Mobile Data Loss. Threats & Countermeasures. Michael T.Raggo, CISSP, NSA-IAM, ACE, CSI.
|
|
- Malcolm Hawkins
- 8 years ago
- Views:
Transcription
1 Mobile Data Loss Threats & Countermeasures Michael T.Raggo, CISSP, NSA-IAM, ACE,
2 Mobile DataLoss Threat Vectors
3 Users have become the low hanging fruit Copyright 2000,2007Farworks, Inc. All Rights Reserved 3
4 Mobile Device Data Loss Vectors Spyware - Data harvested and sent to malicious User Data Leakage copy/paste, screenshot, open-in site, remotecnc Malware Protection when user is not on Corp Wi-Fi Jailbroken/rooted devices open device to network vulnerabilities leading to data exposure (Rogue AP, MITM, etc.) Steals/Leaks Data Hotspot 4
5 Wireless Network Security Concerns 1 Rogue AP Connected to Network Network Edge Blurred, New Attack NetworkBreach, Data Leakage, NetworkBackdoor Vectors Behind the Firewall Hacker Server INTRANET INTERNET Mobile Hotspot Device Evil Twin Desktop 3 Evil Twin AP DataLeakage, NetworkBackdoor Mobile User 2 Hotspot Phishing MITM, DataLeakage 5 Evil Twin
6 Man-in-the-Middle Attack Corporate Man-in-the-Middle Intruder Active Directory Mobile device Certs Evil Twin AP SSID =CoffeeShop Apps Content X Deauth/Disassociate Packet SSID =CoffeeShop Intruder perform a MITM attack capturing passwords, cookies, and possibly corporate data 6
7 Google s Skeleton Key Who: Craig Young atdefcon21 What: Using the Google token and cookies to authenticate and access a user s Google Drive, Calendar, etc. How: Google creates weblogin unique tokens to authenticate users on Google websites (hybrid of cookies) Created from the accounts they already have configured on their mobile devices Demonstrated a Rogue App (googlefinance app) that steals theseweblogintokens and sends them to the attacker (over an encrypted connection) <= RemoteCnC(command-and-control) The attacker then replays them in a web browser to impersonate the user and obtain access to Google Apps, Gmail, Drive, Calendar, Voice, and other Google services The Rogue App resided on Google Play for about a month before it was detected and taken down, and Google Play has since enhanced it s vetting and scanning of malicious apps submitted to the Google Play Store 7 7
8 Google s Skeleton Key How? UpdateCnCSite CnCSite 1. Attacker uploads malicious Google App to Google Play 5.CnCserver harvests and send commands to infected device 4.MalcodecontactsCnCserver on Internet 7.Hacker uses thewebloginsto login to the user s Dropper 2. Google App is a financial app and works as expected, but & Data includesmalcode 6. Commands are parsed by themalwareto obtain weblogins 3. Userinstalls App and unknowingly Victim 8 infects/roots their device Commands Google account and download user s files, data, etc.
