Escolar Documentos
Profissional Documentos
Cultura Documentos
3 Steps to Implementing an
Effective BYOD Mobile
Security Strategy
How to Augment Your MDM, MAM, NAC and SIEM Deployments to Truly
Mitigate Mobile Risks and Protect Enterprise Resources
Table of Contents
Backdrop - Mobility is Attractive for Enterprise Productivity & Mobile Cyber Security Threats
11
www.lacoon.com
What is needed is a way to secure your mobility in a way that maximizes its benefits to achieve this
you will need to identify:
1. Understand the Risks of Mobility what can the mobile devices, applications and traffic in your
environment be used by attackers to do? Do you understand the needs of all of your stakeholders?
2. Identify the Potential Holes in Your Coverage what are the different solutions in your
environment designed to do and where are you still vulnerable?
3. How to Shut Down Attackers what is needed to effectively manage your risk, without
hampering the productivity these mobile devices and applications can provide.
6. http://knopfdoubleday.com/2011/03/14/your-cell-phone/
2014 Lacoon Security Inc. All rights reserved.
www.lacoon.com
Role
CISO
Security Team
Employees
The convenience of being able to work whenever and wherever they are located.
www.lacoon.com
Augmentation Needed: While NAC provides a basic level of protection for the mobile devices in your
www.lacoon.com
environment, it doesnt go deep enough to be able to provide the capabilities you need to protect your
resources from advanced, targeted mobile threats. NAC needs to be augmented by mobile security
capabilities that can:
Identify vulnerabilities introduced by mobile devices and applications in your environment, going
beyond the basic checks to understand the security ramifications of a particular OS version, patch,
application, etc.
Detect advanced mobile threats via detailed analysis that correlates device, application and network
activity to understand what is really going on and uncover attacks.
Add risk-based mitigation capabilities to enable dynamic access policy enforcement, based on
real-time mobile risk levels.
SIEM
Capabilities: SIEMs focus on helping you monitor and manage activity in your network. The SIEM collects,
analyzes and presents information from all the different devices/services across your organization to give
you real-time visibility and intelligence into the security posture of your environment, so you can better
manage your network and security infrastructures. SIEMs offer tools to support:
Vulnerability Management integrating vulnerability databases to identify potential issues within your
environment.
Compliance validating conformance to corporate policies and supporting post-remediation forensics.
Incident Investigation correlating log source data from thousands of devices/services to flag
anomalies and facilitate investigations into your security events.
Incident Resolution providing visibility into activities to facilitate remediation of security incients and
attacks.
Augmentation Needed: Since SIEMs try to provide a holistic view of your infrastructure, its important
they have access not only to accurate intelligence from the mobile devices and applications in your
environment, but also the threats they pose. SIEMs need mobile threat intelligence on:
Vulnerabilities in the devices and applications in your environment.
Threats and anomalous behavior in your mobile devices, applications and traffic, so you can make
informed decisions around policies and defense mechanisms.
Attacks using mobile devices and applications to target corporate assets and resources.
Point Solutions Attempting to Fill the Gap
Given the mobile security holes in existing network and security infrastructures, there are a host of
solutions that have emerged to try to mitigate the risks mobility poses to your organization. Each solution
looks at the mobile security threat in a different way:
Mobile AV similar to desktop AV solutions, these technologies scan mobile files and communications
to look for known attack patterns and identify mass malware.
Unfortunately, they are unable to address malware that has morphed or any of the advanced targeted
attacks facing an enterprise.
www.lacoon.com
App Reputation/Integrity Solutions these technologies look at all the different mobile applications to
try to identify those that display suspicious behaviors or contain malware. Many use sandbox
techniques, which execute the applications in a controlled environment, to understand what they do
and how they do it. They scan popular app stores looking for new apps and provide enterprises with a
risk score that can then be used to set policies that are enforced by an MDM or mobile app
management (MAM) system. Note, due to controls within the Apple store, these solutions arent testing
iOS apps, rather they infer what similar Android apps will do on iOS.
