Your SlideShare is downloading. ×
0
The State of Security in The Mobile EnterpriseCesare GarlatiVP Consumerization & Mobile Security – Trend MicroCo-Chair Mob...
Cloud Security Alliance: Mobile Guidance V1                                                            Security Guidance f...
CSA Top Mobile Threats – Evil 81.   Data loss from lost, stolen or decommissioned devices.2.   Information-stealing mobile...
How Secure and Manageable?                           Raimund Genes                           Chief Technology Officer, Tre...
Security and Management Criteria
Security and Management Criteria
Security and Management Criteria
Ratings By Category                 Mobile             Technology                   Gap
Ratings By Mobile Platform               Consumer              Technology                    Gap
Mobile vulnerabilities are real      Android                                                          Apple iOS          ...
No Platform is immune: Apple iOS DetailSource: National Vulnerability Database via CVEDetails.com – as of October 4, 2012
Apple iOS Jailbreaking Trends                            June 2007       July 2008    July 2009   June 2010    Oct 2011   ...
Android is the most exploitedSource: Trend Labs, Trend Micro Inc. – as of Q2 2012
Malicious Apps on Legit Marketplace  March 2011 – 58 malicious apps (approx   250,000 victims)  May 2011 – 24 malicious ...
Android Versions Distribution                                                         73%                                 ...
Mobility is not the problem“Consumerization will bethe most significant trendaffecting IT duringthe next 10 years”GartnerN...
ConsumerizationReport©Source: Trend Micro Global Survey IT Managers, 500+ Employees, February 2012
"What mobile platforms are allowed by                "Rank security and manageability of                     your BYOD pol...
You are not ready for this • Consumer mobile   technology is invading the   enterprise and you won‟t   be able to resist i...
Thank You!                   Cesare Garlati             http://BringYourOwnIT.com
As VP of Mobile Security at Trend Micro, Cesare Garlati                                    serves as the evangelist for th...
http://consumerization.com
http://consumerization.trendmicro.com
http://BringYourOwnIT.com
http://youtube.com/user/BringYourOwnIT
Installed Base % 4Q11                                Installed Base % 2015*        60%        50%        40%        30%   ...
How To: Jailbreak iOS (5.1.1)Download LinksXxxx v2.0.4 MacOSX (10.5, 10.6, 10.7)Xxxx v2.0.4 Windows (XP/Vista/Win7)Xxxx v2...
Taller screens like Cydia too. :)                           @saurik – Jay Freeman                           Cydia: 1.5M ...
Apple iOS Jailbreaking Trends – U.S.                             June 2007      July 2008    July 2009   June 2010    Oct ...
Malicious Apps on Legit Marketplace
Android Commercial Spy Apps
3D Porsche Sports Car HD Live Wallpapers
VScan:AndroidOS_ADWLeadbolt.HRY
FBI Warns of Mobile Malware RisksSource: Federal Bureau Of Investigation – New E-Scams & Warnings – 10/12/2012
Upcoming SlideShare
Loading in...5
×

APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati

517

Published on

2 Comments
1 Like
Statistics
Notes
  • http://www.slideshare.net/SOID_ATEFORP_AIPAT/racso-40-dia-2-parte-1-a

    http://www.slideshare.net/SOID_ATEFORP_AIPAT/1-tablero-de-diseo-inteligente


    AYUDENSE POR FAVOR A DIFUNDIR LA PAGINA DE NUEVAS COSAS
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi I'm Rita
    I saw your profile, I must confess I picked interest in it and if you do not mind I'd like you to write me on this ID (rita27desmond@yahoo.co.uk) I'm waiting to read from you, because I have something very important and urgent to tell you. in my response I will send my picture, I'll be waiting for your response on this email id (rita27desmond@yahoo.co.uk) Please write me at THIS SITE, THANKS
    Lots of love
    Rita klssssssssssss
    :)______████_______ ████
    :)______█$$$█_______█$$$█
    :)____█$$$$$$$█___█$$$$$$$█
    :)___█$$$$$$$$$█_█$$$$$$$$$█
    :)___█$$$$$$$$$$$$$$$$$$$$$█
    :)____█$$$$$$$$$:)$$$$$$$$$█
    :)______█$$$$$$$$$$$$$$$
    :)________█$$$$$$$$$$$█
    :)__________█$$$$$$$█
    :)___________█$$E$$█
    :)____________█$C$█
    :)_____________█$█ :)
    ___________:)$$)$$$:)
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
517
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
2
Likes
1
Embeds 0
No embeds

No notes for slide
  • THE STATE OF SECURITY IN THE MOBILE ENTERPRISE (Presented By The Cloud Security Alliance)Join APPNATION and The Cloud Security Alliance for a two-part session on the state of security in the mobile enterprise.  To kick things off, Cesare Garlati, VP, Mobile Security at Trend Micro, will present an unfiltered look at the state of security as the enterprise mobility revolution pushes forward at a blistering pace.  Cesare will showcase, in real-time, security flaws that all business-line and I.T. managers should know about and discuss other emerging issues that are coming to the fore as the pace of mobile innovation and connectivity in a BYOD world.  Cesare’s presentation will be followed by an executive-level roundtable led by Cloud Security Alliance Executive Director, Jim Reavis, and comprised of leading enterprise security experts to discuss the remedies for short-term security gaps and flaws and explore what longer-term security issues remain on the horizon as the Consumerization and BYOD uber-trends continue to accelerate across the enterprise.PART I: YOU ARE NOT READY FOR THIS!CESARE GARLATI, VP, MOBILE SECURITY, TREND MICROPART II: LEADING MOBILE SECURTY EXECUTIVES WEIGH INSESSION LEADER: JIM REAVIS, EXECUTIVE DIRECTOR, CLOUD SECURITY ALLIANCECESARE GARLATI, VP, MOBILE SECURITY, TREND MICRODORON ROTMAN, MANAGING DIRECTOR & NATIONAL PRIVACY SECURITY LEADER, KPMGBRIAN REED, CHIEF MARKETING AND PRODUCT OFFICER, BOXTONEDENNIS DEVLIN, ASSISTANT VICE PRESIDENT, INFORMATION SECURITY &  COMPLIANCE SERVICES, GEORGE WASHINGTON UNIVERSITY
  • High level overview of the top mobile threats findings – basic discussions around these…not spending too much time.
  • As Vice President of Mobile Security at Trend Micro, Cesare Garlati serves as the evangelist for the enterprise mobility product line. Cesare is responsible for raising awareness of Trend Micro’s vision for security solutions in an increasingly consumerized IT world, as well as ensuring that customer insights are incorporated into Trend solutions. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro and WaveMarket. Prior to this, he was senior manager of product development at Oracle, where he led the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite. Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, Le Figaro, El Pais, Il Sole 24 Ore, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered presentations and highlighted speeches at many events, including the Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications and the RSA Conference. Cesare holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun. Cesare is the chair of the Consumerization Advisory Board at Trend Micro and co-chair of the CSA Mobile Working Group - Cloud Security Alliance.
  • Transcript of "APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati"

    1. 1. The State of Security in The Mobile EnterpriseCesare GarlatiVP Consumerization & Mobile Security – Trend MicroCo-Chair Mobile Group – Cloud Security AllianceAPPNATION – December, 2012
    2. 2. Cloud Security Alliance: Mobile Guidance V1 Security Guidance for Critical Areas of Mobile Computing  Mobile Computing Definition  Threats to Mobile Computing  Maturity of the Mobile Landscape  BYOD Policies  Mobile Authentication  App Stores  Mobile Device Managementhttps://cloudsecurityalliance.org/research/mobile/
    3. 3. CSA Top Mobile Threats – Evil 81. Data loss from lost, stolen or decommissioned devices.2. Information-stealing mobile malware.3. Data loss and data leakage through poorly written third-party apps.4. Vulnerabilities within devices, OS, design and third-party applications.5. Unsecured Wi-Fi, network access and rogue access points.6. Unsecured or rogue marketplaces.7. Insufficient management tools, capabilities and access to APIs.8. NFC and proximity-based hacking.
    4. 4. How Secure and Manageable? Raimund Genes Chief Technology Officer, Trend Micro http://trendmicro.com/our-contributors/raimund-genes Chris Silva Industry Analyst, Altimeter Group http://www.altimetergroup.com/about/team/chris-silva Nigel Stanley Practice Leader, Bloor Research http://www.bloorresearch.com/about/people/nigel-stanley.html Philippe Winthrop Managing Director, Enterprise Mobility Foundation http://www.enterprisemobilitymatters.com/about.htmlhttp://trendmicro.com/cloud-content/us/pdfs/business/reports/rpt_enterprise_readiness_consumerization_mobile_platforms.pdf
    5. 5. Security and Management Criteria
    6. 6. Security and Management Criteria
    7. 7. Security and Management Criteria
    8. 8. Ratings By Category Mobile Technology Gap
    9. 9. Ratings By Mobile Platform Consumer Technology Gap
    10. 10. Mobile vulnerabilities are real Android Apple iOS  CVE-2012-3979 – log_print  CVE-2012-0643 – Malicious function, allowing remote code allows remote attackers to attackers to execute arbitrary bypass sandbox restrictions and code via a crafted web page that execute arbitrary code. calls the JavaScript dump function.  CVE-2012-0646 – Format string vulnerability in VPN allows  CVE-2011-3874 – Stack- remote attackers to execute based buffer overflow in libsysutils arbitrary code via a crafted racoon allows user-assisted remote configuration file. attackers to execute arbitrary code via an application call.  CVE-2012-0642 – Integer underflow allows remote attackers  CVE-2011-4276 – Bluetooth to execute arbitrary code via a service allows remote attackers crafted catalog file in an HFS disk within range to obtain contact data image. via an AT phonebook transfer.Source: National Vulnerability Database via CVEDetails.com – as of October 4, 2012
    11. 11. No Platform is immune: Apple iOS DetailSource: National Vulnerability Database via CVEDetails.com – as of October 4, 2012
    12. 12. Apple iOS Jailbreaking Trends June 2007 July 2008 July 2009 June 2010 Oct 2011 Sept 2012 iPhone iPhone 3G iPhone 3GS iPhone 4 iPhone 4S iPhone 5Source: Google Trends – as of October 4, 2012
    13. 13. Android is the most exploitedSource: Trend Labs, Trend Micro Inc. – as of Q2 2012
    14. 14. Malicious Apps on Legit Marketplace  March 2011 – 58 malicious apps (approx 250,000 victims)  May 2011 – 24 malicious apps (up to 120,000 victims)  December 2011 – 27 malicious apps (approx 14,000 victims).  February 2012 – 37 “Fan Apps” stealing handset information and aggressive advertising  August 2012 – many, many more …
    15. 15. Android Versions Distribution 73% Fragmentation Vulnerable DevicesSource: Google http://developer.android.com/resources/dashboard/platform-versions – as of August1, 2012
    16. 16. Mobility is not the problem“Consumerization will bethe most significant trendaffecting IT duringthe next 10 years”GartnerNew technology emerges first in the consumer market and thenspreads into business organizations brought in by the employeesIT and consumer electronics converge as individuals rely on the samedevices and applications for personal use and work-related activitiesOverwhelmed by the wave of consumer technology flooding theenterprise, IT managers lose control and struggle to enforce policies