9 Anatomy of Recent Retail Breach 1. Russian hacker 5. Hacker accesses FTP dump site and sellsblackposmalware for $2,300 downloads card data to later allowtransfer ondarknet. Attacker uses this to stage of funds from accounts attack. Dump Site 2.Malware distributed to Retailer internal DistributionServers POS 4. Malware scrapes unencrypted RAM in Update Server POS 3. Distribution Servers distributes malware to legacy POS terminals 99 real-time and sends card information to Dump Site
10 Heartbleed how does the attack work? 6.Attacker analyzes packet and sensitive data to see if there is anything interesting, if not reruns attack to capture more 1. Attacker creates a custom memory. HeartbeatTLS/DTLSpacket 7.If web server s certificate private key is captured, it can be used to decrypt current and historical user 5.Web Server responds by sending a packet Dropper 2. Packet is transmitted tovulnerableopensslweb server data and credentials back which unknowingly includes this extra sensitive data 4.The code grabs up to 64KB of extra memory in hopes of capturing something sensitive from memory Victim 3. Web Server processes packet Web Server 10 Username Password
11 Mobile DataLoss Countermeasures
12 Dataat rest Security Data in Transit Data in the Application
13 Secure and Manage Content Active Maintain separation Directory between personal and work apps and data Secure enterprise traffic Certs Apps Get your enterprise apps Content Enterprise Resources 13
14 MobileIron App & Content Security Distribute Private Storefront App Delivery Network App Control Containerize Tunnel Protect data-at-rest Protect data-in-motion AppConnect AppConnect SDK Wrapping Authentication Authorization Configuration Usage Tracking AppTunnel Deletion 1414 AppConnect AppSentry
15 Corporate Application SecurityPolicy 15
16 FIREWALL VPN vs.apptunnel Traditional VPN AppTunnel AppTunnel SENTRY AppTunnel 16 AppTunnel
17 Encryption: On-device Encryption and the Over-the-air withapptunnel WatchDox Active Directory Certs Apps Content 17
18 Encryption: On-device Encryption and the Over-the-air withapptunnel WatchDox Active Directory Certs Apps Secure communication between enabled apps Content Secure, App-specific connections with enterprise resources 18
19 Auto-Quarantine - SelectiveRemote Wipe Active REMOVE Directory Certs Apps Secure content Content Sharepoint WatchDox WatchDox 19
20 Thwart Man-in-the-Middle Attacks Corporate Mobile device with client Active certificate Man-in-the-Middle Intruder Directory Certs Apps Content By using certificates, the mutual authentication fails between the Device certificate and Sentry server certificate due to fake certificate presented by attacker. Therefore, no SSL connection is established and no data is exposed. 20
21 Google s Skeleton Key Lessons Learned: While although some of these Google services have been patched/fixed over the last few months, some Google services still are vulnerable Someone can download your entire Google Drive! MobileIron Mitigation: 21 If a device is rooted, your Google Apps data and tokens are exposed 21 NeedEMMeven when using Google Apps MobileIron EMM canidentifymalicious apps and rooted devices
22 MobileIron Mobile Attack Countermeasures 1.Hacker attempts MITM attack or targeted attack on mobile device, brute- Mobile Device force attacks mitigated through use of certs X 4.VSP identifies malicious app and alerts 5.AsJailbreak/rooting occurs, MobileIron Auto-Quarantines device Cert-based authentication Encrypted corporate persona Secure tunnel for App-only (not MobileIron VSP whole device) 6.Quarantine removes Managed Corp App & Data to mitigate exposure 2.VSP enforces security policies, lockdowns, restrictions 3. VSP monitors, alerts, and reports on outof-compliance devices, ensures closedloop actions X 2222 Lockdowns/restrictions Malicious App Detection Jailbreak/root auto-quarantine
23 Other recommendations Use MobileIron Sentry Secure Mobile Gateway Can provide additional protection for your servers! (ActiveSync, Web,Sharepoint, Apps, etc. that are using SSL/TLS) LeverageMobileIronAppTunnel(MobileIron-enabled or wrapped Apps) ormobileiron Tunnel(nativeiOSApps) to securely access internal servers. Sentry mitigatesheartbleedthreat Sentry will not negotiate Heartbeat request Disallow packet, Sentry Corporate doesn t allow Heartbeat Malicious Heartbeat Packet Attacker packets (DTLS) Active Directory Certs Apps Web Servers & Content 2323 MobileIron
24 Proactive & Reactive Countermeasures Holistic Mobile Security Proactive Encryption Containerize Corp Content & Apps Malicious App Detection Ongoing jailbreak/root detection User or device certificate to thwart MITM attacks Reactive Closed-loop compliance actions Block Remove Corporate Managed Apps & Data Selective Wipe (Corp Apps, Data, , etc.) Compliance Reporting Alerting
