Download presentation
Presentation is loading. Please wait.
Published byBrandon Lloyd Modified over 7 years ago
1
Understanding the Mobile Security Gap Data Connectors – San Francisco
Brian Duckering Sr. Mobile Security Specialist 10/19/2017
2
Mobile: The Enterprise Security Gap
48% of enterprises are unsure if they have had a mobile breach! I don’t have protection against malware on my mobile devices I am worried about my users connecting to suspicious Wi-Fi networks I don’t have visibility into vulnerabilities affecting mobile OS/applications
3
Chasm Between – Mobile Usage & Security Spend
Customers Business mobile consumption exploded (and exploding) Has your security spend caught up with the explosion? Hackers are shifting their focus to mobile DURING COMMUTE WORK HOURS EVENINGS WEEKENDS "By 2018, 80% of organizations with MTD solutions in place will integrate them with their enterprise mobility management (EMM) solutions, which is an increase from the fewer-than-5% current estimate. " Global Internet Consumption: Old Vs. New Endpoint Security Spend: Old Vs. New Endpoint 39% of security professionals claim security concerns are the top inhibitor to mobile adoption 1 in 5 organizations suffered a mobile security breach IPS FIREWALL DLP AV IDS A couple of years ago, Global Internet Consumption on the new endpoint crossed that of the old endpoint. Your users spend much more time on their mobile phones as compared to PCs. They are on it from around 6 am in the morning till 12 am at night whereas PCs are mostly used only during business hours. However, your security spend on the two types of endpoints probably stack up the same way. The old endpoints have decades of security behind them such as – IDS, IPS, AV, Wireless security, USB security, Encryption, DLP, and so on. What about the new modern Endpoints? What kind of security do you have on them? Forget about mobile security being more than a decade old, the whole industry is less than 10 years old and really started in 2007 with the launch of first iPhone. The last pillar on this slide talks about the change in focus by the adversary. Given the recent mobile explosion and lack of proper security, there recently have been multiple breaches originating from the mobile devices. Some of them are highlighted here. In the past 2 years, 8% of all publically disclosed healthcare breaches compromising more than 500 records came from mobile as per Dept. of Health and Human Services. According to Privacy Rights breach database, the same number for the financial industry is over 15% for the last two years. 110+ min/day <30 min/day Source: Dept of Health and Human Services,
4
New Threat Vectors 1 in 5 organizations suffered a mobile security breach Average cost of each breach is $6.53M 9% of all breaches come from mobile devices 6 months average time to identify a breach 24% of organizations confirmed their mobile devices have connected to malicious Wi-Fi 48% are unsure if there have been incidents So you have a situation where: Customers who want to adopt more mobility are held up by security concerns. Customers who are running a mobile enterprise, do not necessarily realize what the risks are. If they realize what the risks are, they still don’t have visibility to the actual prevalence of those in their own enterprise. Together these problems are a significant barrier to mobile adoption and usage, and that is a barrier to AT&T’s future growth. Devices found with malware during assessments: 3% iOS, 6% Android 39% of Security professionals claim security concerns are the top inhibitor to mobile adoption where 72% of those are most concerned about data loss 39% 72%
5
Many “Security” Solutions
Impossible to transfer traditional solutions to mobile Mobile Threat Defense is not EMM or traditional security Mobile cybersecurity is a critical and expensive problem Mobile Threat Defense requires ongoing, intense research to stay ahead of hackers Mobile solutions must be improved and updated continuously Protection must operate 24/7 Mobile Threat Defense and EMM solve very different problems EMM is management, MTD is security (complimentary) IT needs visibility and proactive remediation of mobile risks On a fraction of your overall data center or network security budget Mobile security must aggregate multiple security solution Malware defense (like AV ) Network defense (like IDS/IPS/firewall) Vulnerability management (like patch management) Threat intelligence (like reputation services ) Big data forensics (like breach analytics tools) Risk management prioritization (like mobile SIEM) Next gen malware protection (like APT solutions)
6
Network-based Attacks Vulnerability Exploits
EMM and MTD are Complimentary MTD Mobile Threat Defense EMM Enterprise Mobility Management The guards on the walls Detect threats & attacks Actively protect the device from: The locks on the doors Productivity enablement solution Policy enforcement Malicious Apps Network-based Attacks MDM Provision Control Manage MAM Sandbox Tunnel Encrypt MCM Access Edit/Sync Distribute Vulnerability Exploits
7
