MDMDevice controlsDevice monitoringDevice configurationTelecom expensesActivation/deactivationMAMApp StoreApplication level securityRole-based accessSync ServerApp Admin ConsoleOther solutions (combine features of MAM+MDM)VDIContainerizationOur Product covers most of the boxes, except these:Public PlacesWired network connections
PG is a user-focused, network-based access control. Basic building blocks are:Developing security policies. You need one place to see where Corporate Users, Guests, and Contractors are allowed to go. - Centralized Policy Management.Monitoring posturesWhat is the required security posture for each user/device that uses the network?Are anti-virus, anti-spam and firewall tools up-to-date? What about operating system patches? Are users running any prohibited programs?Comparing postures to policiesTaking action:Either on initial access (pre-admission) or while connected (post-admission)?Is the user routed to a quarantined network space, or denied access entirely? Reporting/Analytics:what types of devices are being used on your wireless network or wired network? Where are they connecting from? You’ll need to spot usage statistics and device details to know what network and policy decisions to make in the future. Sample Network Access PolicyUser must be authenticated with Identity Management SystemEndpoint must be healthy.AV configured and running.Recent scan shows no malware.Patches up-to-date.Behavior must be acceptable.No port scanning, sending spam, No P2P Filesharing.
“Peregrine Guard” Enterprise Mobile Security BYOD Auto Discovery • Access Control
BYOD – Bring Your Own Device/Disaster!• By 2016…. o 900 million tablets in market o 982 million smart phones shipping annually.• WebRoot Survey, June, 2012 o 83% of respondents believe that mobile devices create a high security risk within the corporate environment.• Gartner – Shifting from Enterprise-owned to BYOD o Warns business that there are three major hurdles that they have to consider in their BYOD policy. •The right of users to leverage the capabilities of their personal devices Impact 1 conflicts with enterprise mobile security policies and increases the risk of data leakage and the exploiting of vulnerabilities. •User freedom of choice of device and the proliferation of devices with Impact 2 inadequate security make it difficult to properly secure certain devices, as well as keep track of vulnerabilities and updates. •The users ownership of device and data raises privacy concerns and Impact 3 stands in the way of taking corrective action for compromised devices.
Harnessing the BYOD phenomenon• BYOD Concerns o Network Security o User and Device Visibility o Network management complexity o Network performance o User experience• Challenges In Implementing BYOD o Employee Privacy o Mobile device market diversity o Finding the right approach to security
Current Solutions Devices Locations Applications Users Email, Sales ForceEmployee Corporate Corporate Contacts, Automation Owned Owned Location Calendar Privileged Employees or CRM Users Task & Managed by Office Guest Branch Projects Corporate Mgmt Applications Owned /MSP Offices Business and Contractors, B Regulatory usiness Consultants Partners Line ofDevices used Home Business Web Browsingfrom Home Offices Apps Offices Service Guests Personnel Instant Public Messaging Social Media Places MDM MAM / IAM
Peregrine Guardi7 Networks enables enterprises to “say YES” to BYOD byproviding an agentless paradigm for discovery and accesscontrol.Our premier offering in this space enables an intelligent, non-intrusive, clientless way of detecting all devices that are trying toconnect to the corporate network.By the use of proprietary algorithms and sophisticatedfingerprinting techniques, we extract highly granular informationlike device-type, device-class, OS, version, user of thedevice, etc;This information is used to provide device based differentialaccess to corporate assets and to make sure sensitive data isprovided right access to the right device type.
PG: Granular Access Controlo Deviceo Usero Applicationo Location (HQ/branch/ODC group)o Timeo Intrusion Detection (if malware is detected, then access could be disabled immediately)o Endpoint security (preventing jailbroken/rooted devices and below baseline)o Resource
PG: Policy Control• Admin can create policies like: o Allow access to Patient Records Server, if; • User is Authenticated • Role is Physician • Authentication is 802.1x (EAP-PEAP) • Device is iPad • Location is Hospital
PG: Policy Control Corp UserHigh Trust Registered DeviceMedium Known UserTrust Device Compliance passed Any DeviceLow Trust Any User Not Jailbroken Any DeviceNo Trust Any User