25 Core Security Elements VSP: Mobile Policy Configuration Engine ofmobileiron splatform Mobile Device Management Mobile Application Management Identity And Certs User Self-Service Rules & Reporting MobileIron Client Enforces Configuration and Security Sentry policies on the device, apps and content at rest and in real time Provides Access Control by Enforcing Security Policies on Apps and Contentin-flight 25
26 Michael T.Raggo, CISSP, NSA-IAM, ACE,
State of App Security
State of App Security Recent attacks targeting mobile apps and operating systems have put an unprecedented amount of mobile business data at risk. Many enterprises are unprepared to combat the latest mobile
More informationSecuring Office 365 with MobileIron
Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,
More informationMobileIron Product Packaging
MobileIron Product Packaging The MobileIron Enterprise Mobility Management [EMM] Solution is a purpose-built mobile IT platform. It provides users with seamless access to the business processes and content
More informationMobileIron. Hendrik Van De Velde Exclusive Mobile Eco-system
MobileIron Hendrik Van De Velde Exclusive Mobile Eco-system Agenda MobileIron Company and Vision Mobile First and Mobile IT The MobileIron Solution Mobile Device Management Mobile Application Management
More informationWelcome! Thank you! mobco about mobile samsung about devices mobileiron about mobile IT accellion on mobile documents hands-on devices and race karts
Welcome! Thank you! mobco about mobile samsung about devices mobileiron about mobile IT accellion on mobile documents hands-on devices and race karts 2013 mobco MobileIron Hendrik Van De Velde Your regional
More informationMobileIron Product Packaging
MobileIron Product Packaging The MobileIron Enterprise Mobility Management [EMM] Solution is a purpose-built mobile IT platform. It provides users with seamless access to the business processes and content
More informationMobile Security: Threats and Countermeasures
Mobile Security: Threats and Countermeasures Introduction Mobile devices are rapidly becoming the primary end-user computing platform in enterprises. The intuitive user-experience, robust computing capabilities,
More informationMobile First Government
Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,
More informationHow To Protect Your Mobile Device From Attack
Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000
More informationIntroduction to the Mobile Access Gateway
Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch
More informationMobileIron Cloud Pricing Packaging
MobileIron Cloud Pricing Packaging MobileIron Cloud delivers our Enterprise Mobility Management () Solution through a purpose-built cloud platform. It provides users with seamless access to the business
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationProtection & control across all your mobile devices
Protection & control across all your mobile devices Sensitive company data on mobile devices is safer with industry-leading mobile device management Solutions from eir Business. Mobile device management
More informationThe Hidden Dangers of Public WiFi
WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect
More informationEmbracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.
Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationWhite Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com
Protecting Mobile Apps with Citrix XenMobile and MDX citrix.com Mobility is a top priority for organizations as more employees demand access to the apps and data that will make them productive. Employees
More informationAppConnect FAQ for MobileIron Technology Partners! AppConnect Overview
AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview What is AppConnect? AppConnect is a MobileIron product that secures and protects enterprise mobile apps. It manages the complete lifecycle
More informationKeep Hackers Guessing: Protecting Corporate Information While On The Go
Keep Hackers Guessing: Protecting Corporate Information While On The Go Proactive tips for wireless information security for traveling professionals. In today s world where WiFi hotspots are available
More informationPULSE SECURE FOR GOOGLE ANDROID
DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device
More informationLync SHIELD Product Suite
Lync SHIELD Product Suite The Natural Solution For Securing Lync Connectivity For today s mobile enterprise, the need to connect smartphones to the corporate network has become a vital business requirement.
