... Mobile App Reputation Services THE RADICATI GROUP, INC.

Size: px
Start display at page:

Download "... Mobile App Reputation Services THE RADICATI GROUP, INC."

Transcription

1 . The Radicati Group, Inc Embarcadero Road, Suite 206 Palo Alto, CA Phone Fax THE RADICATI GROUP, INC. Mobile App Reputation Services Understanding the role of App Reputation Services in delivering Enterprise Grade Mobile Security A Whitepaper by The Radicati Group, Inc.

2 Table of Contents Introduction The Growth in Number of Mobile Apps Different Layers of Mobile Security Current Approaches for Dealing with App Security Webroot s Mobile App Reputation Service Conclusions and Recommendations...11 This whitepaper was sponsored by Copyright May 2013, The Radicati Group, Inc. 2

3 INTRODUCTION Smartphones and tablets continue to be heavily adopted by enterprises and consumers alike and have changed the way people live and work. While this leads to greater user freedom and empowerment it also opens the way to more security vulnerabilities than ever before, as mobile devices are increasingly becoming the target of hackers and cybercriminals. Security concerns exist at all levels of the mobile ecosystem, including the mobile device hardware, the operating system layer and the mobile browser capabilities, however, nowhere is the threat of malware or malicious activity more challenging than at the application level. The sheer number of apps from different sources, presents an enormous threat vector for malware and malicious activity, particularly as users are not always fully aware of how apps behave and are therefore lax in how they protect against potential unwanted behavior. Mobile app stores provide access to billions of apps, some of which have been tested to some degree but many of which are only minimally vetted before being accepted for store distribution. The Apple itunes store boasts 775,000 apps as of January 2013, while the Google Play Store had 900,000 apps online as of May While Apple is famous for its strict app vetting approach, Google has taken a more relaxed attitude and allows app developers greater freedom to upload apps to its store. Regardless of the amount of testing that an app store vendor may do, however, the sheer volume of these apps makes it impossible for a single user or organization to be 100% sure of which apps are trustworthy. In addition, app behavior can range widely from mildly annoying, such as issuing excessive pop-ups, to unwanted excessive use of the mobile device s communication capabilities, to outright downloading of malicious viruses or Trojan code. The only way to successfully deal with the onslaught of apps and the potential risks they represent is to rely on a mobile app reputation service. Mobile app reputation services can provide intelligence and granular threat assessments on millions of apps and are an essential aspect of a complete security strategy for Mobile App Developers, Mobile Device Management (MDM) vendors, Mobile App Store vendors, mobile carriers and anyone who needs to deliver application security to their customers. This whitepaper discusses the need for mobile app reputation services, and presents Webroot s App Reputation Service and the unique threat protection capabilities it delivers to partners and Copyright May 2013, The Radicati Group, Inc. 3

4 customers to ensure that their mobile applications are safe and compliant. In addition, Webroot s App Reputation Service provides a wealth of general information about app characteristics which can be used to set granular policies on app delivery and behavior permissions. 1.0 THE GROWTH IN NUMBER OF MOBILE APPS The number of apps available for mobile devices continues to climb sharply. In early 2013, Apple was adding apps to its store at a rate of about 20,000 apps per month, and Android apps were appearing at a similar pace. These apps are made by a variety of publishers. Well-known companies in different verticals, such as media, entertainment, and gaming, all have multiple apps available on multiple mobile OS platforms. The publication process for apps is also relatively easy, enabling sole developers to create an app in their spare time. With such a large number of apps available, it is not surprising that the app stores run by Apple and Google have over 1.5 million applications available for download. As of mid-2013, there have been approximately 100 billion downloads of apps between these two stores at a roughly even split with Apple announcing its 50 billionth app downloaded and Google announcing 48 billion app downloads just one day apart. With the massive growth in these numbers, we expect users to download another 100 billion apps in less than a year from these announcements. 2.0 DIFFERENT LAYERS OF MOBILE SECURITY The dramatic increase in the number of apps available has been fueled by the growing number of mobile devices that are used by consumers and business users. In fact, often these two types of users are fused into one with the Bring Your Own Device (BYOD) trend that has become popular across all verticals. Organizations were at first ambivalent, if not out-right opposed, to the idea of their employees being able to take home corporate data on a device easily misplaced, lost, or stolen. Organizations, however, are not able to stop or slow down this trend. This means that mobile security is more important than ever. Today, we can think of mobile security as comprising three different layers: Copyright May 2013, The Radicati Group, Inc. 4

