Webinar: A Three-Pronged Approach to
Mobile Security
• View Webinar Archive: http://go.mojave.net/webinar-3pronged-
mobile-security
• Learn more about Mojave Networks: http://...
Primer on Mobile Security
Tyler Shields, Forrester Research
3
Making Leaders Successful
Every Day
Mobile Security Trends
Security Requires More Than Just MDM!
Tyler Shields
Senior Analyst, Mobile and Application Security...
© 2014 Forrester Research, Inc. Reproduction Prohibited 6
What doyour USERSwant!
Anywhere Access No Roadblocks Any Device ...
© 2014 Forrester Research, Inc. Reproduction Prohibited 7
What willthey DO to get it!
16%
22%
35%
42%
Installed unsupporte...
© 2014 Forrester Research, Inc. Reproduction Prohibited 8
• What mobile device managementoptions are there? Vendor selecti...
© 2014 Forrester Research, Inc. Reproduction Prohibited 9
What SHOULD theENTERPRISEbe asking?
• What level of security do ...
© 2014 Forrester Research, Inc. Reproduction Prohibited 10
10
22%
20%
14%
26%
26%
27%
26%
22%
48%
48%
46%
45%
45%
38%
42%
...
© 2014 Forrester Research, Inc. Reproduction Prohibited 11
44%
29%
59%
64%
33%
45%
The number of different platforms/opera...
© 2014 Forrester Research, Inc. Reproduction Prohibited 12
AreYouOverwhelmedYet?!
• Mobile Device Management
• Enterprise ...
© 2014 Forrester Research, Inc. Reproduction Prohibited 13
Mobile
Device
Management
Containerization
Virtualization
Applic...
© 2014 Forrester Research, Inc. Reproduction Prohibited 14
TechnologiesBy Layer
The Mobile Security Stack
The Future State of Mobile!
© 2014 Forrester Research, Inc. Reproduction Prohibited 16
Impact of User / Admin Experience on Technology Success
Minimal...
© 2014 Forrester Research, Inc. Reproduction Prohibited 17
Impact of User / Admin Experience on Technology Success
Minimal...
© 2014 Forrester Research, Inc. Reproduction Prohibited 18
Device Management
2012
2012 andBEFORE
Mobile Device ManagementM...
© 2014 Forrester Research, Inc. Reproduction Prohibited 19
Secure Network
Gateway
2013
Device Management
2012
2013
Applica...
© 2014 Forrester Research, Inc. Reproduction Prohibited 20
Secure Network
Gateway
2013
Device Management
2012
2014
Applica...
© 2014 Forrester Research, Inc. Reproduction Prohibited 21
Secure Network
Gateway
2013
Device Management
2012
2015 and BEY...
© 2014 Forrester Research, Inc. Reproduction Prohibited 22
TheNextWaveofAwesome –TechsThatQuantifyRisk
Up andComingTechnol...
© 2014 Forrester Research, Inc. Reproduction Prohibited 23
What ItMeans- Enterprises
$
Find roadmaps that go
beyond point ...
© 2014 Forrester Research, Inc. Reproduction Prohibited 24
Nobody Ever Got FiredFor Buying…
TechnologyLeading Products
Webinar: A Three-Pronged Approach to
Mobile Security
• Mobile Risks
• Pillars of Mobile Security
• Device
• Apps
• Network
• Analytics
• Background
• Ask our Experts: Q&A
Agen...
27
Understanding Mobile Risk
Why is Knowing Your Mobile Risk Important?
28
• Protecting company data
• Safeguarding other enterprise infrastructure
• I...
Quantifying Mobile Risk
29
• Employee Data Access
• Installed Apps
• User / Device Behavior
• Non-mobile Events
Understanding Mobile Risk is Imperative
Source: Verizon 2014 Data Breach Investigations Report
Number of breaches per cate...
31
Pillars of Mobile Security
Mobile Security
Network AnalyticsApplicationsDevice
Four Pillars of Mobile Security to Reduce Risk
• MDM
• Password policies
• Containers
Typical Device Level Security
33
Typical Application Level Security
34
• App catalog
• White / Black List
• App wrapping
Typical Network Level Security
PC’s Traditionally
Protected
Mobile is Completely
Unprotected
Typical Mobile Analytics Available to other Platforms
37
How Does Mojave Manage the Pillars?
Health
Evaluate apps,
processes, diagnostics,
and behavior to assess
risk
Native Experience
No wrapping or containers to
i...
39
Monitoring Device Health
• Over 50 data points
collected daily
• Monitor for critical
changes in device
health
• Feeds ...
Results
1. More visibility
2. Better DLP
3. Block threats
Analysis
1. Static & dynamic
2. Enterprise risk
3. Protocol iden...
Gain Visibility into App Risk
41
App Data
All Data
Globally Distributed Network Optimized for Mobile
42
Gain Visibility into Data Flow
43
Network threats blocked per device
10 per month
120 per year
44** Based on Mojave Networks aggregate customer usage data
• Tie mobile events to broader
user profile
• Leverage existing security
tools
• See activity that has never
been availabl...
Mojave Connect Real-time API
Common Syslog formats
Better Correlate Mobile Events with Other Enterprise Data
Real-time API...
Visibility Security
Effortless & Seamless
Mojave Networks Delivers
47
Control
• MDM solutions only protect from a small subset of mobile risks
• 4 pillars necessary to provide true mobile security
• M...
49
About Mojave Networks
Mojave Networks Background
• Founded in 2011 and based in Silicon Valley
• Lead investment from Bessemer Venture Partners ...
51
Questions & Answers
Upcoming SlideShare
Loading in …5
×

Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security

612 views

Published on

Mobile devices are always on the move, switching from network to network and place to place constantly. The best way to keep your company's information safe is through a unified approach securing at the device, app and network levels.

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Just in case anyone needs to fill out a The Common Application AP-1, I found a blank fillable form here:application 1st year. I also saw some decent tutorials on how to fill it out.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
612
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
9
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide
  • A series of questions and answers.
  • Frustrated IT people
  • This is information technology (IT)
    The old way
    How you can be a blocker
  • This is Business Technology (BT)
  • - security only as good as weakest link
    - matching a solution to the type of risk/problem you have
  • Transition: Important to quantify now as risks are increasing quickly
  • Story for this one: Syrian electronic army
  • Nice diagram of app protection, network, device, and tying back into corporate network, getting the analytics off of it (auth?)
  • Mobile network activity a BLIND SPOT
  • Tyler says “No roadblocks” and user experience really important
  • I think keeping a consistent placement of image (right) and text alignment (left) on each screen gives the deck order and orients the eye through the flow.
  • I’d talk through our infrastructure here wit the history
  • Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security

    1. 1. Webinar: A Three-Pronged Approach to Mobile Security
    2. 2. • View Webinar Archive: http://go.mojave.net/webinar-3pronged- mobile-security • Learn more about Mojave Networks: http://www.mojave.net Information
    3. 3. Primer on Mobile Security Tyler Shields, Forrester Research 3
    4. 4. Making Leaders Successful Every Day
    5. 5. Mobile Security Trends Security Requires More Than Just MDM! Tyler Shields Senior Analyst, Mobile and Application Security June XX, 2014
    6. 6. © 2014 Forrester Research, Inc. Reproduction Prohibited 6 What doyour USERSwant! Anywhere Access No Roadblocks Any Device All Data
    7. 7. © 2014 Forrester Research, Inc. Reproduction Prohibited 7 What willthey DO to get it! 16% 22% 35% 42% Installed unsupportedsoftware that will help me do my job Use awebsiteor Internet-based servicethat my company doesn’t support to help me do myjob Bought somethingwith my own money to help me do myjob Use my ownpersonal computer or smartphoneto help me do myjob SHADOW IT BYOD
    8. 8. © 2014 Forrester Research, Inc. Reproduction Prohibited 8 • What mobile device managementoptions are there? Vendor selection? • How do I get off of Blackberry? Should I get off of Blackberry? • We don’t think MDM is quite enough. Which technologies do I need to secure my environment? • How do I apply application security and managementto my mobile strategy? • What should I do to secure the content that is on my mobile devices? What isthe ENTERPRISEasking?
    9. 9. © 2014 Forrester Research, Inc. Reproduction Prohibited 9 What SHOULD theENTERPRISEbe asking? • What level of security do I need to offset my mobile risk? • What combination of technologies can help me meet my business goals? • Where is the real risk in mobile? • How can I securely enable my users to get their jobs DONE!
    10. 10. © 2014 Forrester Research, Inc. Reproduction Prohibited 10 10 22% 20% 14% 26% 26% 27% 26% 22% 48% 48% 46% 45% 45% 38% 42% 45% 24% 23% 36% 18% 19% 17% 16% 26% Support a wider variety of mobile devices and platforms (e.g., tablets, iOS, Android) Improve or modernize our mobile app(s) to deliver more information or transaction support Update our security technologies and processes to better support mobile interactions Re-architect traditional or back-end apps to make it easier to interface with and support mobile front-end apps Re-architect our middleware to better support mobile front-end applications Expand machine-to-machine (M2M) or 'Internet of things' initiatives Create a set of standard APIs or services that allow mobile app developers to more easily access functions from transactional business applications Expand or enhance data center infrastructure to handle increasing volume of customers' mobile interactions Low priority High priority Critical priority “How important is each of the following initiatives in your firm's mobility strategy for supporting your customers over the next 12 months?” Base: 891 North American and European enterprise network and telecommunications decision-makers Source: Forrsights Mobility Survey, Q2 2013 82%
