Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Check Point Mobile Threat Prevention

857 views

Published on

Virtualization Forum 2016
Praha, 11.10.2016
sál Check Point

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Check Point Mobile Threat Prevention

  1. 1. ©2015 Check Point Software Technologies Ltd. 1©2015 Check Point Software Technologies Ltd. CHECK POINT MOBILE THREAT PREVENTION Peter Kovalcik| Security Engineer
  2. 2. ©2015 Check Point Software Technologies Ltd. 2 Taking Mobile Security Beyond Mobile Threat Prevention Mobile Threat Prevention Threat Prevention for mobile devices Capsule Cloud Protect laptops when off the business network Capsule Workspace & Docs Protect business data on mobile devices Target solutions for mobile use-cases
  3. 3. ©2015 Check Point Software Technologies Ltd. 3 MOBILE THREATS are ESCALATING in frequency and sophistication 1Source: Kindsight Security Labs Malware Report 2014 2Source: Kaspersky IT Threat Evolution Q1 2015 Report 3Source: Check Point Targeted Attacks on Enterprise Mobile In the Enterprise: 50% chance you having 6 or more mobile targeted attacks3 Sophistication of mobile threats on the rise: Ransomware, Masque Attack, Wirelurker, Heartbleed, mRAT and more 3.3x new malicious mobile programs were detected in Q1 2015 than it did over the previous quarter. 15 million mobile devices infected with Malware1
  4. 4. ©2015 Check Point Software Technologies Ltd. 4 MOBILE THREATS are ESCALATING in frequency and sophistication Certifi-gate: Multiple vulnerabilities in pre- loaded 3rd party mRST’s Stagefright: Android (Pre 4.1) vulnerability that can be exploited via MMS messages Masque Attacks on IOS: Hacking team uses 11 popular apps such as Facebook, Twitter, Skype, and WhatsApp as trojans to leak info What’s next?
  5. 5. ©2015 Check Point Software Technologies Ltd. 5 WHAT IS STAGEFRIGHT?
  6. 6. ©2015 Check Point Software Technologies Ltd. 6 HOW DEUTSCHE TELEKOM REACTED
  7. 7. ©2015 Check Point Software Technologies Ltd. 7 WHAT IS CERTIFIGATE?
  8. 8. ©2015 Check Point Software Technologies Ltd. 9​ A malicious app can fool plugin authentication, allowing attackers to replicate device screens and to simulate user clicks, giving them full device control. HOW IS IT EXPOSED?
  9. 9. ©2015 Check Point Software Technologies Ltd. 10 WHO’S AT RISK? Pre-loaded plugins are found on Android devices manufactured by LG, Samsung, HTC and ZTE. Plugins can’t be stopped, can’t be removed, and can only be updated when new system software is pushed to a device.
  10. 10. ©2015 Check Point Software Technologies Ltd. 11 THE HIGHLIGHTS 100,000 Scan Downloads 30,000 Anonymous Scan Submissions • An instance of Certifi-gate was found running in the wild in an app on Google Play (Google has now removed it) • At least 3 devices sending anonymous scan results were actively being exploited • 15% of devices anonymously reported having a vulnerable plugin installed • Devices made by LG were the most vulnerable followed by Samsung and HTC Certifi-Gate Scanner App Results
  11. 11. ©2015 Check Point Software Technologies Ltd. 12 WHAT WE DON’T CONTROL? How to protect against
  12. 12. ©2015 Check Point Software Technologies Ltd. 13 Mix of personal and business data Can’t control individuals’ behavior No protection from zero day or advanced threats MOBILE DEVICES Are difficult to control
  13. 13. ©2015 Check Point Software Technologies Ltd. 14  Focused on device management  Provide only protection for known threats or app reputation  Limited protection from secure wrappers and containers Today’s solutions leave SECURITY GAPS
  14. 14. ©2015 Check Point Software Technologies Ltd. 15 Static Policy Enforcement Data Leakage Prevention Unknown, Targeted & 0day Cyber Threats Protection Against Known Threats Mobile Device Management Advanced Threat Detection & Mitigation Secure Containers and Wrappers Anti-Virus, Anti-Bot, App Reputation HOW TO PROTECT?
