How can mobile device data be protected? This SANS webcast reviews the current and emerging services and practices designed to help secure and protect the data on these devices, and identifies areas where solutions are needed to fill the remaining gaps and provides recommendations for a holistic approach including mobile threat protection.
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
View recorded webinar - http://get.skycure.com/evaluating-mobile-threat-defense-solution
Get the tools and information you need to make the evaluation process of Mobile Threat Defense solutions easier and ensure your success.
Watch the webinar recording: http://hubs.ly/y0XwTS0
In this RSA Conference webcast, security experts Adi Sharabani and Yair Amit describe the current threat landscape for mobile devices and discuss security strategies.
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
Watch webinar recording: http://hubs.ly/H01l56L0
Join Brian Katz, director of mobile strategy at VMware, and Varun Kohli, vice president at Skycure, discuss how to:
- Get visibility into ALL mobile threats, vulnerabilities and attacks impacting your organization today
- Integrate Skycure with AirWatch to predict, detect, and protect against mobile cyber attacks
- Stop attacks before they make it to the enterprise by profiling good and bad device, app and user behaviors by leveraging crowd wisdom
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
View webinar recording - http://hubs.ly/H06134H0
Learn how Aetna protects its corporate data from mobile threats while providing a better user experience and complying with strict industry regulations.
Three Secrets to Becoming a Mobile Security SuperheroSkycure
View recorded webinar here - http://hubs.ly/H03W-Ns0
Learn the secrets of one mobile security superhero as he details his journey to defend his organization, the 2nd largest beverage distributor, against mobile threats.
Supply Chain Threats to the US Energy SectorKaspersky
This presentation by Cynthia James discusses steps to take towards cyber-securing the supply chain of Energy sector organizations in the U.S. From the biggest challenges to a review of regulation and compliance guidelines, this deck covers three areas of Energy: nuclear, electric and "other".
Cynthia James is a CISSP (Certified Information Systems Security Professional) and frequent presenter for the TABD group at Kaspersky Lab, global provider of cybersecurity solutions. With 9 years of experience in the cybersecurity space, Cynthia is a regular speaker on the subject and has authored a book on cybercrime: “Stop Cybercrime from Ruining Your Life".
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
View recorded webinar - http://get.skycure.com/evaluating-mobile-threat-defense-solution
Get the tools and information you need to make the evaluation process of Mobile Threat Defense solutions easier and ensure your success.
Watch the webinar recording: http://hubs.ly/y0XwTS0
In this RSA Conference webcast, security experts Adi Sharabani and Yair Amit describe the current threat landscape for mobile devices and discuss security strategies.
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
Watch webinar recording: http://hubs.ly/H01l56L0
Join Brian Katz, director of mobile strategy at VMware, and Varun Kohli, vice president at Skycure, discuss how to:
- Get visibility into ALL mobile threats, vulnerabilities and attacks impacting your organization today
- Integrate Skycure with AirWatch to predict, detect, and protect against mobile cyber attacks
- Stop attacks before they make it to the enterprise by profiling good and bad device, app and user behaviors by leveraging crowd wisdom
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
View webinar recording - http://hubs.ly/H06134H0
Learn how Aetna protects its corporate data from mobile threats while providing a better user experience and complying with strict industry regulations.
Three Secrets to Becoming a Mobile Security SuperheroSkycure
View recorded webinar here - http://hubs.ly/H03W-Ns0
Learn the secrets of one mobile security superhero as he details his journey to defend his organization, the 2nd largest beverage distributor, against mobile threats.
Supply Chain Threats to the US Energy SectorKaspersky
This presentation by Cynthia James discusses steps to take towards cyber-securing the supply chain of Energy sector organizations in the U.S. From the biggest challenges to a review of regulation and compliance guidelines, this deck covers three areas of Energy: nuclear, electric and "other".
