SlideShare a Scribd company logo

Transforming any apps into self-defending apps

Download as PPTX, PDF
Blueboxer2014
Blueboxer2014

According to Gartner, 75 percent of mobile applications will fail basic security tests through 2015. The explosive growth of BYOA raises the question of, “Are you at risk?" Take a look at our latest webinar with Sean Frazier, senior sales engineer, to learn how to transform any mobile app into a self-defending app to best protect your enterprise from mobile threats. Download the full recording here: http://offers.bluebox.com/resource-webinar-transform-risky-mobile-apps.html

Mobile
1 of 23
Securing your data wherever it goes
Transform Any Mobile Apps into Self- Defending Apps Sean Frazier, Sr Sales Engineer sean@bluebox.com March 31, 2015
Agenda 3 Security Risks in Mobility Options for Securing Mobile Apps How to Make Your Apps Self-Defending Apps Live Demo
Security risks at every level of mobility App Level Device Level User Level
Application Level Risks 75%of mobile apps will fail basic security tests in 2015
Application Level Risks Insecure Data on device and in transit Reliance on device, OS or MDM for security Reliance on rational user behavior
Application Level Risks 75% Don’t use proper encryption when storing data on a mobile device 97% Having access to private data without appropriate security measures 75% Mobile Security breaches by 2017 will be the result of exploiting poorly developed mobile apps
Device Level Risks Change of device posture by other apps on device Uncontrolled OS versions Undue focus on jailbreaking and rooting alone – what about non- root system exploits?
Device Level Risks 52 Vulnerabilitie s patched in iOS in 2014; 40% of those were critical code exploits 24% Android devices run the latest KitKat 4.4 version Change of device posture by other apps on device
User Level Risks User Level Failure to report lost or stolen devices Mobile devices connect to more public hotspots and unknown servers than laptops Basic device- level protection like password and encryption turned off
User Level Risks User Level 34% Take no security measures at all 26 Number of apps the average mobile user has downloaded 113 Number of smart phones lost every MINUTE in the U.S.
Securing Mobile Apps Option 1: MDM 12 Enroll users to MDM Distribute MDM profile Enforce device-level passcode and encryption Distribute apps via Enterprise App Catalog Needs to be enabled for the entire device Requires profiles to be installed on device – including BYOD. Users rejecting due to privacy concerns Hard to scale for external vendors and customers Drawbacks:
Securing Mobile Apps Option 2: Containerization 13 Implemented via SDK or App Wrapping App developer involvement Covers Email, PIM and Browsers as well Substantial developer involvement required Unstable first gen technologies Non-native experience results in low user adoption Drawbacks:
Free developer time from security Focus on building business logic Developers Business Owner Accelerate Time To Market Meet ever- increasing user demand for apps Competitive Advantage Stay current with mobile threats Ensure compliance Security Mobile App Security Needs 14
What you really need 15 Easy, secure access to any app for any user on any device Containerization of any app – on demand, instantly Apps that assume they are at risk, ALWAYS, and defend accordingly Minimal management of updates across the mobile app lifecycle
Self-Defending Behavior Bluebox Self-Defending Apps Enterprise Controls • Protect commercial or custom apps in seconds • Detect and defend against mobile threats • Respond quickly to keep corporate data secure Data Wrapping Triple Layer Defense 16
1. Data Wrapping: The Unique Bluebox Approach User Data App Device Network OTHERS ▪ Data Security on Devices, Apps and Network ▪ Support for ANY 3rd party or internal apps ▪ Native app experience ▪ Clear separation of personal and corporate data Bluebox Triple Layer Defense 1. Data Wrapping 17
Bluebox Triple Layer Defense 2. Enterprise Controls ▪ Per App VPN ▪ App eventing and logging ▪ Data sharing controls ▪ Data visibility and control 18
Bluebox Triple Layer Defense 3. Dynamic App Integrity for Self-Defending Behavior 19 Beyond Jailbreak and Root Detection • Device Integrity • Detection of sandbox security tampering ▪ App tampering detection ▪ Detection of tools used to reverse engineer apps ▪ Detection of hostile device environment, debuggers, hooks ▪ Checksum violations for tampering of Bluebox wrapper ▪ App tampering deterrents ▪ Honeypots, or traps, to mislead and deceive attackers
Web-based Bluebox Admin Portal (portal.bluebox.com) Upload your App Apply Policies and Enterprise Signing Instantly Assign Users and Groups Specify 3rd Party Apps to secure How to Create Self-Defending Apps with Bluebox 20
Summary 21 Assume that your apps are perpetually at risk at all layers – Device, App and User Get beyond jailbreak and rooted detection! Make your apps self-defending Focus on the user – allow easy access to your apps on any device Fortify your Apps – don’t just manage them
Bluebox User Enrollment Proprietary and Confidential 22 ▪ Easy 3-step process via Bluebox App ▪ SAML 2.0, OAuth 2 (using Google as provider) and ActiveSync supported for user auth ▪ Elegantly off-board users via SAML and SCIM
Transforming any apps into self-defending apps