5 Device layer protects and enforces policies on the physical hardware of mobile devices. Most mobile devices today come with cameras, GPS, Bluetooth, and other sophisticated hardware that can be exploited in certain scenarios. Getting a hold of these device-level features paves the way to enforce security on the operating system and application layers that rely on the device-level features for input. The operating system layer is the driving force of a mobile device, it takes inputs from the user and provides the user with feedback in return. The operating system layer is fundamental to device security as it and can enforce passcodes for device access, remote wipe features, block access to device communication resources, such as GPS or Bluetooth connectivity. However, protection at this layer is not able to recognize unwanted or malicious behavior by individual apps. App layer applications can store sensitive data that employees need to access on a daily basis. The security risk for these apps relates to loss of data. In order to ensure the integrity of the data contained within apps, organizations use additional forms of authentication, encryption, VPN tunneling, and more. In addition, certain apps cannot be trusted, such as games or rogue mobile banking apps, and must be blacklisted based on their threat to worker productivity, data exploitation, and other threats. Table 1, summarizes some of the security threats that may be found at each layer. Layer Device Operating System Applications Mobile Security Threats Threat Examples WiFi connecting to a rogue network; compromised Bluetooth connection; unauthorized camera usage; etc. Devices without a passcode; flaw or exploit in any native; required application (e.g. phone or Web browsing app); etc. Data is left unencrypted when sending over a network; device user is not authenticated when opening an app; etc. Table 1: Common Security Threats at Each Layer of a Mobile Device Copyright May 2013, The Radicati Group, Inc. 5

6 3.0 CURRENT APPROACHES FOR DEALING WITH APP SECURITY The security elements for the device and operating system layers have remained manageable for MDM vendors to keep up with. It is the apps, however, that are difficult to keep up with since they can literally be updated on a daily basis. This makes ensuring security at the application layer a very difficult proposition. Today, app security is normally addressed with some of the following techniques: Mobile device management is seen as the base level of security that utilizes device and operating system controls to keep devices secure. While this type of security keeps an entire device secure, there are minimal features available for applying granular protection to individual apps on the mobile device. App whitelisting/blacklisting addresses the security of applications on a mobile device. Administrators decide which apps to block or allow in a strictly binary fashion. While this does solve the problem of app security, the success of this approach is proportional to the amount of time spent by an administrator to decide which apps to whitelist or blacklist. With a growing number of apps available that users need to install on their mobile device, it will be impossible to maintain a list of every app that is good or bad. In addition, due to their binary nature, whitelist/blacklist approaches tend to easily generate false positives. Containerization also addresses the security aspect of applications, but this is a long and arduous process that should be reserved for custom-built apps or apps that contain very sensitive data. It is not necessary to containerize apps that are seemingly harmless, yet these apps must be addressed with some type of security feature. Containerizing every app would simply be too labor intensive. Table 2, summarizes these approaches to mobile device protection and some of the limitations they present in dealing specifically with app security. Copyright May 2013, The Radicati Group, Inc. 6