EVERY ORG WITH 500+ DEVICES HAS A ROOTED/JAILBROKEN DEVICE
Mobile Threat Landscape Physical Malicious Chargers Drive-by-attacks NFC Attacks Bluetooth Attacks Lost | Stolen | Left in Uber EVERY ORG WITH 500+ DEVICES HAS A ROOTED/JAILBROKEN DEVICE Malware Mobile Malware Detections1 CIA “Vault 7” Pegasus XCodeGhost YiSpecter Wirelurker Exaspy HummingBad 100%+ Growth YoY 18.4M 9.0M 3.6M 2016 2015 2014 MILLION 5 10 15 20 Network PERCENTAGE OF DEVICES EXPOSED TO NETWORK THREATS Pineapple Wifigate arpspoof SSL decryption dnsspoof Evil Twin SSL stripping Content manipulation Vulnerabilities MOBILE OS VULNERABILITIES1 Malicious Profiles App-in-the-Middle Trident Stagefright Accessibility Clickjacking No iOS Zone Shared Cookie Stores LinkedOut So, what mobile threat do we protect against? According to the SANS Institute, mobile devices encounter four major types of threat vectors (Examples in bold are Skycure findings or discoveries): Physical Some of the examples of this threat vector are: malicious wall chargers, drive-by attacks using Bluetooth or NFC and then everything around someone having physical access to your device. In addition to this, in general, we find at least one instance of rooted or jailbroken device in every organization with at least 500 devices. 2. Malware The next type of threat is malware, which people generally associate just with Android, but that is missing a big section of the mobile attack surface. In fact, every organization we have encountered with more than 200 iOS devices had at least one instance of malware. Some malware examples include: Malware tools developed by the CIA, Pegasus, and Exaspy, a targeted malware we discovered on a Skycure protected device belonging to a VP at a multi-national company. According to Symantec’s threat report ISTR 22, mobile malware detections more than doubled in 2016 to a total of 18.4 Million. 3. Network Then comes the network threat vector which is at least 5 times more frequent than the malware problem. Our mobile devices connect to 10 to 100 times more networks as compared to our laptops. While switching from 3G, 4G, LTE, Public/Hotel/Airport free Wifi networks they get exposed to many man-in-the-middle and other network attacks such as WiFiGate (Skycure discovery), Evil Twin and Content manipulation. Skycure Threat Intelligence discovered that on an average 40% of enterprise mobile devices undergo a network exposure risk within a single quarter. 4. Vulnerabilities The last threat vector is Vulnerability exploits. It is not just about the bad apps. It is also about the good apps and operating systems with security holes in them. The chart shows vulnerabilities for both iOS and Android. According to ISTR 22, there were more than 600 OS vulnerabilities affecting both iOS and Android operating systems “Half of Android Devices Didn’t Get Security Patches in 2016” – Google 2017 PROJECTION 2017 PROJECTION 1- Internet Security Threat Report (ISTR) 2017, Symantec
8
A Day In The Life Of Your Mobile User
8am Stop for coffee, connect to free Wi-Fi or a wall-charger MITM SCP/SRP DEFENSE PHYSICAL DEFENSE Wake up and check mobile MESSAGE DEFENSE MMS Attack 6am 7am Check messages, click links Malware MALWARE DEFENSE 12pm Lunch around town Spoofed Corp WiFi CORP WIFI DEFENSE 10am At work, connect to official WiFi Misconfigured Routers, Corp Espionage ACTIVE HONEYPOT 9am Drive to work, connect to ISP Wi-Fi WiFigate/ Network Attack NETWORK DEFENSE Let us now look at a real life scenario to see how many times in a day SEP Mobile comes into the picture on your employees’ mobile devices. Let us assume they wake up at 6 am and check their mobile device. In certain cases (stagefright), it is possible for a hacker to send a maliciously crafted MMS message, root the device, gain admin access and delete the malicious MMS, all with no interaction from the user and while they were sleeping. SEP Mobile would detect these malicious MMS using Message Defense. The next thing they do is check messages and click on a bunch of links, some of which might be attempting to download malicious apps. Verizon DBIR says 66% of malware is installed from malicious s. Malware Defense would proactively protect them before the infection makes it to the device. On their way to work, they stop by to get coffee and either connect to the free Wi-Fi or plugin their device to public wall-charger both of which can easily be compromised. Physical Defense, Selective Resource Protection and Secure Connection Protection protects corporate communications and sensitive resources. They get back in their car and start driving to work and on the way connect to a public Wi-Fi network that might come from their carrier or ISP or might be a spoofed one. Network Defense would come to the rescue. They get to work and their device connects to a corporate router which got compromised overnight and is now decrypting traffic. Symantec’s patented Active Honeypot approach detects this and automatically informs the SIEM solution of a possible breach. They step out to go get lunch at a nearby deli and malicious hackers have set traps using identical