• Like

Securing BYOD in Three Easy Steps

  • 77 views
Uploaded on

More than 80% of companies are already experiencing the Bring Your Own Device (BYOD) trend, and further growth is expected over the next few years. But, fewer than half of all companies are actually …

More than 80% of companies are already experiencing the Bring Your Own Device (BYOD) trend, and further growth is expected over the next few years. But, fewer than half of all companies are actually doing something about the security risks that BYOD brings. In this Rapid7 webcast, Rapid7's VP/GM of Mobile, Giri Sreenivas, will provide examples and explain the severity of recent mobile exploits, and outline a simple yet highly effective three-step process to manage a company's mobile risks.

To download a free Mobilsafe demo, click here: http://information.rapid7.com/mobilisafe-demo.html?LS=1428723&CS=Web

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
77
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Securing BYOD Giri Sreenivas VP and GM, Mobile Dirk Sigurdson Director of Engineering
  • 2. 2 Giri Sreenivas VP and GM, Mobile Rapid7 Presenters Dirk Sigurdson Director of Engineering Rapid7
  • 3. Big, pervasive trend • 80+% of companies experience it today Fewer than half of all companies have begun to manage it • Do nothing, ActiveSync or MDM What can you be doing to secure BYOD? BYOD Is Here To Stay 3
  • 4. IT - Enforcer Roles of IT and Security for BYOD 4 Security – Advisor
  • 5. Rest of IT Resources Written, legally vetted acceptable use policies Dedicated operations staff Controls, tools Risk assessment Remediation / mitigation plans 5 Going With What You Know To Enable BYOD BYOD + Mobile Acceptable use policy is under revision for end user acceptance Yet another “system” for existing staff MDM, MAM, EMM, MCM, … ? ?
  • 6. Lost/Stolen Devices and Terminated Employees Jailbroken Devices / Custom ROMs Malware / Trojans User Behavior with apps Promiscuous apps Phishing Sniffing / MITM Top Mobile Threats 6
  • 7. Numerous examples where policies and controls fail to protect data • DroidDream • PDF exploits • Web site exploits • iOS Lockscreen Bypass Today’s focus: DroidDream and iOS Lockscreen Bypass Attacks Know your vulnerability risk “But We Have Policies And Controls?!” 7
  • 8. Initially showed up in iOS 4.1 • Took approximately 1 month for an OS update to patch the vulnerability Regressed in iOS 6.1 with one bypass attack • http://www.youtube.com/watch?v=MP-w436CfvQ A second bypass attack was discovered shortly after the initial attack No assurances on policies and controls for lost/stolen devices iOS Lockscreen Bypass 8
  • 9. 9
  • 10. Approximately 60 apps and games in the Google Play Market were pirated and had DroidDream embedded in them in 2011 These pirated/infected copies were downloaded by approx. 250,000 phones The malware looked to exploit two vulnerabilities to gain root access Upon gaining root access, the malware package downloaded and installed another malicious application from a C&C server From there, information was exfiltrated off devices DroidDream Malware: Breaking It Down 10
  • 11. 11
  • 12. Get visibility into all devices and users accessing corporate resources Assess the vulnerability risk these devices present • 49% of Android and 18% of iOS devices have at least one high severity vulnerability Take mitigation and remediation steps to reduce or eliminate risks to your data • Only 6% of devices with latest firmware version have a high severity vulnerability Manage Your Mobile Risks 12
  • 13. Available for on premise Exchange and starting last week, available for Office365 Demo to follow Mobilisafe: Mobile Risk Management 13
  • 14. Mobilisafe available for on premise Exchange and starting last week, available for Office365 Take Mobilisafe for a test drive! Try our online demo: http://information.rapid7.com/mobilisafe-demo.html Q&A 14
  • 15. Thanks! Contact: giri_sreenivas@rapid7.com