Cynthia James is a CISSP (Certified Information Systems Security Professional) and frequent presenter for the TABD group at Kaspersky Lab, global provider of cybersecurity solutions. With 9 years of experience in the cybersecurity space, Cynthia is a regular speaker on the subject and has authored a book on cybercrime: “Stop Cybercrime from Ruining Your Life".
How to Add Advanced Threat Defense to Your EMMSkycure
View recorded webinar here: http://hubs.ly/y0SRV90
In this webinar presentation we discuss how to:
- Stop mobile attacks before they make it to the enterprise by leveraging crowd wisdom
- Dynamically enforce BYOD, security and compliance policies based on actively detected threats
- Leverage risk-based enterprise mobility management to detect and protect against corporate espionage via infiltrated mobile devices
Kaspersky Lab, one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned, presents a short story about the company - its Values, Business, Solutions, i.e. what we think and strive for in our business, how we develop our technologies and solutions to protect our customers and people around the globe against cyberthreats, as well as the results we've managed to achieve.
How Healthcare CISOs Can Secure Mobile DevicesSkycure
Original webinar: http://get.skycure.com/mobile-security-in-healthcare-webinar
In this webinar, Jim Routh, CSO at Aetna, and Adi Sharabani, CEO and co-founder at Skycure, discuss:
- The state of mobile security in Healthcare organizations
- How to improve incident response and resilience of mHealth IT operations
- How to leverage risk-based mobility to predict, detect and protect against threats
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.
This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.
- Understand why the existing approaches, processes and technologies for IT security get less effective over time
- Know what metrics and analytics are missing from your current strategy
- Recognise how risk analytics can be used to automate and secure your network devices
- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
View recorded webinar - http://get.skycure.com/accessibility-clickjacking-webinar
Accessibility Clickjacking, a vulnerability discovered by Skycure’s Mobile Threat Defense Research Team, is a method hackers may use to gain complete control over an Android device, including acquiring elevated privileges and exposing the content of all apps on the device.
It can compromise container solutions and is extremely difficult to detect.
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
If you’re tasked with keeping your enterprise network infrastructure secure against cyber attacks, then you’d better start thinking like a hacker. Do you know what your network looks like? Where are all the access points? Can you create a short list of the most vital vulnerabilities a hacker could exploit? And how long does it take you to get this info? Days? Weeks? Never?
In this webcast, we will discuss a practical game plan to continuously monitor your cyber security status and proactively fix concerns before they become a data breach or attack. Learn how to minimize risks by combining a detailed understanding of your network topology, cyber threats, and likely attack scenarios with everyday security management processes. This webcast is appropriate for firewall and network administrators, IT security managers, and CISOs in medium to large business and government agencies.
We will examine:
• Network mapping – How to create a virtual network model to use for security architecture planning and policy compliance checks
• Access analysis – Ways to identify all network access routes , to block unauthorized access and quickly troubleshoot network availability issues
• Securing the perimeter – Enable daily checks of firewalls and network devices to keep them configured securely
• Attack simulation – Find and fix the vulnerabilities most likely to be used in an attack – every day
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
In this presentation, we discuss about the trend on application, cloud and cyber security. We analyze surveys on several hundred of companies to show the trend on security concerns, threats, and what controls companies are looking to do.
It also introduce Pactera's cybersecurity capabilities in providing end-to-end managed services for application security testing, secure code review, penetration testing, application security - secure coding practice training, third-party supplier security risk assessment, data governance and ISO 27001 based assessments.
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
Skybox Security addresses recent trends and changes in strategy in the network security space and the challenges facing IT security professionals and CISOs.
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Kaspersky endpoint security business presentationData Unit
A presentation of the kaspersky portofolio for business. The antivirus package of kaspersky Endpoints, can secure your mobiles, desktops, servers and more.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly.
