway 2013 Device Management 2012 2013 Application Wrapping 2013 Secure Mobile Content Sharing 2013 Isolated TechnologiesApplication wrapping and secure network gateway technologies gain traction. Secure mobile content sharing becomes an easy plug and play for vendor offerings. Price drops rapidly as base MDM becomes commoditized.
  • 20. © 2014 Forrester Research, Inc. Reproduction Prohibited 20 Secure Network Gateway 2013 Device Management 2012 2014 Application Wrapping 2013 Secure Mobile Content Sharing 2013 Enterprise Mobile Management 2014 * Enterprise Mobile ManagementA new offering is born. EMM is the new buzz. Isolated technologies sold in a single platform offering.. The same players with a slightly different game.
  • 21. © 2014 Forrester Research, Inc. Reproduction Prohibited 21 Secure Network Gateway 2013 Device Management 2012 2015 and BEYOND Application Wrapping 2013 Secure Mobile Content Sharing 2013 Enterprise Mobile Management 2014 * Mobile Authentication Risk Based Security Risk Based Mobile Management Risk Based Mobile ManagementUnderstanding WHO is at the device and real risk values are as important as security of the device is itself. 2015 adds mobile authentication to the offering mix. Quantification of risk is the future trend. Applying math to risk and using calculated risk values to enforce security controls. The future is in RBMM.
  • 22. © 2014 Forrester Research, Inc. Reproduction Prohibited 22 TheNextWaveofAwesome –TechsThatQuantifyRisk Up andComingTechnologies VS VS VS Mobile Application Reputation Mobile Device Reputation Mobile Authentication Risk Based Mobile Management & Security
  • 23. © 2014 Forrester Research, Inc. Reproduction Prohibited 23 What ItMeans- Enterprises $ Find roadmaps that go beyond point solutions Risk tolerance versus user experience Expect significant consolidation Defense in Depth Maximize security while minimizingUX impact Demand innovation!
  • 24. © 2014 Forrester Research, Inc. Reproduction Prohibited 24 Nobody Ever Got FiredFor Buying… TechnologyLeading Products
  • 25. Webinar: A Three-Pronged Approach to Mobile Security
  • 26. • Mobile Risks • Pillars of Mobile Security • Device • Apps • Network • Analytics • Background • Ask our Experts: Q&A Agenda 26
  • 27. 27 Understanding Mobile Risk
  • 28. Why is Knowing Your Mobile Risk Important? 28 • Protecting company data • Safeguarding other enterprise infrastructure • Identifying compliance issues • Creating better policies with better visibility
  • 29. Quantifying Mobile Risk 29 • Employee Data Access • Installed Apps • User / Device Behavior • Non-mobile Events
  • 30. Understanding Mobile Risk is Imperative Source: Verizon 2014 Data Breach Investigations Report Number of breaches per category
  • 31. 31 Pillars of Mobile Security
  • 32. Mobile Security Network AnalyticsApplicationsDevice Four Pillars of Mobile Security to Reduce Risk
  • 33. • MDM • Password policies • Containers Typical Device Level Security 33
  • 34. Typical Application Level Security 34 • App catalog • White / Black List • App wrapping
  • 35. Typical Network Level Security PC’s Traditionally Protected Mobile is Completely Unprotected
  • 36. Typical Mobile Analytics Available to other Platforms
  • 37. 37 How Does Mojave Manage the Pillars?
  • 38. Health Evaluate apps, processes, diagnostics, and behavior to assess risk Native Experience No wrapping or containers to interfere with the native experience Privacy Wipe corporate information and set granular employee privacy policies Policies Set configurations, deliver policies, and manage apps Device – Security without the Hassle 38
  • 39. 39 Monitoring Device Health • Over 50 data points collected daily • Monitor for critical changes in device health • Feeds of data for other security tools to analyze
  • 40. Results 1. More visibility 2. Better DLP 3. Block threats Analysis 1. Static & dynamic 2. Enterprise risk 3. Protocol identification App Reputation Collection 1. Thousands of apps/day 2. App stores, 3rd parties, and devices 40
  • 41. Gain Visibility into App Risk 41
  • 42. App Data All Data Globally Distributed Network Optimized for Mobile 42
  • 43. Gain Visibility into Data Flow 43
  • 44. Network threats blocked per device 10 per month 120 per year 44** Based on Mojave Networks aggregate customer usage data
  • 45. • Tie mobile events to broader user profile • Leverage existing security tools • See activity that has never been available Real-time Event API Completes the Loop 45 Policy
  • 46. Mojave Connect Real-time API Common Syslog formats Better Correlate Mobile Events with Other Enterprise Data Real-time API’s = Faster Risk Assessment 46
  • 47. Visibility Security Effortless & Seamless Mojave Networks Delivers 47 Control
  • 48. • MDM solutions only protect from a small subset of mobile risks • 4 pillars necessary to provide true mobile security • Mobile risk should be combined with other threat intelligence Summary 48
  • 49. 49 About Mojave Networks
  • 50. Mojave Networks Background • Founded in 2011 and based in Silicon Valley • Lead investment from Bessemer Venture Partners & Sequoia Capital • Veteran team from Symantec, McAfee, Lookout, Palo Alto Networks, Cenzic • Deep security DNA with patent pending technology • Customers in Healthcare, Finance, Transportation, Government and more 50
  • 51. 51 Questions & Answers