7 Approach Mobile Device Management App Whitelisting / Blacklisting Containerization Protecting Mobile Devices Limitations Focused mainly on device-level controls and not at app-borne threats. Binary approach that is too labor-intensive for the millions of apps available. Can easily generate false positives. Only necessary for enterprise apps, not wellsuited for personal or "mass-market" apps. Malicious apps can still infect the device layer even if they are containerized. Table 2: Protecting Mobile Devices In the current mobile environment that organizations face, there are simply too many apps to handle with containerization or blacklisting/whitelisting. Furthermore, a whitelisted app can easily turn malicious with an update. While it is certainly true that some apps, such as enterprisespecific apps, must be containerized or treated with special care, the majority of apps ought to be secured through an automated process that offers granularity about an apps behavior. An app reputation service can provide this service of pre-vetting apps to determine any malicious intent. App reputation services rely on a large number of inputs to automatically evaluate mobile apps, such as mobile malware signatures, mobile Web URLs, and much more. Using a broad range of inputs, an app reputation service can go beyond binary rankings that send apps to blacklists or whitelists. Furthermore, with the large amount of inputs used, an app reputation system can generate reputation scores that result in few, if any, false positives. 4.0 WEBROOT S MOBILE APP REPUTATION SERVICE While the protection of corporate-sanctioned apps is achieved through their own special, intricate methods of containerization, app wrapping, and more, the protection from the millions of noncorporate-sanctioned apps, such as personal or mass-market apps is too restrictive if it is addressed with only whitelists/blacklists, or too liberal if it is entirely unregulated. All too often mobile device users trust apps with any and all of their information simply because it is downloaded from the Google Play store or Apple App Store. IT Admins need to ability to make decisions on criteria beyond whether or not a mobile app is malicious or not. Copyright May 2013, The Radicati Group, Inc. 7

8 The Webroot Mobile App Reputation Service solves this problem by gauging the riskiness of an app from a massive amount of data from various inputs to determine if the app contains any threats or suspicious behavior. The Webroot Mobile App Reputation Service will rank an app according to the following categories: Malicious the app contains some form of malware designed to exploit the mobile operating system or device. Unwanted the app contains unnecessary and intrusive ads, popups, privacy policies, or other forms of invasive behavior. Suspicious the app contains unwanted or malicious components, but its behavior does not trigger any of Webroot s proprietary heuristics. Moderate the app is likely benign, but it may contain dangerous permissions Benign the app does not contain any dangerous permissions. Trustworthy the app has been scored as safe with no malicious behavior. In order to arrive at these rankings, Webroot takes each app through a five step process that closely examines the behavior, intentions, and risk of an app. The technology that powers the Webroot Mobile App Reputation Service is based on Webroot s principal cloud based security intelligence Webroot Intelligence Network (WIN), which collects billions of pieces of information from multiple sources, such as Web, endpoint, and mobile security services. Relying on WIN technology, Webroot s Mobile App Reputation Service is differentiated by its ability to use automated machine learning to collect, analyze and classify millions of mobile applications. The service also has access to a massive database of over 100 terabytes of every piece of malware that the vendor has ever seen and other proprietary threat databases that each app can be referenced against. The Webroot Mobile App Reputation Service also relies on its own proprietary heuristics that scan app behavior in a mobile sand-boxed environment. This behavior assessment is an essential element of the inspection process as apps are capable of deception and acting differently than assumed. Webroot s behavior inspection, however, helps avoid this type of deception. Figure 1, shows how the Webroot Mobile App Reputation Service arrives at a trust level for an app and its ability to deliver this data to its partners. Copyright May 2013, The Radicati Group, Inc. 8

9 Feedback Loop Mobile App Reputation Services Direct downloads from app stores Collection File sharing among other security vendors Data from millions of Webroot SecureAnywhere users Metadata about each app, such as app user ratings Analysis Package inspection of APK, IPA, etc. Runtime analysis to examine behavior Disassembly for source code inspection AI analysis with proprietary heuristics, SVM, and more MD5 hash inspection for malware Metadata inspection, such as developer or popularity Classification & Scoring Partner API Initialized with a clean score of 100 Once analyzed, scored based on riskiness Ranked from Trustworthy to Malicious Available via a RESTful Web service API Apps can be looked up via package name or MD5 App permission requests, runtime captures, source code files, and more can be accessed via the Partner API Figure 1: Webroot Mobile App Reputation Service Process Based on this process, Webroot assigns a reputation score to each application. Webroot has also devised a simple reputation band classification that streamlines the interpretation of the numeric reputation score. The reputation score and band classification are exposed to partners and developers through an efficient RESTful Web service API. The API can be easily integrated by Mobile App Developers, Mobile Device Management (MDM) vendors, Mobile App Store vendors, mobile carriers and anyone who needs to deliver application security. The API can also expose a great deal of additional information about each mobile app, such as: digital certificate information, runtime captures, and permissions requests, and much more. This information can be used to set policies for app management. For instance, a policy could be created around the categories of apps that should or should not be allowed to be installed on devices; such as an administrator could set a policy to block all games, or social networking apps, etc. Data elements exposed through the API include: Copyright May 2013, The Radicati Group, Inc. 9