corporate Wi-Fi names to trick business users into connecting to them. Corporate W-Fi Defense knows the exact configurations and device types of the corporate routers and automatically disconnects users from malicious networks. They go back home, kid is happy to see the parent but happier to see their mobile phone as it is their favorite toy. They download a popular game which actually is a repackaged app that leaks corporate data in the background. Symantec’s patented Repackaged App Defense comes into action. A new security patch becomes available in some part of the world which fixes a severe vulnerability but your carrier or OS vendor has not informed you about its availability. Vulnerability Defense uses crowd wisdom to not only inform you that it is available but Security Console also shows you the devices that are upgradable, # of issues that can be resolved and the risk that can be avoided. One of the apps on the device is communicating in the background with a command and control server in Russia where you have no business ties, Mobile Application Reputation Service allows on-demand analysis of public and private apps. Finally, end of the day, you are tired, your device is tired but the hacker is not. They launch an Advanced Persistent Threat (APT) on the device and are trying to break into it by trying small things at a time, none of which have succeeded yet. Symantec’s Indicators of Compromise compares our app and OS level footprints with 100s of thousands of other devices out there to detect early signs of compromise even before the hacker succeeds. This is how Symantec allows you to always stay a step ahead of hackers throughout the day. Child downloads a free game Ransomware 6pm REPACKAGED APP DEFENSE New OS not yet downloaded 8pm VULNERABILITY MGMNT Known Vulnerability Targeted Attack 10pm MARS Data Leakage Unknown Vulnerabilities 11pm SYMANTEC IOC Mobile APT
9
Mobile Attack Demo 1 2 Threat: Network Attack
Vulnerability: Malicious Profiles Threat: Malware Vulnerability: Sideloaded Apps
10
Endpoint Protection Mobile Overview
Threat Intelligence SEP Mobile crowd-wisdom Integrated Global Intelligence Network 1000 Cyber Warriors. 175 M Endpoints. 8 B Daily Security Requests. EMM EMM Cloud Server Risk/compliance visibility Advanced security Automation & integration Consistent across Managed & Unmanaged scenarios SEP Mobile collects threat intelligence from multiple sources: SEP Mobile research team and install base for mobile security specific intel Symantec Global Intelligence Network that has more than 1000 cyber warriors from around 9 SOCs around the world, analyzing data from 175M endpoints and responding to more than 8 billion daily security requests Third party sources This helps us provide industry’s unparalleled threat intelligence for all endpoints – traditional and modern. Public App Simple deployment & maintenance Ensured privacy Minimal footprint Symantec’s Layered Security
11
On-device Conditional Access
12
Mature Enterprise Console
13
Customer Testimonial “One of the easiest deployments I’ve honestly ever had with any application.” – John Dickson, IT Director 2nd largest distributer of beer, wine, and spirits in the US Revenue: $5.5B No. Employees: 9000 Business Challenges Employees and data is highly mobile Needed extension of existing solutions Use cases – Shared devices, deployment with no access, secure 900M USD inventory, field employees & drivers Why SEP Mobile? Easy to manage, easy to deploy (running within hours) Control and security reporting on all mobile devices Secure any mobile device, on any network, and anywhere in the world Integration with AirWatch End user privacy completely maintained
14
My selection criteria User experience Privacy Battery life
Cloud was a must Integrated like glue with Airwatch Protection against malicious apps, networks and drive-by websites USER IT Zimperium had a complicated UX and required scripting WHO ELSE DID WE LOOK AT? ZIMPERIUM AND LOOKOUT Lookout did not do anything for network awareness and protection
15
Management Buy-in was easy
It started with skepticism … 1 2 Leveraged SEP MOBILE’S iOS MALICIOUS PROFILE EXPLOIT Took over CFO’s iPhone in less than a minute Easiest sell ever Received 250 FREE SEATS as part of the trial 30% DEVICES had known vulnerabilities 10 DEVICES had keystroke loggers
16
RNDC Security technologies
AirWatch MDM* AntiMalware AntiHacking Patch Mgmt (SEP Mobile) Mobile Devices SFA/BYOD
17
Overall impact of SEP Mobile
3,900,000 Apps Analyzed 45,000,000 Network Tests Performed 58,000 Incidents mitigated 5,000+ Users 8,000 Devices Multiple devices had malicious activity SEP Mobile helped with immediate remediation Getting more mobile related questions – There is more awareness Helps to drive more applications into the AirWatch App Store rather than fighting the pushback This gives us a touch into the salesforce automation program. This was missing earlier. “Thank you’s” from all associate levels, especially for securing BYO devices and personal data in addition to business data
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.