Securing BYOD in Three Easy Steps


Published on

More than 80% of companies are already experiencing the Bring Your Own Device (BYOD) trend, and further growth is expected over the next few years. But, fewer than half of all companies are actually doing something about the security risks that BYOD brings. In this Rapid7 webcast, Rapid7's VP/GM of Mobile, Giri Sreenivas, will provide examples and explain the severity of recent mobile exploits, and outline a simple yet highly effective three-step process to manage a company's mobile risks.

To download a free Mobilsafe demo, click here:

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Securing BYOD in Three Easy Steps

  1. 1. Securing BYOD Giri Sreenivas VP and GM, Mobile Dirk Sigurdson Director of Engineering
  2. 2. 2 Giri Sreenivas VP and GM, Mobile Rapid7 Presenters Dirk Sigurdson Director of Engineering Rapid7
  3. 3. Big, pervasive trend • 80+% of companies experience it today Fewer than half of all companies have begun to manage it • Do nothing, ActiveSync or MDM What can you be doing to secure BYOD? BYOD Is Here To Stay 3
  4. 4. IT - Enforcer Roles of IT and Security for BYOD 4 Security – Advisor
  5. 5. Rest of IT Resources Written, legally vetted acceptable use policies Dedicated operations staff Controls, tools Risk assessment Remediation / mitigation plans 5 Going With What You Know To Enable BYOD BYOD + Mobile Acceptable use policy is under revision for end user acceptance Yet another “system” for existing staff MDM, MAM, EMM, MCM, … ? ?
  6. 6. Lost/Stolen Devices and Terminated Employees Jailbroken Devices / Custom ROMs Malware / Trojans User Behavior with apps Promiscuous apps Phishing Sniffing / MITM Top Mobile Threats 6
  7. 7. Numerous examples where policies and controls fail to protect data • DroidDream • PDF exploits • Web site exploits • iOS Lockscreen Bypass Today’s focus: DroidDream and iOS Lockscreen Bypass Attacks Know your vulnerability risk “But We Have Policies And Controls?!” 7
  8. 8. Initially showed up in iOS 4.1 • Took approximately 1 month for an OS update to patch the vulnerability Regressed in iOS 6.1 with one bypass attack • A second bypass attack was discovered shortly after the initial attack No assurances on policies and controls for lost/stolen devices iOS Lockscreen Bypass 8
  9. 9. 9
  10. 10. Approximately 60 apps and games in the Google Play Market were pirated and had DroidDream embedded in them in 2011 These pirated/infected copies were downloaded by approx. 250,000 phones The malware looked to exploit two vulnerabilities to gain root access Upon gaining root access, the malware package downloaded and installed another malicious application from a C&C server From there, information was exfiltrated off devices DroidDream Malware: Breaking It Down 10
  11. 11. 11
  12. 12. Get visibility into all devices and users accessing corporate resources Assess the vulnerability risk these devices present • 49% of Android and 18% of iOS devices have at least one high severity vulnerability Take mitigation and remediation steps to reduce or eliminate risks to your data • Only 6% of devices with latest firmware version have a high severity vulnerability Manage Your Mobile Risks 12
  13. 13. Available for on premise Exchange and starting last week, available for Office365 Demo to follow Mobilisafe: Mobile Risk Management 13
  14. 14. Mobilisafe available for on premise Exchange and starting last week, available for Office365 Take Mobilisafe for a test drive! Try our online demo: Q&A 14
  15. 15. Thanks! Contact: