The enemy in your pocket

591 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
591
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • When preparing my presentation I read a lot of materials to see what was this BYOD thing, and this is what I got
  • Let´s start analyzing the terms and trying to find out what we exactly mean and what the problem is.To start with, you don´t want me to bring my devices to the office? Or to use them in the company´s network? Or to use them at all?And what devices are we talking about? Is just the device the problem? Is ok to use the coorporate phone and then to use Facebook?I know that this is a bit vague but so it is the problem. Let´s get to business.
  • What are weafraidthathappenswhenwebringourowndevices?Problem 1: youbringsomedevice and everybodygetsinfected
  • Thisis averylikelyscenario, rememberconficker? However, whatdevices are involvedhere?Nothing new here. Isreallyallthis new fancyfuzz-word BYOD so fashionablethesedaysjustbecausepeopleisbringing laptops and USBstowork?Yes there are someconcerns: USBs and otherdeviceshave OS, howtoupdatethem? Whoisresponsible?Wehavebeenprovidingsolutionsforthesesinceyearsago! Antivirus, policies, IDS, IPS, allthis has beenaroundforyears!
  • Basicallytosomeonegettingintoourorganization and stealingoursecrets, toour data.Ifwebring a wormintoourorganization, likeconficker, wemaybringitdownfor a fewhours: thisisverybad.Ifwebring a backdoor and theygetoursecrets: wemay lose ourresearch, strategies, products, publicimage … we can lose everything.
  • Coca-Cola Co. infiltrated in 2009 by hackers seekingdocson a pendingacquisition; dealfallsapartthreedayslater
  • Smartphones and tablets
  • Surethey are! Don´twanttoscarewithtypicalmobilestuff, just a simple examples. We are notyet in thebig spread (althoughlastyearwesawsomeexamplesthankstogoogle).Enrollarse un poco con el tema de malware para mobile, casos el año pasado en el googleplayetcDevicesmay be the bridge fortheseattacks, butunlikelyto be themaindoortothem. Stillspearphishingisthemainmethodused.So again, whyweworryaboutthem?
  • Wouldyoucarry a tracking device?Smartphones are the new mine of goldforspies & attackers: tracking, conversations, camera, micro, email, contacts, gps, etc
  • Big data-gatherers and small spies.What do you think are all 0day researchers trying to exploit?
  • Contar la historia del FinSpy.What do you think are all 0day researchers trying to exploit?
  • Whatsecuritymeasuresyouhave in yourmobile? Howeasyitistogetitwhileyouhave a coffee and installwhatever so I get control of thedevice
  • Sysadmin now have devices difficult for them to control in their networks. And all the CEOs are around worrying on how people can now steal everything because they bring their smartphones
  • Isthat a new thing? Isthatbecause of themobilething? BradleyManningdidthebiggest data leakknownto date with a Lady Gaga CD in hishands
  • I have some really boring figures for you!
  • Evolution of socialengineeringlately – ontherise, as well as remotehacks of allkind, no more stolen laptops
  • Twopoints of interestwhere social engineering and/orinstallation of malware on targets mayhad lead tocompromisethevictim´snetwork
  • Oneyearago I wastalkingabouttheconsumerization of mobiledevices, how using personal and work life together brings trouble.Comment about information gathering and facebook reverse lookup for mobile numbers, even for private numbers – feature deactivated today.
  • Theproblemhereisnotthedevice,buthowwe use new technologies and tools, howwechangeourlives, and howweinadvertidly can putouremployee in danger.And as such, attackers try allkind of trickstogettheirwaytowhatthey look after. Mobile isnotthe real problemhere, justanothertoolthey can use
  • Mr. Barksdale shows how people is people, leaks exist.The same on a enterprise level: do we know who else Google provide access to our data?
  • Information divided in levels, only access depending on a risk score, depends on who, where and how
  • The enemy in your pocket

    1. 1. The enemy in your pocket Securing smartphones in the enterprise Vicente Diaz, Senior Security Analyst, GReAT Gartner Symposium/ITxpo 2012, BarcelonaPAGE 1 |
    2. 2. BYOD will come regardless you have a policy or not Human behavior has shifted, BYOD is a response to that My CEO heard we can save money through BYODPAGE 2 |
    3. 3. 1. The problemPAGE 3 |
    4. 4. BYOD reanalyzed Where? What devices?PAGE 4 | 1 2
    5. 5. What´s the problem? Problem 1: InfectionPAGE 5 | 1 2
    6. 6. Can this happen?PAGE 6 | 1 2
    7. 7. What are we really afraid of?PAGE 7 | 1 2
    8. 8. Bad PR is worse than bad ITPAGE 8 | 1 2
    9. 9. What´s new then?PAGE 9 | 1 2
    10. 10. Are they vulnerable? Highlights from 2012: NFC Vulnerability by Charlie Miller iPhone 4S and Samsung Galaxy S3 ownedPAGE 10 | 1 2
    11. 11. Do you like chocolates?PAGE 11 | 1 2
    12. 12. Who else wants to spy on you?PAGE 12 | 1 2
    13. 13. FinSpyPAGE 13 | 1 2
    14. 14. Protection Sure, I have swipe gesture passwordPAGE 14 | 1 2
    15. 15. PAGE 15 | 1 2
    16. 16. BYOD ≠ Data LeakPAGE 16 | 1 2
    17. 17. 2. PerspectivePAGE 17 | 1 2
    18. 18. PerspectivePAGE 18 | 1 2
    19. 19. PerspectivePAGE 19 | 1 2
    20. 20. PerspectivePAGE 20 | 1 2
    21. 21. Abusing Consumerization - Mobile devices Are they dangerous? It depends on what you do with it! Facebook Twitter Gmail Corporate e-mail Reading corporate documents Writing confidential e-mails?PAGE 21 | 1 2
    22. 22. Where is the data?PAGE 22 | 1 2
    23. 23. DemoPAGE 23 | 1 2
    24. 24. Using the cloudPAGE 24 | 1 2
    25. 25. Some toolsPAGE 25 | 1 2
    26. 26. 3. What now?PAGE 26 | 1 2
    27. 27. Kim StevensonPAGE 27 | 1 2
    28. 28. Reality for most companies is differentPAGE 28 | 1 2
    29. 29. Reality for most companies is differentPAGE 29 | 1 2
    30. 30. Conclusions BYOD: Myth vs Reality Policies are necessary, but they are not enough Is the problem in the device or in educating users? Who is responsible for the security of the device? We all love chocolates!PAGE 30 | 1 2
    31. 31. Thank You Questions? Vicente Diaz, Senior Security Researcher, Global Research and Analysis Team @trompi vicente.diaz@kaspersky.comPAGE 31 |

    ×