10 Application reputation Blacklist Whitelist Basic file and package information Digital certificate information Manifest data Permission requests Requested phone features Runtime captures Source code files Top number of malicious applications Most recent files added Google Play information Market prevalence information By using this wealth of information about mobile apps, Mobile App Developers, Mobile Device Management (MDM) vendors, Mobile App Store vendors, mobile carriers and others, can leverage Webroot s Mobile App Reputation Service a general purpose mobile app information delivery mechanism in conjunction to its security intelligence capabilities. Using Webroot s Mobile App Reputation Service ratings, an analysis of 2.62 million Android apps and 670,000 ios apps carried out in mid-2013 yielded the scoring shown in Figure 2 below. Android Application Behavior ios Application Behavior Trustworthy 18% Unwanted 7% Benign 41% Suspicious 0.002% Moderate 3% Trustworthy 7% Suspicious 19% Moderate 5% Malicious 10% Benign 90% Figure 2: App Reputation Rankings, 2013 This snapshot of the app reputation rankings taken from Webroot s own Mobile App Reputation Service is quite alarming: more than 4 out of 10 Android apps contain some form of malware, over-stepping permission, or other cause for worry. Mobile apps on ios represented less of an Copyright May 2013, The Radicati Group, Inc. 10

11 obvious threat, mainly due to Apple s own strict app vetting process, but even these apps while not malicious may present some unwanted characteristics. The Webroot Mobile App Reputation Service lets users of its Partner API block apps with a certain reputation, but the service also allows users to achieve even more granularity by letting administrators couple app rankings with individual app permissions. For example, an organization may want to allow apps ranked as Moderate, but it can still disallow Moderate apps that contain certain permissions, such as access to a contact list. With this amount of granularity, the Webroot Mobile App Reputation Service is capable of creating a mobile security policy that isn t too restrictive or too liberal, but is just right for an organization s given risk appetite. 5.0 CONCLUSIONS AND RECOMMENDATIONS With the onslaught of app-borne malware and threats, app reputation services are the only way to effectively protect mobile devices. Mobile device security approaches at the device, operating system, and application layers are necessary, but these approaches need to be augmented with a powerful app reputation service that can deal effectively with the growing challenge posed by app-borne threats. In selecting a potential mobile app reputation service provider it is important to weigh the vendor s overall expertise in the security field as well as their understanding of the specific peculiarities and challenges posed by the mobile world. In particular, it is essential to select a mobile app reputation service that: a. Has constant updates through a broad base of inputs and feedbacks which refresh its definitions frequently and on an on-going basis. b. Is easy to work with and integrates well with a lot of different app delivery scenarios and packaging options. c. Provides deep granularity of information concerning potential threats and multiple app characteristics allowing an IT administrator to make decisions based on risk profile. d. Is easily adapted to meet different security policy needs and can evolve as customer needs change. e. Exposes a wealth of information about mobile apps which can be used for to set policies, analyze trends and develop different use scenarios. Copyright May 2013, The Radicati Group, Inc. 11

12 Webroot s Mobile App Reputation Service offers a top-of-the-line app reputation service, backed by the vendor s core competency in security. Webroot s mobile app reputation service meets all the key characteristics described above and provides a reliable partner with leading edge technology that can be easily incorporated in solutions from Mobile App Developers, Mobile Device Management (MDM) vendors, Mobile App Store vendors, mobile carriers and anyone who needs to deliver mobile application to their customers. Copyright May 2013, The Radicati Group, Inc. 12

... Mobile App Reputation Services THE RADICATI GROUP, INC.

