�ݺ�ߣ

Editor's Notes

1. Teamwork between IT and users is needed to secure mobile devices Technology limitations are always being stretched both in the devices and the management solution Were going to talk about what both sides can do, then introduce some new options that may be able to close some of the gaps in the armor to create a more comprehensive solution. -- The ubiquitous use of mobile devices has radically changed the landscape of data protection, and the abundance of applications only complicates the situation. Regrettably, not every application is what it seems. Users can't always detect a well-crafted forgery or application that secretly exfiltrates data in addition to the displayed functions. Additionally, not every network is what it seems. Users stumble across illegitimate networks that a intercept or even change legitimate communications from mobile devices. And even legitimate operating systems and applications have numerous vulnerabilities that can be exploited. How, then, can mobile device data be protected? This webcast reviews the current and emerging services and practices designed to help secure and protect the data on these devices, and identifies areas where solutions are needed to fill the remaining gaps and provides recommendations for a holistic approach including mobile threat protection. Attendees will learn: What role security tools such as analytics can play in managing mobile devices What the risks are to mobile devices How mobile devices and data are currently protected and how effective those protections are Common attack vectors and possible mitigation strategies Features and capabilities that a solution should have to provide organizations with ideal mobile security and visibility
2. Behaviors that increase the risk of compromise when compared to traditional laptop Apps: Legitimate app store only – helps – most common sources of mobile malware are secondary app stores (Apple/Google) Repackaged apps – look just like the legitimate app – but have added behaviors. Some had it all alon Permissions – it is confusing for users to understand the permissions, particularly in Android, and many folks just click “Accept” Always connected – looking for known wi-fi Default behavior is Wi-Fi connects to strongest signal for known network Wi-fi compromised three ways Misconfigured router is compromised – legit connection, legit AP, still owned Malicious device on legitimate network accessing information or providing bogus services Fake real network (Karma, Pineapple) Always on Most people don’t suspend the devices, so they’re available for exploit 24x7 People process information 24x7, independent of location People switch between personal and business processing on the same device Data Security To support this paradigm, applications are often written to favor speed over security. E.g. mobile application uses http, while browser versions use https. Patching/Updates Traditional IT – we push the patches, and can patch most ongoing Smartphones – limited device lifecycle, patch availablilty inconsisistent Application updates are in the users hands. While we can use a EMM to push updates of corporate apps, the others are in user control.
3. What’s so important on those devices? Corporate Data Personal Data Information about you, your friends, your company How to reach others How to connect Stored passwords in applications Stored username/passwords in notes/documents/contacts – or insecure password management apps. Sensitive personal or sensitive corporate data Why – Next slide
4. This is kind-of the point. To Become you To act as you To become someone else Data for further action/compromise. Consider the data as pieces of a puzzle, which solving allows access your data/systems Ask Why to expose the risks. Be well aware of what the devices do, what information they process and how that information can be used & abused
5. 0Insider – So often they are trying to get their job done. Type of Insider + type of action = = loss Accidental - Malicious Theft Hactivists Deliberate - Email it to my home so I can work on it Take shot with camera because can’t copy/paste… Cloud use Personal gain, revenge, etc. Accidental Respond/Forward wrong email, Put file in wrong folder, Too much data in document or message Connecting to a malicious, compromised or misleading network (free public wi-fi anyone?) PWN2OWN – Fully patched Android, could install any app by Chrome hitting web site. *Network legit, device legit, even so---
6. Were it as simple as a burglar- Separately or in combination Users leveraged to aid the process – install malicious or repackaged apps. Some protections prevents installation of top of legit copies. Talk bout physical access soon
7. Download a Mobile Security App = from AV to More comprehensive solutions
8. Mobile device operating systems and applications vulnerabilities drive the need to keep the OS and applications updated. When a device needs an update, ask:
9. Deployment Provision OTA Ease of on/off-boarding End User Experience Low battery use Low data use (Esp. BYOD) Threat Detection Network Malware Device Vulnerabilities Management and Administration Detected threat reporting Identify device OS vulnerabilities Per-device Risk estimate Reporting Other Seim integration API
10. Deployment Provision OTA Ease of on/off-boarding End User Experience Low battery use Low data use (Esp. BYOD) Threat Detection Network Malware Device Vulnerabilities Management and Administration Detected threat reporting Identify device OS vulnerabilities Per-device Risk estimate Reporting Other Seim integration API
11. Containers- Common security model Users often want to work outside container as apps/functions not in-container Provides nice hardened spot for BYOD Must configure data in/exfil settings Application Wrapping To add to container or MDM, but, need source and application has to use frameworks wrapping tool supports. Secure Network access Authentication integration VPN- Per application – possibly exploitable as kernel controls Full device – any malware on device can access, can leverage network controls for remote access. VDI Connectivity and user experience largest challenges
12. Beyond analysis and human intervention Typically, reports are read by local analyst and actions taken, blended with data from local systems Real time application of data is needed The mobile device could be an added source of threat data Imagine aggregating data from thousands of mobile devices?
13. Application analysis Not just in-house, there are services that provide this information Location based defense Distributed threat intelligence Imagine dynamically changing the security configuration based on distributed threat information and device location? ** Make sure setting revert when appropriate ** For example DefCon BlueTooth attacks were mitigated by disablement of BT. Manual analysis and application of threat information won’t scale.
14. Transition to SkyCure
15. The thing that is common in most of the reasons mentioned in the previous slide is Endpoints. If we talk about Old Endpoints they are full of security solutions – IDS, IPS, Av, Wireless security, USB security, Encryption, DLP, and so on. (CLICK) What about the new Endpoints? What kind of security do you have on them?