Recommended

Uncover threats and protect your organization
Uncover threats and protect your organizationUncover threats and protect your organization
Uncover threats and protect your organizationRapidSSLOnline.com
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Your Data Is Under Siege: Fortify Your Endpoints
Your Data Is Under Siege: Fortify Your EndpointsYour Data Is Under Siege: Fortify Your Endpoints
Your Data Is Under Siege: Fortify Your EndpointsInsight
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 

Recommended

Uncover threats and protect your organization
Uncover threats and protect your organizationUncover threats and protect your organization
Uncover threats and protect your organizationRapidSSLOnline.com
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Your Data Is Under Siege: Fortify Your Endpoints
Your Data Is Under Siege: Fortify Your EndpointsYour Data Is Under Siege: Fortify Your Endpoints
Your Data Is Under Siege: Fortify Your EndpointsInsight
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systemsDivya Raval
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityKevin Lee
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Arnold Bijlsma
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirateswebnowires
 
Mobile security by Tajwar khan
Mobile security by Tajwar khanMobile security by Tajwar khan
Mobile security by Tajwar khanTajwar khan
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)Lacoon Mobile Security
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseLumension
 
Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsSkycure
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityZimperium
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityMuthu Kumar
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
CSS Trivia
CSS TriviaCSS Trivia
CSS TriviaAlert Logic
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsBlueboxer2014
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityRapidSSLOnline.com
 

More Related Content

What's hot

Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systemsDivya Raval
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityKevin Lee
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
 
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Arnold Bijlsma
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirateswebnowires
 
Mobile security by Tajwar khan
Mobile security by Tajwar khanMobile security by Tajwar khan
Mobile security by Tajwar khanTajwar khan
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)Lacoon Mobile Security
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseLumension
 
Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsSkycure
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityZimperium
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityMuthu Kumar
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 

What's hot (20)

Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMM
 
Mobile security
Mobile securityMobile security
Mobile security
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systems
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkits
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
 
Mobile security
Mobile securityMobile security
Mobile security
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirates
 
Mobile security by Tajwar khan
Mobile security by Tajwar khanMobile security by Tajwar khan
Mobile security by Tajwar khan
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 Predictions
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
CSS Trivia
CSS TriviaCSS Trivia
CSS Trivia
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber Attacks
 

Similar to Transforming any apps into self-defending apps

Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsBlueboxer2014
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityRapidSSLOnline.com
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
PRIV Security: How BlackBerry PRIV Safeguards Your Data
PRIV Security: How BlackBerry PRIV Safeguards Your DataPRIV Security: How BlackBerry PRIV Safeguards Your Data
PRIV Security: How BlackBerry PRIV Safeguards Your DataBlackBerry
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protectionxband
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsBitglass
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTechWell
 
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...IBM Security
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityLenin Aboagye
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat PreventionMarketingArrowECS_CZ
 

Similar to Transforming any apps into self-defending apps (20)

Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise Mobility
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
PRIV Security: How BlackBerry PRIV Safeguards Your Data
PRIV Security: How BlackBerry PRIV Safeguards Your DataPRIV Security: How BlackBerry PRIV Safeguards Your Data
PRIV Security: How BlackBerry PRIV Safeguards Your Data
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protection
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
 
Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security Threats
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
 
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Chris D'Aguanno
Chris D'AguannoChris D'Aguanno
Chris D'Aguanno
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
 

