FishNet Security offers several mobile security solutions and services to help businesses securely enable mobile devices and applications. These include developing mobile security policies, performing security assessments of mobile applications and architecture, penetration testing of mobile clients and servers, and mobile device management integration and strategy consulting. The company aims to help businesses maximize productivity from mobile tools while minimizing security risks and ensuring regulatory compliance.

1. Securely Enabling Business
Enterprise Mobility
Overview
Business executives are driving the decision to utilize mobile devices throughout their enterprise due to the devices ability to provide greater
productivity, availability, flexibility, and convenience. Such decisions are forcing IT professionals to quickly find solutions to protect their
companies’ greatest assets. Mobile devices process and store large amounts of data, remotely access proprietary information, and perform
most processor-intensive tasks. As the use of these devices increases so does the exposure to risks and vulnerabilities. In order to ensure the
security and integrity of mobile devices, businesses must take adequate measures.
Offerings
99Mobile Security Roadmap 99Mobile Application Security
FishNet Security has worked with enterprise customers to Mobile Design (Architecture) Review
develop a strategic direction as it relates to mobile security.
• High-level examination of application artifacts such
FishNet Security mobile security strategic road map reviews
as security requirements, secure development
the current state and provide recommendation based on
standards, and specific application specifications to
compliance and industry standards for the following:
ensure security has been implemented throughout
• Security policies as it relates to mobile security the development lifecycle of the mobile application.
• Mobile security business and technical requirements • Identify weaknesses in proposed
design, and recommend appropriate
• Mobile remote access and VDI integration countermeasures to mitigate threats.
• Strong Authentication
Mobile Application Threat Modeling
99Mobile Security Policy Development • Comprehensive threat assessment delivered with
FishNet Security’s proven, STRIDE-based methodology
FishNet Security’s Mobile Security Policy Development is • Determine data flows and examine
designed to help our clients meet the unique challenges posed entry and exit points in the application,
by the evolving space of mobile device platforms. Organizations exposing opportunities to subvert security
are becoming more reliant on mobile computing platforms controls. Recommend countermeasures to
every day introducing additional risk and considerations for eliminate threats and vulnerabilities.
security. FishNet Security’s consultants understand the business
drivers and need for mobile computing platforms as well as the
Mobile Application Security Assessment
nuances to development and maintenance of mobile security
policies, standards and procedures. FishNet Security can help • Analysis of a mobile application’s security posture
organizations meet their mobile security documentation needs by: within a run-time environment on its native platform,
focused on identifying security vulnerabilities, insecure
• Developing, evaluating and enhancing existing configuration and other threats.
policies, standards and procedures
• Maturing mobile security documentation Mobile Application Security Code Review
lifecycle management • Examine applications at the code-level, and
• Identify and document potential identify hard-to-find technical bugs that can
risks within security policy be missed in run-time assessments.
Regardless of the current state of mobile security in your • Identify logic flaws and other weaknesses that
organization, FishNet Security offers several key services to help are impossible to locate and analyze without
ensure that your documentation is established to enable your access to the application’s source code.
business and ensure regulatory or industry specific compliance.
ID#12SS0040
Last Modified 06.20.2012
Corporate Headquarters | 6130 Sprint Parkway | Ste. 400 | Overland Park, KS 66211 | 888.732.9406 © 2011 FishNet Security. All rights reserved.

2. Enterprise Mobility
Offerings (continued)
99Mobile Vulnerability Assessment and Mobile Device Remote Access
Penetration Testing Customers have the desire to provide connectivity to internal
application through mobile devices. Often times these
Mobile Architecture and Design Assessment application have sensitive information that needs access
• Analyze the infrastructure and security practices through remote access solution. FishNet Security has an
within the architecture and design. extensive product portfolio to support the mobile workforce,
Mobile Client and Server Penetration Testing which consists of the following:
• Use various methods to test and evaluate • F5 Edge SSL VPN
the vulnerabilities of the mobile device and • Juniper SA and JUNOS Pulse
the backend servers that control them. • Citrix
Mobile Vulnerability Assessment • VMware VDI
• Test the security of the mobile device from an end
99Mobile Security Awareness Training
user’s perspective to determine if the mobile device
could allow leakage of confidential data, denial of • Teach your work force “Mobile Security Best Practices”
service or other attacks.
• Teach employees corporate security policy
for mobile devices on their handheld
99Mobile Security Strategy Assessment • Rich Expert Learning Content
Mobile device management (MDM) is a technology that monitors, • Fingertip Compliance
supports, and manages mobile devices, securing them from • Complete Quizzing and Metrics
external attacks. MDM technologies are a first line of defense for • Anytime, Anywhere Training Solution
mobile assets.
Properly deployed MDM enables IT professionals to optimize and 99Mobile Forensics
protect complex, constantly-evolving mobile environments
while minimizing cost and downtime. Mobile phone forensics is the science of retrieving data from a
mobile phone under forensically sound conditions. This includes
MDM Design and Integration data retrieval and data examination found on the SIM/USIM, the
• Review current architecture and technologies phone body itself, and memory cards. Data retrieved and examined
related to MDM/MDP for mobile devices can include images, videos, text or SMS messages, call times, and
• Identify technical and regulatory requirements contact numbers
as it relates to mobile devices.
Once forensic investigation is completed, a formal report is
MDM Technology Partnerships: provided. The final report summarizes the purpose of the
• Good Technologies engagement including, tasks requested, keywords provided,
• McAfee EMM outline of collection methodology, details of analysis, and findings
of the investigation.
• Juniper SSL VPN with Junos Pulse and SMovile for MDM
• Mobile Iron
About FishNet Security
We Focus on the Threat so You can Focus on the Opportunity.
Committed to security excellence, FishNet Security is the #1 provider of information security solutions that combine
technology, services, support, and training. FishNet Security solutions have enabled 4,000 clients to better manage
risk, meet compliance requirements, and reduce cost while maximizing security effectiveness and operational
efficiency. For more information on FishNet Security, Inc., visit www.fishnetsecurity.com.
ID#12SS0040
Last Modified 06.20.2012
Corporate Headquarters | 6130 Sprint Parkway | Ste. 400 | Overland Park, KS 66211 | 888.732.9406 © 2011 FishNet Security. All rights reserved.