Unfortunately, many legitimate apps that are widely used may display behaviors that could be deemed
dangerous by these solutions (e.g. conference apps often accesses contact lists, allow files to be easily
uploaded/downloaded/shared, turn on camera, etc.). Any attempt to lock down or block apps relied on
by users will probably be viewed as intrusive or disruptive as already noted, users will likely find a
work-around to use the apps anyway, if they are part of their work/personal lives. The main reason
these solutions are limited in their ability to identify real risks is they execute the app in isolation with
no knowledge or context of how the app may interact with a particular device that downloads it.
Mobile Network Gateways these technologies represent a host of different solutions that control
access and inspect traffic to and from resources within the enterprise environment. They could be
placed in front of mail or web servers or used to protect WiFi networks or the corporate LAN. They are
able to detect and prevent a variety of attacks leveraging mobile traffic as a pathway into sensitive
corporate resources. They can protect mobile communications via virtual private networks (VPNs) that
encrypt traffic to keep it secure.
Unfortunately, they can only protect the devices when they are in the corporate network (behind the
firewall). The value of mobility is that it allows users to be anywhere. Routing all traffic through the
gateway is an option, however, it can have significant performance implications on that traffic and
negatively impact the user experience, adversely affecting productivity and satisfaction levels.
Mobile Authentication Solutions these technologies are designed to validate a user is who they say
they are to grant them appropriate access to resources. Almost every solution has an authentication
element embedded in it.
Similar to secure containers and wrappers, authentication adds a layer of protection, but is blind to
exploits. So if a user, device or application has been compromised, it will not be picked up when they
authenticate and access will be granted as though nothing is wrong.
While each of these solutions offers some level of protection, it is not complete. There are so many
different threat vectors an attacker can exploit on your mobile devices and applications and in your
mobile traffic, that you really need a solution that covers them all. Trying to put together a comprehensive
solution from these point products will probably still leave you vulnerable, plus, deploying and managing
them all is likely cost prohibitive, adding significant complexity to your ongoing operations. Pulling in
next-generation mobile security solutions that can bridge it all together will enable you to more effectively
manage and mitigate all your mobile risks to protect your corporate resources.
www.lacoon.com
Device-Level Exploits
Suspicious Configuration Changes
Vulnerable Configurations
Malicious Profiles
Device Jailbreaks
Application-Level Exploits
Rooting Applications
Malicious Behaviors:
Spyphones
SMS interception
Key Loggging
Screen Scraping
Malicious Behaviors:
Spyphones
Network-Level Exploits
Man-in-the-Middle Attacks - Connections to Rogue
Hotspots
Once detected, the solution should be able to differentiate between the level of risk a particular attack
poses to the organization, so appropriate decisions can be made around how to best mitigate the threat.
Enable Risk-based Mobile Management
Enterprises need to enact security controls based on the real-time risks a user or device poses to
corporate data. Adding security to mobile management in a way that effectively protects an enterprises
resources from the current threats they are facing helps organizations align their mobility and security
objectives.
www.lacoon.com
An effective security solution will be able to offer a variety of mitigation capabilities, so enterprises can
tailor their responses to certain risk levels in accordance with their security priorities and risk tolerance.
For example, they may want to:
Notify Users educating them on the risk a particular application or action poses, confirming they
knowingly allowed an application or action, or asking them to remove or stop using a particular
application or action.
Block Access preventing a users access to specific corporate resources until the risk is mitigated.
Block Traffic preventing traffic from reaching its destination until the attack is remediated.
Activate a VPN ensuring particularly sensitive information is encrypted, so it remains private until the
threat is removed.
Perform Vulnerability Assessments at Each Threat Vector
Enterprises need to be able to inspect all the activity taking place in their environment and determine the
level of risk the mobile devices and applications are exposing to their organization, at any given time. This
requires looking at each and every mobile threat vector that an attacker could exploit in the devices,
applications and network to understand the attack surface that could be exploited by an attacker.
An effective mobile security solution will be able to analyze the vulnerabilities associated with:
Devices including all the hardware, operating system (OS), configurations, and sensors, as well as
device characteristics (role of the user in the organization, current location, etc.), to determine how any
changes could impact risk.
Data and Applications including all the different behaviors of apps over time and their interactions
with the devices on which they are downloaded to understand what they are doing, what data they are
accessing and where they are sending that data to pinpoint risky activity.
Network Traffic including all the communication patterns of devices, the type of network being used
(WiFi, foreign 3G network, etc.), and connectivity status (time, duration of connection, location, etc.) to
identify any activity that is anomalous and suspicious.