Transforming any apps into self-defending apps

  • 1. Securing your data wherever it goes
  • 2. Transform Any Mobile Apps into Self- Defending Apps Sean Frazier, Sr Sales Engineer sean@bluebox.com March 31, 2015
  • 3. Agenda 3 Security Risks in Mobility Options for Securing Mobile Apps How to Make Your Apps Self-Defending Apps Live Demo
  • 4. Security risks at every level of mobility App Level Device Level User Level
  • 5. Application Level Risks 75%of mobile apps will fail basic security tests in 2015
  • 6. Application Level Risks Insecure Data on device and in transit Reliance on device, OS or MDM for security Reliance on rational user behavior
  • 7. Application Level Risks 75% Don’t use proper encryption when storing data on a mobile device 97% Having access to private data without appropriate security measures 75% Mobile Security breaches by 2017 will be the result of exploiting poorly developed mobile apps
  • 8. Device Level Risks Change of device posture by other apps on device Uncontrolled OS versions Undue focus on jailbreaking and rooting alone – what about non- root system exploits?
  • 9. Device Level Risks 52 Vulnerabilitie s patched in iOS in 2014; 40% of those were critical code exploits 24% Android devices run the latest KitKat 4.4 version Change of device posture by other apps on device
  • 10. User Level Risks User Level Failure to report lost or stolen devices Mobile devices connect to more public hotspots and unknown servers than laptops Basic device- level protection like password and encryption turned off
  • 11. User Level Risks User Level 34% Take no security measures at all 26 Number of apps the average mobile user has downloaded 113 Number of smart phones lost every MINUTE in the U.S.
  • 12. Securing Mobile Apps Option 1: MDM 12 Enroll users to MDM Distribute MDM profile Enforce device-level passcode and encryption Distribute apps via Enterprise App Catalog Needs to be enabled for the entire device Requires profiles to be installed on device – including BYOD. Users rejecting due to privacy concerns Hard to scale for external vendors and customers Drawbacks:
  • 13. Securing Mobile Apps Option 2: Containerization 13 Implemented via SDK or App Wrapping App developer involvement Covers Email, PIM and Browsers as well Substantial developer involvement required Unstable first gen technologies Non-native experience results in low user adoption Drawbacks:
  • 14. Free developer time from security Focus on building business logic Developers Business Owner Accelerate Time To Market Meet ever- increasing user demand for apps Competitive Advantage Stay current with mobile threats Ensure compliance Security Mobile App Security Needs 14
  • 15. What you really need 15 Easy, secure access to any app for any user on any device Containerization of any app – on demand, instantly Apps that assume they are at risk, ALWAYS, and defend accordingly Minimal management of updates across the mobile app lifecycle
  • 16. Self-Defending Behavior Bluebox Self-Defending Apps Enterprise Controls • Protect commercial or custom apps in seconds • Detect and defend against mobile threats • Respond quickly to keep corporate data secure Data Wrapping Triple Layer Defense 16
  • 17. 1. Data Wrapping: The Unique Bluebox Approach User Data App Device Network OTHERS ▪ Data Security on Devices, Apps and Network ▪ Support for ANY 3rd party or internal apps ▪ Native app experience ▪ Clear separation of personal and corporate data Bluebox Triple Layer Defense 1. Data Wrapping 17
  • 18. Bluebox Triple Layer Defense 2. Enterprise Controls ▪ Per App VPN ▪ App eventing and logging ▪ Data sharing controls ▪ Data visibility and control 18
  • 19. Bluebox Triple Layer Defense 3. Dynamic App Integrity for Self-Defending Behavior 19 Beyond Jailbreak and Root Detection • Device Integrity • Detection of sandbox security tampering ▪ App tampering detection ▪ Detection of tools used to reverse engineer apps ▪ Detection of hostile device environment, debuggers, hooks ▪ Checksum violations for tampering of Bluebox wrapper ▪ App tampering deterrents ▪ Honeypots, or traps, to mislead and deceive attackers
  • 20. Web-based Bluebox Admin Portal (portal.bluebox.com) Upload your App Apply Policies and Enterprise Signing Instantly Assign Users and Groups Specify 3rd Party Apps to secure How to Create Self-Defending Apps with Bluebox 20
  • 21. Summary 21 Assume that your apps are perpetually at risk at all layers – Device, App and User Get beyond jailbreak and rooted detection! Make your apps self-defending Focus on the user – allow easy access to your apps on any device Fortify your Apps – don’t just manage them
  • 22. Bluebox User Enrollment Proprietary and Confidential 22 ▪ Easy 3-step process via Bluebox App ▪ SAML 2.0, OAuth 2 (using Google as provider) and ActiveSync supported for user auth ▪ Elegantly off-board users via SAML and SCIM

Editor's Notes

  1. This problem is why every CIO and CISO that we spoke to about mobile security challenges said it’s not about securing the device anymore its about securing the data. They want the ability to gain visibility of where/what type of data goes on/off these devices and control and secure it. And these controls can’t be at the expense of today’s empowered employee who wants freedom to choose the apps they prefer while keeping a native device experience and ensuring privacy. Solving both the enterprise and employee requirements are critical. Otherwise employees will just go around the system putting your data at risk. As one of our customers put it – I’m looking for the security of a container but the native experience of an MDM.
  2. Unlike others who started at the device – we started from the other side and focused on the user and data which is the most important