... Mobile App Reputation Services THE RADICATI GROUP, INC. . The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Mobile App Reputation Services Understanding

More information

Mobile App Reputation

Mobile App Reputation Mobile App Reputation A Webroot Security Intelligence Service Timur Kovalev and Darren Niller April 2013 2012 Webroot Inc. All rights reserved. Contents Rise of the Malicious App Machine... 3 Webroot App

More information

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers Webroot Security Intelligence for Mobile Suite Cloud-based security solutions for mobile management providers TABLE OF CONTENTS INTRODUCTION 3 WEBROOT INTELLIGENCE NETWORK 4 MOBILE SECURITY INTELLIGENCE

More information

Security challenges for internet technologies on mobile devices

Security challenges for internet technologies on mobile devices Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],

More information

Putting Operators at the Centre of

Putting Operators at the Centre of Putting Operators at the Centre of Enterprise Mobile Security Introduction Small and Medium Enterprises make up the majority of firms and employees in all major economies, yet are largely unidentified

More information

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

Zscaler Cloud Web Gateway Test

Zscaler Cloud Web Gateway Test Zscaler Cloud Web Gateway Test A test commissioned by Zscaler, Inc. and performed by AV-TEST GmbH. Date of the report: April15 th, 2016 Executive Summary In March 2016, AV-TEST performed a review of the

More information

Symantec's Secret Sauce for Mobile Threat Protection. Jon Dreyfus, Ellen Linardi, Matthew Yeo

Symantec's Secret Sauce for Mobile Threat Protection. Jon Dreyfus, Ellen Linardi, Matthew Yeo Symantec's Secret Sauce for Mobile Threat Protection Jon Dreyfus, Ellen Linardi, Matthew Yeo 1 Agenda 1 2 3 4 Threat landscape and Mobile Insight overview What s unique about Mobile Insight Mobile Insight

More information

Protect Your Enterprise by Securing All Entry and Exit Points

Protect Your Enterprise by Securing All Entry and Exit Points SAP White Paper Enterprise Mobility Protect Your Enterprise by Securing All Entry and Exit Points How Enterprise Mobility Management Addresses Modern-Day Security Challenges Table of Contents 4 Points

More information

of firms with remote users say Web-borne attacks impacted company financials.

of firms with remote users say Web-borne attacks impacted company financials. Introduction As the number of users working from outside of the enterprise perimeter increases, the need for more efficient methods of securing the corporate network grows exponentially. In Part 1 of this

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

MAM - Mobile Application Management

MAM - Mobile Application Management Page 1 About 1Mobility 1Mobility has successfully established itself as a global company, offering cloud based, internationalized and scalable Enterprise Mobility Management (EMM) solution that monitors,

More information

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD

More information

The Truth About Enterprise Mobile Security Products

The Truth About Enterprise Mobile Security Products The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing

More information

What We Do: Simplify Enterprise Mobility

What We Do: Simplify Enterprise Mobility What We Do: Simplify Enterprise Mobility AirWatch by VMware is the global leader in enterprise-grade mobility solutions across every device, every operating system and every mobile deployment. Our scalable

More information

IT Resource Management vs. User Empowerment

IT Resource Management vs. User Empowerment Mobile Device Management Buyers Guide IT Resource Management vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity leading to rising mobile

More information

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags)

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags) perspective The battle between MDM and MAM: Where MAM fills the gap? - Payal Patel, Jagdish Vasishtha (Jags) Abstract MDM Mobile Device Management and MAM Mobile Application Management are main Enterprise

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size. April 2014 BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size. Bring your own device (BYOD) refers to the policy of permitting employees

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE

More information

Marble & MobileIron Mobile App Risk Mitigation

Marble & MobileIron Mobile App Risk Mitigation Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their

More information

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

App Reputation Report February 2013 The Authority in App Security

App Reputation Report February 2013 The Authority in App Security App Reputation Report February 2013 The Authority in App Security Introduction The Appthority App Report for February 2013 provides an overview of the security risks behind 100 free ios and Android apps.

