�ݺ�ߣ

Title of Presentation DD/MM/YYYY© 2015 Skycure Inc. - Confidential 1Yair Amit, Co-founder, CTO, Skycure December 2015
Mobile Security: 2015 Wrap-up and 2016 Predictions

Title of Presentation DD/MM/YYYY© 2015 Skycure Inc. - Confidential 2
Meet Your Speaker
Yair Amit
Co-founder and CTO
Skycure

Quick Housekeeping
• Q&A panel is available if you have any questions
• There will be time for Q&A at the end
• We are recording this webinar for future viewing
• All attendees will receive a copy of slides/recording
Join the discussion #MobileThreatDefense

Agenda
1. Highlights of 2015
2. 2016 Predictions
3. Mobile Security Plan
4. Q&A

Title of Presentation DD/MM/YYYY© 2015 Skycure Inc. - Confidential 5© 2015 Skycure Inc. - Confidential
Highlights of 2015

Modern Mobile Attacks

Physical Security
Loss
Theft
Unauthorized
Access

Network Security
Wi-Fi/
Cellular
Off-the-
shelf
hacking
gear
24x7
Exposure

SSL Decryption – A Growing Concern
92%
of users click on “Continue”
compromising their Exchange identity
(username and password)

”
Plain HTTP
Does it really
happen today?

SwiftKey Vulnerability
600 million Android (Samsung) devices vulnerable
PRE-INSTALLED
KEYBOARD
UNENCRYPTED
UPDATES
MITM
SYSTEM
ACCESS

“No iOS Zone”
iOS crashes
“No iOS Zone” exploited again
iPhone crashes again
Device restarts
and again
and again
and again

Malware
External
Stores
Repackaged
Apps
New
infection
vectors

XcodeGhost
• Lures developers into using a malicious development environment
• Malicious apps were approved by Apple and made it to the AppStore

YiSpecter
• Impacts both jailbroken and non-jailbroken devices
• First major iOS malware that uses Apple’s private APIs

Vulnerabilities
OS & App
Level
Patching
Challenges
Never
Ending
Story

Known iOS Vulnerabilities - Apr. 15’ Est.
0
20
40
60
80
100
120
140
160
180
2007 2008 2009 2010 2011 2012 2013 2014 2015
Number of CVEs Trajectory (Apr 15')
Source: Skycure analysis based of CVEdetails.com

Known iOS Vulnerabilities - Final
Source: Skycure analysis based of CVEdetails.com
0
50
100
150
200
250
300
350
400
2007 2008 2009 2010 2011 2012 2013 2014 2015
Number of CVEs

Mobile Security Threat Reports

2016 Predictions

Android malware will continue to evolve
2011
Google Play is
riddled with
malware
2015
Google Play is
riddled with
malware
3rd party stores
are riddled with
malware
Google introduces
technologies such as
“Bouncer” and “Verify Apps”
What next?

Malware Scanners Effectiveness

Multi-Factor
Authentication will
be Further
Embraced by Users
• Stealing a password will continue to become less effective
• Greater reliance on mobile devices
• Result – attackers focus their hacking campaigns on mobile devices

Hackers will
Leverage Mobile to
Attack Enterprises
• Utilization of a growing arsenal of attacking tools
• Mobile as an easy springboard to corporate resources
• Focus on exploiting human and software vulnerabilities via network and
application-level attack vectors

Healthcare
adoption of
mobility will
continue to grow
70% of Doctors would use mobility
to manage patient data: A growth
from ~8% just 2 years ago

10+ Billion
Connected
Devices in
3 Years
• Wearables to monitor more health data
• Healthcare data is worth a lot
• Hackers to focus on unsecured healthcare apps/devices

Mobile payments
will gain more
traction
• Mobile payment volume in the US will grow to
$818 Billion by 2019.
• Starbucks: 8 million mobile transactions per week.
21% of total sales.
• 2% of transactions at top 5 retailers are through
Apple Pay.

Mobile Security Plan

Old Endpoint Vs. New Endpoint
IPS
IDS
FIREWALL
USB
SECURITY
DLP
DATA
ENCRYPTION
WIRELESS SECURITY
APPLICATION CONTROL
AV
?

4 Tips for CIOs
Predict
Identify high-risk
situations in
advance using
crowd wisdom
Detect
Find mobile
threats
before they
reach your
organization
Prevent
Stop threats
automatically
using existing
policies
Adapt
Learn from the
new threats to
adapt your
security policy

You need “Waze”
• Protect against known, unknown and
ZERO-day attacks
Malware: How do you predict next-gen malware attacks?
Exploit: How do you know if the exploit was not tailor-made for your organization?
Network: How do you know if the network you connect to is real or fake?
Predict

Predict

Comprehensive Detection Detect
Applications
• Policy Violations
• Malware
Vulnerabilities
• iOS & Android
• CVSS – Open Standard
Device
• Lost
• Stolen
• Imporper Configuration
Networks
• Suspicious
• Malicious

Automated Remediation
• No CIO or IT needs yet
another console to look at
• Use your EXISTING tools
and policies
- SIEM
- EMM/MDM
- VPN
- Email servers
Predict

Adapt
1. Learn from the new threats
2. Identify top attacked people/departments
3. Educate them
4. Do cyber-security drills
Adapt

Skycure Mobile Threat Defense
• Seamless experience
• 24x7 detection and protection
• Device, app, and network analysis
• Multi platform – Android and iOS
Employee
• Flexible deployment
• Policy creation and enforcement
• Reporting and compliance
• Enterprise integrations
IT Team
Mobile Threat Intelligence
• Millions of tests per month
• Millions of networks and apps analyzed
• Zero-day threat protection
• Predictive Security
Attack
Vector

c
https://maps.skycure.com
c

Summary
• The problem of mobile security is real and is already here
• An ideal solution should offer layered security:
- Physical compromise
- Network attacks
- Malware infections
- Vulnerabilities
• Enterprises are moving towards
risk-based mobility
• Skycure is leading the charter
ATTACK
VECTO
R

Next Steps
Request a FREE 30 Day Trial!
sales@skycure.com, Phone: 1-800-650-4821
https://www.skycure.com/trial
https://blog.skycure.com
@SkycureSecurity, @yairamit
https://www.linkedin.com/company/skycure

�ݺ�ߣ

Mobile Security - 2015 Wrap-up and 2016 Predictions

More Related Content

Mobile Security - 2015 Wrap-up and 2016 Predictions