Together with our event partners Cisco, F5, and Bromium, Scalar brings you solutions to these problems, as well as a full presentation on our managed security services portfolio.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
How to Add Advanced Threat Defense to Your EMMSkycure
View recorded webinar here: http://hubs.ly/y0SRV90
In this webinar presentation we discuss how to:
- Stop mobile attacks before they make it to the enterprise by leveraging crowd wisdom
- Dynamically enforce BYOD, security and compliance policies based on actively detected threats
- Leverage risk-based enterprise mobility management to detect and protect against corporate espionage via infiltrated mobile devices
Kaspersky Lab, one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned, presents a short story about the company - its Values, Business, Solutions, i.e. what we think and strive for in our business, how we develop our technologies and solutions to protect our customers and people around the globe against cyberthreats, as well as the results we've managed to achieve.
How Healthcare CISOs Can Secure Mobile DevicesSkycure
Original webinar: http://get.skycure.com/mobile-security-in-healthcare-webinar
In this webinar, Jim Routh, CSO at Aetna, and Adi Sharabani, CEO and co-founder at Skycure, discuss:
- The state of mobile security in Healthcare organizations
- How to improve incident response and resilience of mHealth IT operations
- How to leverage risk-based mobility to predict, detect and protect against threats
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.
This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.
- Understand why the existing approaches, processes and technologies for IT security get less effective over time
- Know what metrics and analytics are missing from your current strategy
- Recognise how risk analytics can be used to automate and secure your network devices
- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
View recorded webinar - http://get.skycure.com/accessibility-clickjacking-webinar
Accessibility Clickjacking, a vulnerability discovered by Skycure’s Mobile Threat Defense Research Team, is a method hackers may use to gain complete control over an Android device, including acquiring elevated privileges and exposing the content of all apps on the device.
It can compromise container solutions and is extremely difficult to detect.
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
If you’re tasked with keeping your enterprise network infrastructure secure against cyber attacks, then you’d better start thinking like a hacker. Do you know what your network looks like? Where are all the access points? Can you create a short list of the most vital vulnerabilities a hacker could exploit? And how long does it take you to get this info? Days? Weeks? Never?
In this webcast, we will discuss a practical game plan to continuously monitor your cyber security status and proactively fix concerns before they become a data breach or attack. Learn how to minimize risks by combining a detailed understanding of your network topology, cyber threats, and likely attack scenarios with everyday security management processes. This webcast is appropriate for firewall and network administrators, IT security managers, and CISOs in medium to large business and government agencies.
We will examine:
• Network mapping – How to create a virtual network model to use for security architecture planning and policy compliance checks
• Access analysis – Ways to identify all network access routes , to block unauthorized access and quickly troubleshoot network availability issues
• Securing the perimeter – Enable daily checks of firewalls and network devices to keep them configured securely
• Attack simulation – Find and fix the vulnerabilities most likely to be used in an attack – every day
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
In this presentation, we discuss about the trend on application, cloud and cyber security. We analyze surveys on several hundred of companies to show the trend on security concerns, threats, and what controls companies are looking to do.
It also introduce Pactera's cybersecurity capabilities in providing end-to-end managed services for application security testing, secure code review, penetration testing, application security - secure coding practice training, third-party supplier security risk assessment, data governance and ISO 27001 based assessments.
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
Skybox Security addresses recent trends and changes in strategy in the network security space and the challenges facing IT security professionals and CISOs.
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Kaspersky endpoint security business presentationData Unit
A presentation of the kaspersky portofolio for business. The antivirus package of kaspersky Endpoints, can secure your mobiles, desktops, servers and more.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly.
Together with our event partners Cisco, F5, and Bromium, Scalar brings you solutions to these problems, as well as a full presentation on our managed security services portfolio.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
Learn how to:
* Detect threats automatically and accurately
* Reduce threat response times from 7 days to 4 hour
* Ingest and process 100+TB per day for automated machine learning and behavior-based detection
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
Cyber threat analytics, cyber threat detection, and cybersecurity for data privacy & protection are the most common use cases across industries. Download the report to read about the regional hotspots, associated players, cybersecurity ecosystems, and more.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
Businesses and organizations have numerous network devices, databases, servers, applications, and domains, and all of these IT assets are through IP addresses and Ports.