More information

Endpoint Security and the Case For Automated Sandboxing

Endpoint Security and the Case For Automated Sandboxing WHITE PAPER Endpoint Security and the Case For Automated Sandboxing https://enterprise.comodo.com A World of Constant Threat We live in a world of constant threat. Hackers around the globe work every hour

More information

A Guide to MAM and Planning for BYOD Security in the Enterprise

A Guide to MAM and Planning for BYOD Security in the Enterprise A Guide to MAM and Planning for BYOD Bring your own device (BYOD) can pose a couple different challenges, not only the issue of dealing with security threats, but also how to handle mobile applications.

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Mobile First Government

Mobile First Government Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,

More information

MOBILE SECURITY: DON T FENCE ME IN

MOBILE SECURITY: DON T FENCE ME IN MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Security and Privacy Considerations for BYOD

Security and Privacy Considerations for BYOD Security and Privacy Considerations for BYOD Carol Woodbury, President SkyView Partners, Inc 1 Introduction The world of BYOD (Bring Your Own Device) is rapidly expanding. You may not think it s happening

More information

PULSE SECURE FOR GOOGLE ANDROID

PULSE SECURE FOR GOOGLE ANDROID DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device

More information

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data

More information

Mobile Operating System Wars Android vs. ios

Mobile Operating System Wars Android vs. ios 1 P a g e Mobile Operating System Wars Android vs. ios Authors Bogdan BOTEZATU Senior E-Threat Analyst Vlad BORDIANU Malware Researcher, Clueful Tiberiu AXINTE - Malware Researcher, Clueful 2 P a g e Table

More information

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management Mobile Application Management and Protection Data Sheet: Mobile Security and Management Overview provides integrated mobile application and device management capabilities for enterprise IT to ensure data

More information

Five Best Practices for Secure Enterprise Content Mobility

Five Best Practices for Secure Enterprise Content Mobility A N A C C E L L I O N W H I T E P A P E R Five Best Practices for Secure Enterprise Content Mobility Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite 200 www.accellion.com

More information

Kony Mobile Application Management (MAM)

Kony Mobile Application Management (MAM) Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview

More information

Secure Web Browsing. With the right architecture, the web browser can become an effective solution for malware prevention

Secure Web Browsing. With the right architecture, the web browser can become an effective solution for malware prevention Secure Web Browsing With the right architecture, the web browser can become an effective solution for malware prevention Branden Spikes, CEO, CTO, and Founder of Spikes, Inc. Scott Martin, CISSP, CIO of

More information

How we keep harmful apps out of Google Play and keep your Android device safe

How we keep harmful apps out of Google Play and keep your Android device safe How we keep harmful apps out of Google Play and keep your Android device safe February 2016 Bad apps create bad experiences, so we work hard to keep them off your device and out of Google Play. In 2015,

More information

ForeScout MDM Enterprise

ForeScout MDM Enterprise Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify

More information

Securing Office 365 with MobileIron

Securing Office 365 with MobileIron Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,

More information

Defending Behind The Device Mobile Application Risks

Defending Behind The Device Mobile Application Risks Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem

More information

Finding Hidden Gems in the App Ecosystem

Finding Hidden Gems in the App Ecosystem Whitepaper Finding Hidden Gems in the App Ecosystem How appbackr and Appthority Sort Through Millions of Apps to Deliver a Curated List of the World s Best Apps August 2013 Introduction The mobile app

More information

The ForeScout Difference

The ForeScout Difference The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete

More information

Webroot Security Intelligence. The World s Most Powerful Real-Time Network Security Services

Webroot Security Intelligence. The World s Most Powerful Real-Time Network Security Services Webroot Security Intelligence The World s Most Powerful Real-Time Network Security Services Table of Contents The World s Most Powerful Real-Time Network Security Services Table of Contents 2 Introduction

More information

Protecting Android Mobile Devices from Known Threats

Protecting Android Mobile Devices from Known Threats Protecting Android Mobile Devices from Known Threats Android OS A Popular Target for Hacks White Paper Zero Trust Mobile Security An Introduction to the BETTER Mobile Security Platform BETTER at work.