To ensure nothing is missed, the analysis of risk indicators must be done in context; each of these threat
vectors needs to be correlated to ensure the true scope of a threat can be identified. The attack surface
and potential impact of a threat can only be understood by evaluating all potential vulnerabilities and their
inter-dependencies.
Maintain Privacy and a Good User Experience
Providing a good user experience cannot be underestimated. It is the key to a successful deployment. As
already noted, users are going to find ways to leverage the technologies they need to get work done. Any
security measure that significantly hampers the convenience and ease of use that users expect from their
mobile devices and applications is likely to be met with objections and result in minimal business value.
Being able to quickly and simply integrate security into the user experience, in a non-invasive way, will
satisfy both security and business objectives. The mobile security solution should:
Be Easy to Use Mobile users will be more accepting of a solution that doesnt change they way the
use their device or adversely impact the performance (battery life, speed, etc.).
Tailor Responses When Threat Is Identified enabling an appropriate response, so the user
experience is impacted only when absolutely necessary. Ideally, the solution could tailor responses to
particular user segments e.g. executives versus call center workers, etc. - to further refine security
measures.
Maintain Privacy ensuring all appropriate measures are taken to maintain the privacy and integrity of
each and every user e.g. no personal information is collected or analyzed, only aggregate data that is
pertinent to risks.
2014 Lacoon Security Inc. All rights reserved.
www.lacoon.com
Description
Key Features
Advanced
Mobile
Threat
Detection
Ability to correlate
Comprehensively
device, application
detect advanced
and network
threats, including
information to
zero-day, advanced
identify threats.
persistent threats
Should use a variety
(APTs), malware,
of detection methods
malicious applicato ensure maximum
tions, etc.
coverage, including:
Accurately classify
advanced app
threats to corporate
reputation analysis;
assets, providing
mobile AV;
visibility into the
device and
threat landscape you
network anomaly
are facing.
detection;
etc.
Ability to differentiate
between High,
Medium and Low
Threats
Adaptive
Risk
Mitigation
Deliver a variety of
mitigation capabilities:
Mitigates attack
damage to support
CISO and Security
team objectives
Ensures user
experience is only
interrupted for
high-level threats,
with a quick and
easy way to remediate and get back to
normal.
Jailbroken / rooting
apps on the devices,
Changes to the OS,
configurations, and
device
characteristics.
Malware (known and
zero-day).
Malicious apps and
risky app behaviors.
Suspicious network
traffic patterns.
On-Device: notify
users and provide
remediation steps
Via Integration with
existing Access
Policies (e.g. MDMs/
MAMs/NAC/etc.)
In-Network: dynamically active VPN to
protect communications; block attack
traffic until threat is
removed
Key Benefits
Ensure protection
methods align with
the threat level.
Ensure protection
methods align with
security and
business objectives.
Value to Stakeholders
www.lacoon.com
Vulnerability
Assessment
Assess real-time
vulnerabilities on all the
different mobile
devices, applications
and network traffic in
your environment.
Assess hardware,
OS, configurations
and application
vulnerabilities.
Reduce attack
surface
Confirm compliance
with corporate
policies (acceptable
use)
Easy to
Manage
Enterprise-ready
capabilities that
simplify deployment,
maintenance and
management.
Dynamic mobile
policy enforcement
that reflects
real-time threat-levels.
Effectively manage
and mitigate risks.
Reports/data easily
understood and
exportable.
Reduce ongoing
operational costs to
support business
objectives of CISOs.
Streamline visibility
and policy enforcement to strengthen
overall security for
the Security team.
Provides relevant
information for audit
and compliance
checks by the Risk
and Audit teams.
Enhances overall
mobility management for the
Mobility team.
Minimal
User Impact
Simple to download
and use:
Run in the
background
No performance
degradation
Nothing extra to
carry (e.g. fob)
Maintain user
privacy
Increase adoption/
user acceptance.
Ensure consistent
security stance
across the organization.
Continue to use
device as they
normally do, without
fear of someone
monitoring their
every move.
Maintain operational
cost structure only
Ensures employees
have the convenience and security
they need to
conduct business
everywhere.
www.lacoon.com