    11. 11. © 2014 Forrester Research, Inc. Reproduction Prohibited 11 44% 29% 59% 64% 33% 45% The number of different platforms/operating systems Rate of releases of the different operating systems/platforms Providing device security Securing the apps and data Complying with regulatory requirements Managing devices that are used for both personal and corporate apps “What challenges, if any, does your firm face when managing smartphone/tablet applications and devices?” Source: Forrsights Mobility Survey, Q2 2013 Base: 891 North American and European enterprise network and telecommunications decision-makers
    12. 12. © 2014 Forrester Research, Inc. Reproduction Prohibited 12 AreYouOverwhelmedYet?! • Mobile Device Management • Enterprise Mobile Management • Mobile Application Management • Mobile Security Platform • Application Wrapping SDK • Mobile Static Analysis Competing Visions and Solutions • Application Wrapping • Secure Network Gateways • Machine Learning • Mobile Behavioral Analysis • RBMM Emerging Technologies
    13. 13. © 2014 Forrester Research, Inc. Reproduction Prohibited 13 Mobile Device Management Containerization Virtualization Application Hardening Application Wrapping Anti-Malware App Reputation Mobile Authentication Device Reputation Mobile DLP Mobile Endpoint Security Static Code Analysis Secure Mobile Content Sharing Secure Mobile Network Gateways 1. Application hardening 2. Application wrapping 3. Containerization 4. Mobile anti-malware 5. Mobile application reputation services 6. Mobile authentication solutions 7. Mobile device management 8. Mobile device reputation services 9. Mobile DLP 10. Mobile end point security 11. Mobile static code analysis 12. Mobile virtualization 13. Secure mobile content sharing 14. Secure mobile network gateways Mobile Security Technologies
    14. 14. © 2014 Forrester Research, Inc. Reproduction Prohibited 14 TechnologiesBy Layer The Mobile Security Stack
    15. 15. The Future State of Mobile!
    16. 16. © 2014 Forrester Research, Inc. Reproduction Prohibited 16 Impact of User / Admin Experience on Technology Success Minimal B-Value Add Moderate B-Value Add Significant B-Value Add Anti-malware Mobile Device Reputation Mobile Content Sharing Virtualization Mobile DLP Mobile Device Management App Hardening Mobile Application Reputation Secure Mobile Network Gateway Application Wrapping Mobile Authentication Mobile Static Code Analysis Containerization Good Experience Moderate Experience Bad Experience Unknown
    17. 17. © 2014 Forrester Research, Inc. Reproduction Prohibited 17 Impact of User / Admin Experience on Technology Success Minimal B-Value Add Moderate B-Value Add Significant B-Value Add Anti-malware Mobile Device Reputation Mobile Content Sharing Virtualization Mobile DLP Mobile Device Management App Hardening Mobile Application Reputation Secure Mobile Network Gateway Containerization Mobile Authentication Application Wrapping Mobile Static Code Analysis Good Experience Moderate Experience Bad Experience Unknown
    18. 18. © 2014 Forrester Research, Inc. Reproduction Prohibited 18 Device Management 2012 2012 andBEFORE Mobile Device ManagementMobile device management (MDM) solutions use platform API hooks to impose control onto smartphones and tablets. This technology allows support for multiple platforms and form factors, extends management and security policies to both corporate-liable and employee-owned devices, and automates service desk support.
    19. 19. © 2014 Forrester Research, Inc. Reproduction Prohibited 19 Secure Network Gateway 2013 Device Management 2012 2013 Application Wrapping 2013 Secure Mobile Content Sharing 2013 Isolated TechnologiesApplication wrapping and secure network gateway technologies gain traction. Secure mobile content sharing becomes an easy plug and play for vendor offerings. Price drops rapidly as base MDM becomes commoditized.
    20. 20. © 2014 Forrester Research, Inc. Reproduction Prohibited 20 Secure Network Gateway 2013 Device Management 2012 2014 Application Wrapping 2013 Secure Mobile Content Sharing 2013 Enterprise Mobile Management 2014 * Enterprise Mobile ManagementA new offering is born. EMM is the new buzz. Isolated technologies sold in a single platform offering.. The same players with a slightly different game.