More information

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000

More information

Mobile Application Security Sharing Session May 2013

Mobile Application Security Sharing Session May 2013 Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers

More information

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.

More information

MECS: Mobile Enterprise Compliance and Security Server

MECS: Mobile Enterprise Compliance and Security Server MECS: Mobile Enterprise Compliance and Security Server Mobile Active Defense locks down, secures and puts your iphones, ipads, Androids, other smartphones and tablets into regulatory compliance. By employing

More information

Mobile App Containers: Product Or Feature?

Mobile App Containers: Product Or Feature? ANALYST BRIEF Mobile App Containers: Product Or Feature? APPLE AND SAMSUNG HAVE TAKEN BIG STEPS WITH CONTAINERIZATION Author Andrew Braunberg Overview Secure workspaces, or containers, used for isolating

More information

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work. OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

TALLAN INC. MDM STRATEGY GUIDE 4/10/2014 WE BUILD SOFTWARE THAT HELPS OUR CLIENTS GROW DOCUMENT CREATED BY: Matt Kruczek Mobile Practice Lead

TALLAN INC. MDM STRATEGY GUIDE 4/10/2014 WE BUILD SOFTWARE THAT HELPS OUR CLIENTS GROW DOCUMENT CREATED BY: Matt Kruczek Mobile Practice Lead TALLAN INC. MDM STRATEGY GUIDE 4/10/2014 DOCUMENT CREATED BY: Matt Kruczek Mobile Practice Lead Brian Sampson Mobile Practice Lead Adam Worobec Senior Director WE BUILD SOFTWARE THAT HELPS OUR CLIENTS

More information

Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security 4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A 0 2 4 5 1 7 8 1. 8 1 0. 4 3 2 0 w w w. v i e w f i n i t y. c o m Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

More information

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS Mobility is no longer a trend it s how business gets done. With employees using multiple mobile devices and the availability

More information

8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014

8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014 8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014 8 Ways to Better Monitor Network Security Threats in the Age of BYOD 2 Unless you operate out of a cave, chances are your

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

Total Enterprise Mobility

Total Enterprise Mobility Total Enterprise Mobility Presented by Wlodek Dymaczewski, IBM Wlodek Dymaczewski dymaczewski@pl.ibm.com www.maas360.com Top Enterprise Mobility Initiatives Embrace Bring Your Own Device (BYOD) Migrate

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

Empowering BYOD and Mobile Security in the Enterprise. Jeff Baum, APAC Managing Director

Empowering BYOD and Mobile Security in the Enterprise. Jeff Baum, APAC Managing Director Empowering BYOD and Mobile Security in the Enterprise Jeff Baum, APAC Managing Director Growth of Mobile Mobile worker population will reach 1.3 Billion in 2015 Source: IDC Worldwide Mobile Worker Population

More information

Aragon Research RESEARCH NOTE. Workplace Service. Mobile Security in a BYOD World

Aragon Research RESEARCH NOTE. Workplace Service. Mobile Security in a BYOD World Aragon Research Author: Mike Anderson Mobile Security in a BYOD World Summary: Employee-owned devices at work put significant strain on security and manageability. Government agencies need policy and mobile

More information

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo. Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility

More information

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer Advanced Online Threat Protection: Defending Your Online Banking Customers Against Modern Malware and Fraud Andrew Bagnato Senior Systems Engineer Agenda Modern malware a targets Account credentials Financial

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD FORTINET Enabling Secure BYOD PAGE 2 Executive Summary Bring Your Own Device (BYOD) is another battle in the war between security

More information

Codeproof Mobile Security & SaaS MDM Platform

Codeproof Mobile Security & SaaS MDM Platform Codeproof Mobile Security & SaaS MDM Platform info@codeproof.com https://codeproof.com Mobile devices have been transformed into multi-faceted, multi-tasking, multimedia tools for personal expression,

