Security and the Smartphone Revolution
|
|
- Basil May
- 8 years ago
- Views:
Transcription
1 Security and the Smartphone Revolution
2 About the Speaker Joseph Granneman, MBA, CISSP Joseph Granneman has developed a passion and expertise in information security in his 20 years of experience as a CIO, CTO and CSO of hospitals and clinics in the Chicago region. His passion drove him to be an independent author, presenter and professor in the health care information technology and information security fields. He has been frequently consulted by the media and interviewed on various health care information technology and security topics. He has also been a member in many information security standards groups, including identifying security vulnerabilities in HIEs as part of the Health Information Security and Privacy Security Working Group for Illinois. He was also a volunteer for Certification Commission for Health Information Technology (CCHIT) Security Working Group, which developed the information security standards for ARRA certification of electronic medical records. He also continues to be involved in the FBI InfraGard program.
3
4 PUTTING MOBILE IN PERSPECTIVE
5 August 12, 1981
6 PC Growth April billion PCs shipped* billion PCs Shipped** *Gartner Dataquest statistics **Forrester Research
7 PC Growth Over 1 billion PCs in use today** 2 billion PCs in use by 2015** *Gartner Dataquest statistics **Forrester Research
8 PC Growth 27 years to reach first billion PCs in use.** Only 7 more years to reach 2 billion PCs in use.** *Gartner Dataquest statistics **Forrester Research
9 June 29, 2007
10 October 22, 2008
11 By the numbers 2 billion mobile devices in use by 2015 PC shipments decline by 10.6% in 2013 Tablet shipments increase by 67.9% Source: Gartner (June 2013)
12 By the numbers Worldwide Devices Shipments by Segment (Thousands of Units) Device Type PC 341, , ,239 Ultramobile 9,787 20,301 39,824 Tablet 120, , ,178 Mobile Phone 1,746,177 1,821,193 1,901,188 Total 2,217,440 2,348,497 2,506,429 Source: Gartner (June 2013)
13 OUR COMPUTING MODEL HAS FUNDAMENTALLY CHANGED
14 New Capabilities Fingerprint Scanner Heartrate Relative humidity Env. Temperature Barometer NFC Accelerometer Magnetic Field Light Flux Battery temp. GPS Proximity RGB Ambient Light Gyroscope
15 New Use Cases Always connected User proximity Personalized services Fitness Banking Healthcare Travel Shopping Mobile Payments
16 Health Care Perspective Providers Access EMR Hospital Rounding Coding Schedule Medical Imaging Prescriptions Photos Dictation Patients Access PHR Pay bills Schedule Appointments physician IOT (Internet of Things) Weight, BP, Pulse, etc.
17 The Perfect Storm Always on Full of personal information Adopted by almost everyone Rapid adoption without consideration for security Mobile = Increased Risk
18 Criminal Attention Cybercrime is quickly turning to mobile More profitable than PC malware Evolving much faster Infrastructure was already built over the last 10 years. People more trusting of phishing on mobile
19 Mobile Cybercrime Pricing Source: Antiphishing Workgroup Mobile Report
20 Nowhere to hide
21 Mobile/BYOD Risks Classified 1. Design/Architectural Vulnerabilities 2. Operating System Vulnerabilities 3. Application Vulnerabilities 4. Network Vulnerabilities 5. Cloud reliance
22 DESIGN/ARCHITECTURE VULNERABILITIES
23 Design/Architecture Mobile device storage issues Flash memory differences Limited number of write cycles Nothing is truly deleted DOD style data wipes cannot be used Differences in Android vs ios Differences in models of devices Standard forensic techniques very successful
24 Design/Architecture Encryption of Devices - Apple ios encrypted by default Hardware based AES 256 Bit encryption FIPS Certified Wipes after 10 incorrect PIN entries
25 Design/Architecture Encryption of Devices Apple Private Key is NOT based on PIN Developer mode bypass allows brute force Older devices use software based keys Recovery times around 2 minutes
26 Design/Architecture Encryption of Devices Optional on Android device Various states of FIPS Compliance Software based Key and Salt stored in boot footer Performance penalty 4 Digit pins recovered in seconds
27 Example Open source tools for security testing Santoko Linux Free for downloading Mobile Forensics Password Recovery Penetration testing Network Manipulation
28 Example
29 Example
30 Example
31 Technology Makes PINS Obsolete
32 Password Recovery Times Recovery times with a $1,500 PC: Password: 'Pa5$w0d - 2m12.367s Password: 'K#n&r4Z - 1m51.962s 7 Character passwords 40GB of possible combinations Dictionary words are almost instantaneous Only around 70,000 possible combinations. 4 Digit PINS only 10,000 possible combinations.