    21. 21. © 2014 Forrester Research, Inc. Reproduction Prohibited 21 Secure Network Gateway 2013 Device Management 2012 2015 and BEYOND Application Wrapping 2013 Secure Mobile Content Sharing 2013 Enterprise Mobile Management 2014 * Mobile Authentication Risk Based Security Risk Based Mobile Management Risk Based Mobile ManagementUnderstanding WHO is at the device and real risk values are as important as security of the device is itself. 2015 adds mobile authentication to the offering mix. Quantification of risk is the future trend. Applying math to risk and using calculated risk values to enforce security controls. The future is in RBMM.
    22. 22. © 2014 Forrester Research, Inc. Reproduction Prohibited 22 TheNextWaveofAwesome –TechsThatQuantifyRisk Up andComingTechnologies VS VS VS Mobile Application Reputation Mobile Device Reputation Mobile Authentication Risk Based Mobile Management & Security
    23. 23. © 2014 Forrester Research, Inc. Reproduction Prohibited 23 What ItMeans- Enterprises $ Find roadmaps that go beyond point solutions Risk tolerance versus user experience Expect significant consolidation Defense in Depth Maximize security while minimizingUX impact Demand innovation!
    24. 24. © 2014 Forrester Research, Inc. Reproduction Prohibited 24 Nobody Ever Got FiredFor Buying… TechnologyLeading Products
    25. 25. Webinar: A Three-Pronged Approach to Mobile Security
    26. 26. • Mobile Risks • Pillars of Mobile Security • Device • Apps • Network • Analytics • Background • Ask our Experts: Q&A Agenda 26
    27. 27. 27 Understanding Mobile Risk
    28. 28. Why is Knowing Your Mobile Risk Important? 28 • Protecting company data • Safeguarding other enterprise infrastructure • Identifying compliance issues • Creating better policies with better visibility
    29. 29. Quantifying Mobile Risk 29 • Employee Data Access • Installed Apps • User / Device Behavior • Non-mobile Events
    30. 30. Understanding Mobile Risk is Imperative Source: Verizon 2014 Data Breach Investigations Report Number of breaches per category
    31. 31. 31 Pillars of Mobile Security
    32. 32. Mobile Security Network AnalyticsApplicationsDevice Four Pillars of Mobile Security to Reduce Risk
    33. 33. • MDM • Password policies • Containers Typical Device Level Security 33
    34. 34. Typical Application Level Security 34 • App catalog • White / Black List • App wrapping
    35. 35. Typical Network Level Security PC’s Traditionally Protected Mobile is Completely Unprotected
    36. 36. Typical Mobile Analytics Available to other Platforms
    37. 37. 37 How Does Mojave Manage the Pillars?
    38. 38. Health Evaluate apps, processes, diagnostics, and behavior to assess risk Native Experience No wrapping or containers to interfere with the native experience Privacy Wipe corporate information and set granular employee privacy policies Policies Set configurations, deliver policies, and manage apps Device – Security without the Hassle 38
    39. 39. 39 Monitoring Device Health • Over 50 data points collected daily • Monitor for critical changes in device health • Feeds of data for other security tools to analyze
    40. 40. Results 1. More visibility 2. Better DLP 3. Block threats Analysis 1. Static & dynamic 2. Enterprise risk 3. Protocol identification App Reputation Collection 1. Thousands of apps/day 2. App stores, 3rd parties, and devices 40
    41. 41. Gain Visibility into App Risk 41
    42. 42. App Data All Data Globally Distributed Network Optimized for Mobile 42
    43. 43. Gain Visibility into Data Flow 43
    44. 44. Network threats blocked per device 10 per month 120 per year 44** Based on Mojave Networks aggregate customer usage data
    45. 45. • Tie mobile events to broader user profile • Leverage existing security tools • See activity that has never been available Real-time Event API Completes the Loop 45 Policy
    46. 46. Mojave Connect Real-time API Common Syslog formats Better Correlate Mobile Events with Other Enterprise Data Real-time API’s = Faster Risk Assessment 46
    47. 47. Visibility Security Effortless & Seamless Mojave Networks Delivers 47 Control
    48. 48. • MDM solutions only protect from a small subset of mobile risks • 4 pillars necessary to provide true mobile security • Mobile risk should be combined with other threat intelligence Summary 48
    49. 49. 49 About Mojave Networks
    50. 50. Mojave Networks Background • Founded in 2011 and based in Silicon Valley • Lead investment from Bessemer Venture Partners & Sequoia Capital • Veteran team from Symantec, McAfee, Lookout, Palo Alto Networks, Cenzic • Deep security DNA with patent pending technology • Customers in Healthcare, Finance, Transportation, Government and more 50
    51. 51. 51 Questions & Answers

    ×