    17. 17. ConsumerizationReport©Source: Trend Micro Global Survey IT Managers, 500+ Employees, February 2012
    18. 18. "What mobile platforms are allowed by "Rank security and manageability of your BYOD policy?" each mobile operating system" BlackBerry 71% Apple iOS 20% Android 68% BlackBerry 19% Windows Ph 53% Android 18% Apple iOS 51% Windows Ph 14% Other 25% Other 15% BYOD Top 5 concerns "Has your company ever experienced a security breach as result of BYOD?" Security 64% Yes No Data Loss 59% Compliance 43% 47% 49% Personal… 41% Privacy 40% 5% Dont Know ConsumerizationReport©Source: Trend Micro Global Survey IT Managers, 500+ Employees, February 2012
    19. 19. You are not ready for this • Consumer mobile technology is invading the enterprise and you won‟t be able to resist it 1 Embrace Consumerization • Consumer technology is not as secure as Understand the risk profile manageable as required by 2 of the various platforms the enterprise Deploy new security and • No platform is immune 3 management tools from attack, although some are safer than others
    20. 20. Thank You! Cesare Garlati http://BringYourOwnIT.com
    21. 21. As VP of Mobile Security at Trend Micro, Cesare Garlati serves as the evangelist for the enterprise mobility product line. Cesare is responsible for raising awareness of Trend Micro‟s vision for security solutions in an increasingly consumerized IT world. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro Software and WaveMarket – now LocationLabs. Prior to this, he was senior manager of product development at Oracle, where he led the development ofCesare Garlati Oracle‟s first cloud application and many other modules of the Oracle E-Business Suite.Cesare Garlati | Vice PresidentConsumerization & Mobile Security Cesare holds an MBA from U.C. Berkeley, a BS inBlog: BringYourOwnIT.com Computer Science and professional certifications fromlinkedin/in/CesareGarlati Microsoft, Cisco and Sun. Cesare is Chair of Trend Microtwitter/CesareGarlatiCesare_Garlati@trendmicro.com Advisory Board for Consumerization and Mobile and Co- Chair of the CSA Mobile Working Group.Skype: Cesare.GarlatiMobile: +1 408.667.3320 Blog: http://BringYourOwnIT.com
    22. 22. http://consumerization.com
    23. 23. http://consumerization.trendmicro.com
    24. 24. http://BringYourOwnIT.com
    25. 25. http://youtube.com/user/BringYourOwnIT
    26. 26. Installed Base % 4Q11 Installed Base % 2015* 60% 50% 40% 30% 20% 10% 0% X Android iOS Win Ph RIM Symbian Other Android iOS Win Ph RIM Symbian Other 38% 17% 3% 12% 26% 3% 52% 19% 21% 6% 0% 2% 59% 92% Android and iOS will account for over 70% of smartphone sales by the end of 2012. Microsoft will rise to third place in the global OS rankings by 2013, ahead of Research In Motion. ConsumerizationReport©Source: Trend Micro internal analysis based on Gartner, Forrester and IDC market data – February, 28 2012
    27. 27. How To: Jailbreak iOS (5.1.1)Download LinksXxxx v2.0.4 MacOSX (10.5, 10.6, 10.7)Xxxx v2.0.4 Windows (XP/Vista/Win7)Xxxx v2.0.4 Linux (x86/x86_64)How To Use Xxxxx 2.0:1. Make a backup of your device in iTunes by right clicking on your device name under the „Devices‟ menu and click „Back Up‟.2. Open Xxxxx and be sure you are still connected via USB cable to your computer.3. Click „Jailbreak‟ and wait…. just be patient and do not disconnect your device.4. Once jailbroken return to iTunes and restore your backup from earlier.Xxxxx 2.0 supports the following devices on 5.1.1:iPad 1, iPad 2, iPad 3 (iPad2,4 is now supported as of Xxxxx 2.0.4)iPhone 3GS, iPhone 4, iPhone 4SiPod touch 3rd generation, iPod touch 4th generation
    28. 28. Taller screens like Cydia too. :)  @saurik – Jay Freeman  Cydia: 1.5M Apps per day  5% to 10% of Apple iOS devices  $8M rev 2011 (to developers)
    29. 29. Apple iOS Jailbreaking Trends – U.S. June 2007 July 2008 July 2009 June 2010 Oct 2011 Sept 2012 iPhone iPhone 3G iPhone 3GS iPhone 4 iPhone 4S iPhone 5Source: Google Trends – as of October 4, 2012
    30. 30. Malicious Apps on Legit Marketplace
    31. 31. Android Commercial Spy Apps
    32. 32. 3D Porsche Sports Car HD Live Wallpapers
    33. 33. VScan:AndroidOS_ADWLeadbolt.HRY
    34. 34. FBI Warns of Mobile Malware RisksSource: Federal Bureau Of Investigation – New E-Scams & Warnings – 10/12/2012
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×