33 No Cracking Necessary ios Backups easier to recover Newer devices backup to icloud
34 OPERATING SYSTEM VULNERABILITIES
35 BYOD/Mobile Don t Forget the Basics Patching is still a key defense Many users do not apply patches but still access company data Apple pushes out patches Planned Obsolescence old devices Android devices left to the carrier Patches are not pushed out Many devices still vulnerable
36 Android MasterKey Hole Discovered in August 2013 Simple way to install malware How it works - Android Apps are simply digitally signed.zip files Modified.ZIP files fail digital signature checks Simply place two files with the same name in the.zip file. Android verifies the first but not the second.
37 Android Fragmentation
38 BYOD - Audits
39 Example Vulnerable iphone
40 APPLICATION VULNERABILITIES
41 Trust the App Store? The App Store Security Model Applications are tested before being posted Apple more closed but more scrutiny Android more open but less scrutiny
42 Trust the Google Play Store? Trend Micro Study Analyzed 700,000 Google Play apps Found more than 68,740 malicious 1 in 10 applications Cloning popular titles Angry Birds, Cut the Rope, Riptide GP Sent premium SMS messages
43 BYOD - Risky Behavior Rooted Phones Use vulnerability to bypass OS protections Third Party App Stores Pirated material more malware Android App Side Loading Direct loading of unverified apps Custom Android ROMS Full custom versions of Android from unknown sources None of these devices should be allowed to connect to sensitive networks.
44 Careless Mobile Apps Mobile App Security Study Tested for unencrypted private data Performed by NowSecure - Financial Apps 25% Failed, 31% Warning, 44% Pass Best category tested Recovered password, payment history, partial credit card numbers
45 Careless Mobile Apps Social Networking 74% Failed, 26% Warning, 0% Pass Included Facebook, Twitter, LinkedIn, Foursquare All stored username in cleartext IM Logs, Direct Messages, passwords stored in cleartext Retail 14% Failed, 86% Warning, 0% Pass Included Best Buy, Amazon, Groupon and Starbucks Storing search history, name and address Groupon was storing password Starbucks was storing full 16-digit credit card number
46 Careless Mobile Apps UUID serial number for ios devices AntiSec a subgroup of Anonymous Claimed to have 12 Million UUIDs from the FBI Released on Internet Bluetoad electronic publisher Stored customer s UUIDs Found that their systems compromised
47 Example 'ec166427e203c6302e2573a965f2a0b895a809d36da021be1ede10fb a','aandrew..?','ipod touch' '02a7441f686282e9ecea010f977fa6bf9ca144d b2676faabb26e016','aandrews s ipad','ipad' '900c55c8a03fede9896d9efbfd8c2f980a17d28aee6ebd63e300c1df7e047cae','Aanemy','iPad 20f22415fe803f444f46320a3819fa391b6057bee786c0bce9da7aad59cb6d6c','Aang','iPad' 'cbcbb2c2893dbb680c02bcf3800c2981b f1c369e4dfbbd366de91cb47','aangle ipad','ipad' '7a4525b51996cac60d5c7c69cdd2e1650b c9b37e c e','aan','iPad' 'fb277bff d3dbf42bc8db482d3e6b6b6438a2fca0eae4e4e8ef32e5851','aan iphone 4','iPhone' 'fcb77c4ceb9fe7d9bdeab9783b42240d8a403e2b83a1a990908afa9dfb928be1','aanisha\'s ipad','ipad' '3fe6671e670acf9d2fcb7fdd9b2df5df ec6553d7b08bdaec09c0f20e6','AANN','iPad' '647a3eba bf860615cfbde050f641972a9f166159b4ddea0e4399fb43','Aansh Jagwani','iPad' '4d0ee301f8d44c7fdd40a2e80d8c28c f159a1a184fbe fc','Aan\'s ipad','ipad' '6f80d5941a78da97bf05ca2b00b797339cba4f86ab a2d48c3c1b70b','aan s iphone','iphone' '6555e43aabaeb5fa47be4f1a0e1f4457ed729b4e9b3f1adc0fd6d1bff ','AANS Meeting','iPod touch' '8cffd1e5f4259c9c6c0ec dbbc e3f9b86bea384c038','AAntonov','iPad' b8731eda235df1a94f3c3e6b78821ab3e8f5b2314eb260aa80383a64b','AAntonov','iPhone'
48 NETWORK VULNERABILITIES
49
50 Insecure Communication Mobile devices are broadcasting for known wireless networks Malicious devices answer and route communications through How many have attwifi on their phone?