  15. 15. ©2015 Check Point Software Technologies Ltd. 18 Innovation Drives Industry’s Highest Mobile Threat Catch Rate Advanced App Analysis Sandboxing (Emulation) Advanced Static Code Analysis Uncovers new malware and targeted exploits Network Wi-Fi Man-in-the-Middle (MitM) attacks Host Threat Analysis Malicious Configurations Exploits and file system manipulation Threat Framework Multi-dimensional Risk/Trust assessments Accurate risk classifications to effectively mitigate risk
  16. 16. ©2015 Check Point Software Technologies Ltd. 19 HOW IT WORKS CLOUD-BASED RISK ASSESSMENT, THREAT DETECTION AND MITIGATION Agent runs in the background on device, sending risk data to Check Point Mobile Threat Prevention MTP analyzes device, apps and networks to detect attacks 3 MTP assigns a real-time risk score, identifying the threat level. 4 • On Device Remediation Immediately Sent to User • Risk-based Network Protection Real-time visibility; MDM, SIEM & NAC integration 2 … 1
  17. 17. ©2015 Check Point Software Technologies Ltd. 21 USER EXPERIENCE Preserves user device experience, battery life, privacy Easily push lightweight agent to users through your MDM TRANSPARENT
  18. 18. ©2015 Check Point Software Technologies Ltd. 22 IDENTIFICATION
  19. 19. ©2015 Check Point Software Technologies Ltd. 24 Addressing the Mobile Security Challenge Capability MDM Secure Container MAM App Rep Anti-Virus Check Point MTP Validate App Certificates Detect Jailbroken Devices Identify Suspicious App Behavior Correlate Device, App, & Network Activity Capabilities Needed to Protect Mobile Devices from Advanced Threats
  20. 20. ©2015 Check Point Software Technologies Ltd. 25 Key Feature Comparison Network Vendors CheckPoint FireEye Lookout Zimperium Skycure PaloAlto Networks Detect unknown malicious apps 1 2 Detect changes to OS & device exploits 3 3 4 4 Detect connections to malicious networks (MiTM) Full device Risk Assessment (Correlate Device, App and Network Activity) 5 5 6 7 Adaptive Mitigation & remediation 8 8 8 Cloud Based Mobile Threat Presentation 9 Secure Container for mobile devices 10 10 10 10 10 Summary A complete Mobile Threat Prevention Solution 1) Behavioral Analysis only 2) Android apps only 3) root/jailbroken device 4) Device monitoring How to Compete Against... FireEye • Focus only on Applications – The solution cannot prevent other attack vectors such as network and mobile OS exploits , leaving the device exposed to vulnerabilities • No proactive protection – The solution requires 3rd party solution (MDM) in order to mitigate threats on already infected devices at an extra cost Lookout • Focus only on Applications – The Solution cannot prevent other attack vectors such as network and mobile OS exploits, leaving the device exposed to vulnerabilities • No proactive protection – The solution requires 3rd party solution (MDM) in order to mitigate threats on already infected devices at an extra cost • Limited integration with enterprise MDM’s (only MobileIron & Airwatch) Zimperium • Limited detection methods – the solution uses only behavioral analysis to detect malicious activity on the device, leaving it exposed to more sophisticated attack vectors • No proactive protection – The solution requires 3rd party solution (MDM) in order to mitigate threats on already infected devices at an extra cost • Limited integration with enterprise MDM’s (only MobileIron & Airwatch) Skycure • Partial Protection – the solution focus is on network exploits (MiTM) with weak protection against other attack vectors such as malicious applications and OS exploits which leaves the device exposed to vulnerabilities Palo Alto Networks • On-premise solution only – All mobile traffic must be backhauled to on premise PAN hardware (Management and Gateway at an extra cost) . Redirection of mobile traffic can cause bandwidth and latency issues for mobile traffic • Partial protection – Palo Alto Wildfire can analyze only android applications. It has limited ability to protect against iOS based attacks and exploits 5) Only apps 6) Network & apps 7) HIP only 8) Requires MDM 9) w/ On-premise appliance 10) Via 3rd party MDM Competition– Check Point Mobile Threat Prevention
  21. 21. ©2015 Check Point Software Technologies Ltd. 26©2015 Check Point Software Technologies Ltd. THANK YOU

×