More information

Administrator's Guide

Administrator's Guide Administrator's Guide Copyright SecureAnywhere Mobile Protection Administrator's Guide November, 2012 2012 Webroot Software, Inc. All rights reserved. Webroot is a registered trademark and SecureAnywhere

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

Android for Work powered by SOTI

Android for Work powered by SOTI Android for Work powered by SOTI Work The Way You Live Secure Enterprise Mobility Management Android for Work powered by SOTI transforms workplace mobility with enhanced security, consistent management

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

CHOOSING AN MDM PLATFORM

CHOOSING AN MDM PLATFORM CHOOSING AN MDM PLATFORM Where to Start the Conversation Whitepaper 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than

More information

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents

More information

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific

More information

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices. Data Loss Prevention Whitepaper When Mobile Device Management Isn t Enough Your Device Here. Good supports hundreds of devices. Contents Shifting Security Landscapes 3 Security Challenges to Enterprise

More information

MDM and beyond: Rethinking mobile security in a BYOD world

MDM and beyond: Rethinking mobile security in a BYOD world MDM and beyond: Rethinking mobile security in a BYOD world 2013 Citrix and TechTarget Table of Contents Summary.... 3 Introduction... 3 Current business challenges with BYOD... 4 Securing mobile devices

More information

DUBEX CUSTOMER MEETING

DUBEX CUSTOMER MEETING DUBEX CUSTOMER MEETING JOHN YUN Director, Product Marketing Feb 4, 2014 1 AGENDA WebPulse Blue Coat Cloud Service Overview Mobile Device Security 2 WEBPULSE 3 GLOBAL THREAT PROTECTION NEGATIVE DAY DEFENSE

More information

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management Device Vendor Comparisons Deployment options ( + / -) Vendor for On premises Cloud/SaaS and other platforms supported (+ / -) Vendor for ios Android Extended Android APIs Knox, Safe Safe BlackBerry Windows

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

Enterprise Mobility Management

Enterprise Mobility Management Enterprise Mobility Management Security Without Compromising User Experience SESSION ID: SPO2-R03 Brian Robison Principal Technology Evangelist, XenMobile Citrix Systems, Inc. Providing the freedom to

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

A Guide to Consumerization & Building a BYOD Policy June 2012

A Guide to Consumerization & Building a BYOD Policy June 2012 INTRODUCTION iphones, ipads, Android-powered devices, and Windows phones have grown into powerful computing platforms, and their use allows enterprise employees to connect to work as never before. These

More information

CHECK POINT THE MYTHS OF MOBILE SECURITY

CHECK POINT THE MYTHS OF MOBILE SECURITY CHECK POINT THE MYTHS OF MOBILE SECURITY Mobility has transformed the workplace. Laptops, smartphones and tablets not only enable an organization s road warriors, but also create freedoms for all employees

More information

Zscaler Internet Security Frequently Asked Questions

Zscaler Internet Security Frequently Asked Questions Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices

More information

IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity

More information

MOBILE SECURITY. Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device)

MOBILE SECURITY. Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device) MOBILE SECURITY Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device) JULY 2014 INTRODUCTION BYOD SECURITY 2014 It s no surprise that there are many articles and papers on

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

White Paper. Data Security. The Top Threat Facing Enterprises Today

White Paper. Data Security. The Top Threat Facing Enterprises Today White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

More information

"Secure insight, anytime, anywhere."

Secure insight, anytime, anywhere. "Secure insight, anytime, anywhere." THE MOBILE PARADIGM Mobile technology is revolutionizing the way information is accessed, distributed and consumed. This 5th way of computing will dwarf all others

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here. Securing Business Mobility Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices Your Device Here. Good supports hundreds of

More information

Symantec Endpoint Protection 12.1.6

Symantec Endpoint Protection 12.1.6 Data Sheet: Endpoint Security Overview Last year, we saw 317 million new malware variants, while targeted attacks and zero-day threats were at an all-time high 1. The threat environment is evolving quickly

More information