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationMobileIron Support. Table of Contents. 1. Introduction. 2. Supported Features. Version 1.1 - November 2015
MobileIron Support Version 1.1 - November 2015 Table of Contents 1. Introduction 2. Supported Features 3. Relevant Components 4. Testing a Trial Version with AppConnect 5. Creating a Configuration on the
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationFidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1
Fidelis XPS Power Tools Gaining Visibility Into Your Cloud: Cloud Services Security February 2012 PAGE 1 PAGE 1 Introduction Enterprises worldwide are increasing their reliance on Cloud Service providers
More informationAccessing the Media General SSL VPN
Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationSESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support
SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support Desktop Support and Data Breaches: The Unknown Dangers Bryan Hood Senior Solutions Engineer, Bomgar bhood@bomgar.com Session Description
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationMonitoring mobile communication network, how does it work? How to prevent such thing about that?
Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1 Contents How mobile communications work Why monitoring?
More informationProtecting Point-of-Sale Environments Against Multi-Stage Attacks
SOLUTION BRIEF: PROTECTING POS DEVICES & BROADER ENVIRONMENT........................................ Protecting Point-of-Sale Environments Against Multi-Stage Attacks Who should read this paper Point-of-Sale
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationRemote Vendor Monitoring
` Remote Vendor Monitoring How to Record All Remote Access (via SSL VPN Gateway Sessions) An ObserveIT Whitepaper Daniel Petri March 2008 Copyright 2008 ObserveIT Ltd. 2 Table of Contents Executive Summary...
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described
More informationThe Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data
The Challenge The Solution Today's employees demand mobile access to office information in order to maximize their productivity and they expect that enterprise collaboration and communication tools should
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationKaspersky Lab Mobile Device Management Deployment Guide
Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile
More informationAdvanced Configuration Steps
Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationSharePlus Enterprise: Security White Paper
INFRAGISTICS, INC. SharePlus Enterprise: Security White Paper Security Overview Anand Raja, Gustavo Degeronimi 6/29/2012 SharePlus ensures Enterprise data security by implementing and interoperating with
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationSymantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management
Mobile Application Management and Protection Data Sheet: Mobile Security and Management Overview provides integrated mobile application and device management capabilities for enterprise IT to ensure data
More informationWhen enterprise mobility strategies are discussed, security is usually one of the first topics
Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationMobile Application Management with XenMobile and the Worx App SDK
Mobile Application Management with XenMobile and the Worx App SDK 2 Enterprises of every size and across every industry have made mobility an important IT initiative. While most mobility strategies started
More informationKaspersky Security for Mobile Administrator's Guide
Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationProtecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices
Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationTotal Enterprise Mobility
Total Enterprise Mobility Presented by Wlodek Dymaczewski, IBM Wlodek Dymaczewski dymaczewski@pl.ibm.com www.maas360.com Top Enterprise Mobility Initiatives Embrace Bring Your Own Device (BYOD) Migrate
More informationProtecting Your Network Against Risky SSL Traffic ABSTRACT
Protecting Your Network Against Risky SSL Traffic ABSTRACT Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure
More informationThe Challenges of Implementing a Bring Your Own Device Policy
BYOD The Challenges of Implementing a Bring Your Own Device Policy MARK HARRIS, Ph.D. KAREN PATTEN, Ph.D. UNIVERSITY OF SOUTH CAROLINA SC-GMIS NETWORK & TELECOM WORKSHOP SALUDA SHOALS RIVER CENTER OCTOBER
More informationPayment Transactions Security & Enforcement
Payment Transactions Security & Enforcement A REPORT FROM NEWNET COMMUNICATION TECHNOLOGIES, LLC Copyright NewNet Communication Technologies, LLC. 700 East Butterfield Road, Suite 350, Lombard, IL 60148
More informationDon t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It
WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should
More informationEnterprise Mobility as a Service
Service Description: Insert Title Enterprise Mobility as a Service Multi-Service User Management for Mobility 1. Executive Summary... 2 2. Enterprise Mobility as a Service Overview... 3 3. Pricing Structure...
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationProtecting Android Mobile Devices from Known Threats
Protecting Android Mobile Devices from Known Threats Android OS A Popular Target for Hacks White Paper Zero Trust Mobile Security An Introduction to the BETTER Mobile Security Platform BETTER at work.