Attack Surface Management refers to the proactive detection and management of attack vectors such as open ports, server vulnerabilities, similar domains, phishing, and domains distributing malicious code.
Criminal IP ASM automatically monitors and generates a report on assets exposed to the attack surface.
All IT assets are thoroughly detected globally, with a streamlined introduction procedure requiring registration of only one primary domain.
Request a FREE Demo of Criminal IP ASM at:
https://www.criminalip.io/asm/attack-surface-management
Security O365 Using AI-based Advanced Threat ProtectionBitglass
Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware?
Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
Similar to Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices (20)
5. What are we protecting?
Credentials
• VPN
• E-Mail
• Social Media
• Other systems
Documents/Photos/Data
Contacts/Connections
• PII, personal and corporate
6. Why are we protecting…
• Network Access
• Impersonation/Identity Theft
• Data Access/Exfiltration/Modification
• Corporate Espionage
7. How is data lost/stolen
Insiders
– User sends it
– Recycle non-wiped devices
– Weak or no passcode
– Access malicious web site
– Install software
– Weaken settings
8. How is data lost/stolen
Outsiders
• Man in The Middle (MiTM)
• Social Engineering
• Logical or physical access
9. Attack Mitigations
Physical Security
Passcode, encryption, possession
Network Security
Use known networks (network spoofing)
Disable unneeded services
Malware Security
Use the primary app stores, update OS/Apps
Don’t root/jailbreak
11. Keeping OS and Applications Updated
OS/App update checklist:
• Has the update been regression tested?
• What will the requirement be for applying that
update?
• Who is responsible to update the items and how
will the update be applied?
• What are the consequences of not applying
updates?
• What is your communication plan to affected
parties?
Teamwork between IT and users is needed to secure mobile devices
Technology limitations are always being stretched both in the devices and the management solution
Were going to talk about what both sides can do, then introduce some new options that may be able to close some of the gaps in the armor to create a more comprehensive solution.
--
The ubiquitous use of mobile devices has radically changed the landscape of data protection, and the abundance of applications only complicates the situation. Regrettably, not every application is what it seems. Users can't always detect a well-crafted forgery or application that secretly exfiltrates data in addition to the displayed functions. Additionally, not every network is what it seems. Users stumble across illegitimate networks that a intercept or even change legitimate communications from mobile devices. And even legitimate operating systems and applications have numerous vulnerabilities that can be exploited.
How, then, can mobile device data be protected? This webcast reviews the current and emerging services and practices designed to help secure and protect the data on these devices, and identifies areas where solutions are needed to fill the remaining gaps and provides recommendations for a holistic approach including mobile threat protection.
Attendees will learn:
What role security tools such as analytics can play in managing mobile devices
What the risks are to mobile devices
How mobile devices and data are currently protected and how effective those protections are
Common attack vectors and possible mitigation strategies
Features and capabilities that a solution should have to provide organizations with ideal mobile security and visibility
Behaviors that increase the risk of compromise when compared to traditional laptop
Apps:
Legitimate app store only – helps – most common sources of mobile malware are secondary app stores (Apple/Google)
Repackaged apps – look just like the legitimate app – but have added behaviors. Some had it all alon
Permissions – it is confusing for users to understand the permissions, particularly in Android, and many folks just click “Accept”
Always connected – looking for known wi-fi
Default behavior is Wi-Fi connects to strongest signal for known network
Wi-fi compromised three ways
Misconfigured router is compromised – legit connection, legit AP, still owned
Malicious device on legitimate network accessing information or providing bogus services
Fake real network (Karma, Pineapple)
Always on
Most people don’t suspend the devices, so they’re available for exploit 24x7
People process information 24x7, independent of location
People switch between personal and business processing on the same device
Data Security
To support this paradigm, applications are often written to favor speed over security. E.g. mobile application uses http, while browser versions use https.
Patching/Updates
Traditional IT – we push the patches, and can patch most ongoing
Smartphones – limited device lifecycle, patch availablilty inconsisistent
Application updates are in the users hands. While we can use a EMM to push updates of corporate apps, the others are in user control.
What’s so important on those devices?
Corporate Data
Personal Data
Information about you, your friends, your company
How to reach others
How to connect
Stored passwords in applications
Stored username/passwords in notes/documents/contacts – or insecure password management apps.
Sensitive personal or sensitive corporate data
Why – Next slide
This is kind-of the point.
To Become you
To act as you
To become someone else
Data for further action/compromise. Consider the data as pieces of a puzzle, which solving allows access your data/systems
Ask Why to expose the risks.
Be well aware of what the devices do, what information they process and how that information can be used & abused
0Insider – So often they are trying to get their job done.
Type of Insider + type of action = = loss
Accidental -
Malicious
Theft
Hactivists
Deliberate -
Email it to my home so I can work on it
Take shot with camera because can’t copy/paste…
Cloud use
Personal gain, revenge, etc.
Accidental
Respond/Forward wrong email, Put file in wrong folder, Too much data in document or message
Connecting to a malicious, compromised or misleading network (free public wi-fi anyone?)
PWN2OWN – Fully patched Android, could install any app by Chrome hitting web site. *Network legit, device legit, even so---
Were it as simple as a burglar-
Separately or in combination
Users leveraged to aid the process – install malicious or repackaged apps. Some protections prevents installation of top of legit copies.
Talk bout physical access soon
Download a Mobile Security App = from AV to More comprehensive solutions
Mobile device operating systems and applications vulnerabilities drive the need to keep the OS and applications updated. When a device needs an update, ask:
Deployment
Provision OTA
Ease of on/off-boarding
End User Experience
Low battery use
Low data use (Esp. BYOD)
Threat Detection
Network
Malware
Device Vulnerabilities
Management and Administration
Detected threat reporting
Identify device OS vulnerabilities
Per-device Risk estimate
Reporting
Other
Seim integration
API
Deployment
Provision OTA
Ease of on/off-boarding
End User Experience
Low battery use
Low data use (Esp. BYOD)
Threat Detection
Network
Malware
Device Vulnerabilities
Management and Administration
Detected threat reporting
Identify device OS vulnerabilities
Per-device Risk estimate
Reporting
Other
Seim integration
API
Containers-
Common security model
Users often want to work outside container as apps/functions not in-container
Provides nice hardened spot for BYOD
Must configure data in/exfil settings
Application Wrapping
To add to container or MDM, but, need source and application has to use frameworks wrapping tool supports.
Secure Network access
Authentication integration
VPN-
Per application – possibly exploitable as kernel controls
Full device – any malware on device can access, can leverage network controls for remote access.
VDI
Connectivity and user experience largest challenges
Beyond analysis and human intervention
Typically, reports are read by local analyst and actions taken, blended with data from local systems
Real time application of data is needed
The mobile device could be an added source of threat data
Imagine aggregating data from thousands of mobile devices?
Application analysis
Not just in-house, there are services that provide this information
Location based defense
Distributed threat intelligence
Imagine dynamically changing the security configuration based on distributed threat information and device location?
** Make sure setting revert when appropriate **
For example DefCon BlueTooth attacks were mitigated by disablement of BT.
Manual analysis and application of threat information won’t scale.
Transition to SkyCure
The thing that is common in most of the reasons mentioned in the previous slide is Endpoints. If we talk about Old Endpoints they are full of security solutions – IDS, IPS, Av, Wireless security, USB security, Encryption, DLP, and so on.
(CLICK)
What about the new Endpoints? What kind of security do you have on them?