More informationEnterprise Mobility Management
Enterprise Mobility Management Security Without Compromising User Experience SESSION ID: SPO2-R03 Brian Robison Principal Technology Evangelist, XenMobile Citrix Systems, Inc. Providing the freedom to
More informationVPN Lesson 2: VPN Implementation. Summary
VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users
More informationMobile device and application management. Speaker Name Date
Mobile device and application management Speaker Name Date 52% 90% >80% 52% of information workers across 17 countries report using three or more devices for work* 90% of enterprises will have two or more
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationTresorit s DRM. A New Level of Security for Document Collaboration and Sharing
Tresorit s DRM A New Level of Security for Document Collaboration and Sharing Cloud-based storage has made it easier for business users to share documents, but it has also opened up new vulnerabilities.
More informationCWSI Service Definition for Mobile Device Management and Security
CWSI Service Definition for Mobile Device Management and Security October 2015 Contents I. Document Control... 3 a). History... 3 b). Reference Documents... 3 II. Company and Contact information... 3 1.
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationWindows Phone 8.1 in the Enterprise
Windows Phone 8.1 in the Enterprise Version 1.4 MobileIron 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 info@mobileiron.com Introduction 3 Why Windows
More informationMaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang www.maas360.com
MaaSter Microsoft Ecosystem Management with MaaS360 Chuck Brown Jimmy Tsang www.maas360.com Introductions Chuck Brown Product Management IBM MaaS360 Jimmy Tsang Director of Product Marketing IBM MaaS360
More informationImprove your mobile application security with IBM Worklight
Improve your mobile application security with IBM Worklight Contents 1 Introduction 2 IBM Worklight overview 4 Enabling mobile security with IBM Worklight 6 Integrating IBM Worklight with enterprise security
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More information10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group
10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group Presented by: Michael Flavin and Stan Stahl Saalex Information Technology Overview Saalex Information
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationAirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management
Device Vendor Comparisons Deployment options ( + / -) Vendor for On premises Cloud/SaaS and other platforms supported (+ / -) Vendor for ios Android Extended Android APIs Knox, Safe Safe BlackBerry Windows
More informationThe ForeScout Difference
The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationThe User is Evolving. July 12, 2011
McAfee Enterprise Mobility Management Securing Mobile Applications An overview for MEEC The User is Evolving 2 The User is Evolving 3 IT s Challenge with Mobile Devices Web 2.0, Apps 2.0, Mobility 2.0
More informationElevation of Mobile Security Risks in the Enterprise Threat Landscape
March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest
More informationSimple security is better security Or: How complexity became the biggest security threat
Simple security is better security Or: How complexity became the biggest security threat Christoph Litzbach, Pre-Sales Engineer NSG 1 What do they have in common? DATA BREACH 2 Security is HARD! Components
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationGO!Enterprise MDM Device Application User Guide Installation and Configuration for Android
GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android GO!Enterprise MDM for Android, Version 3.x GO!Enterprise MDM for Android 1 Table of Contents GO!Enterprise MDM
More informationSecurity for Mac Computers in the Enterprise
Security for Mac Computers in the Enterprise October, 2012 Mountain Lion 10.8 Contents Introduction 3 Service and App Protection 4 Gatekeeper 4 Digital Signatures and Developer IDs 4 App Sandboxing 5 Mandatory
More informationOracle Mobile Security Management
Oracle Mobile Security Management Angelo Maria Bosis Technology Sales Consulting Director Milano, 19 Marzo 2014 Safe Harbor Statement The following is intended to outline our general
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationHow To Secure Your Mobile Devices
SAP White Paper Enterprise Mobility Protect Your Enterprise by Securing All Entry and Exit Points How Enterprise Mobility Management Addresses Modern-Day Security Challenges Table of Contents 4 Points
More information