51 Man-in-the-Middle Attacks
52 Near Field Communication NFC mobile payments are projected to be a $1T market NFC risks Eavesdropping Data corruption Data manipulation MITM Attacks
53 RELIANCE ON THE CLOUD
54 icloud Weaknesses
55 Importance of Dual Factor
56 Google Wallet Brute Force
57 Google 2-Step Verification
58 MOBILE DEVICE MITIGATION ADVICE
59 Securing BYOD/Mobile Utilize some form of Mobile Device Management Disallow rooted devices Require updates to be installed Disallow 3 rd party app stores and apps Require stronger pin codes Require timeouts Require encrypted devices
60 Securing BYOD/Mobile Disallow clear communications over public networks. Inspect mobile applications for security flaws Use sandboxing when needed Utilize remote wiping
61 Securing BYOD/Mobile End User Training Lost phones must be reported immediately. Phishing identification Physical security Dangers of malicious applications
62 QUESTIONS?
Tutorial on Smartphone Security
Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationJim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida
2015 SCCE Compliance & Ethics Institute Wednesday, October 7, 2015 (10:00 11:45) Session W14 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks, and
More informationThe Risks and Rewards of Social Media and Mobile Devices
The Risks and Rewards of Social Media and Mobile Devices October 29-30, 2012 Tony Brooks, CISA Principal & Director of IT Assurance Tony and Brooks, Risk Services CISA, CRISC Partner HORNE - IT LLP Assurance
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationHIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY
DATASHEET HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY Gold level EMM for BlackBerry Regulated-level security for BlackBerry 10 devices Ultimate security. BlackBerry 10 devices managed by BES10 with
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationProtecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015
Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationEasiShare Whitepaper - Empowering Your Mobile Workforce
Accessing files on mobile devices and sharing them with external parties presents serious security risks for companies. However, most current solutions are either too cumbersome or not secure enough for
More informationThe Need for BYOD Mobile Device Security Awareness and Training
The Need for Awareness and Training Completed Research Paper Mark A. Harris University of South Carolina maharris@hrsm.sc.edu Karen Patten University of South Carolina pattenk@hrsm.sc.edu Elizabeth Regan
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationHIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY
GOLD EMM SUBSCRIPTIONS Experience the most secure mobility management solution with BES12 and Gold Enterprise Mobility Management (EMM) subscriptions. HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationMobile Device Deployments-The Security Dangers of Technology on the Go
Mobile Device Deployments-The Security Dangers of Technology on the Go Presented by Mark Bell, PMP, CISSP, CISA, CHSS OM03 Friday, 10/25/2013 3:45 PM - 5:00 PM Mobile Device Deployments Is Your Organization
More informationAddressing NIST and DOD Requirements for Mobile Device Management
Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW
More informationData Storage on Mobile Devices Introduction to Computer Security Final Project
Data Storage on Mobile Devices Introduction to Computer Security Final Project Katina Russell Tufts University, Fall 2014 Abstract While people come up with ideas about a mobile application to create,
More informationWhy you need. McAfee. Multi Acess PARTNER SERVICES
Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices
More informationBYOD: End-to-End Security
BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More information2015 MDRT Annual Meeting e Handout Material. What is Your Smartphone Leaking?
2015 MDRT Annual Meeting e Handout Material Title: Speaker: What is Your Smartphone Leaking? Anwar Visram, CISSP Presentation Date: Wednesday, June 17, 2015 10:00 11:00 a.m. The Million Dollar Round Table
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationAn Analysis of Twitter s App Based Two- Factor Authentication and Recovery System
An Analysis of Twitter s App Based Two- Factor Authentication and Recovery System By Alexander Tong December 2014 Abstract This paper attempts to analyze the potential of app based two- factor authentication
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationTom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell
Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü
More informationIDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape
IDENTITY & ACCESS BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape Introduction How does your enterprise view the BYOD (Bring Your Own Device) trend opportunity
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationMobile Security BYOD and Consumer Apps
Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.
More informationIAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner johannes.feichtner@iaik.tugraz.at IAIK
Motivation 2 Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at What you have heard last time Mobile devices: Short history, features Technical evolution, major OS,
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationMobile Iron User Guide
2015 Mobile Iron User Guide Information technology Sparrow Health System 9/1/2015 Contents...0 Introduction...2 Changes to your Mobile Device...2 Self Service Portal...3 Registering your new device...4
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationLeading business advisers. Mobile devices Secure or security risk?
Leading business advisers Mobile devices Secure or security risk? 2 Contents Introduction 4 Overview 5 Snapshot of key findings 6 Background and research objectives 8 Findings Stolen phones scenario 10
More informationBusiness Wireless Providers That Reduce Costs, Improve Mobile Management, And Enhance Security
Business Wireless Providers That Reduce Costs, Improve Mobile Management, And Enhance Security An Opportunity To Revolutionize Business Wireless Systems Significant cost savings, enhanced security, streamlined
More informationMobile Device Security
Mobile Device Security Presented by Kelly Wilson Manager of Information Security, LCF Research New Mexico Health Information Collaborative (NMHIC) and the New Mexico Health Information Technology Regional
More informationGood for Enterprise Good Dynamics
Good for Enterprise Good Dynamics What are Good for Enterprise and Good Dynamics? 2012 Good Technology, Inc. All Rights Reserved. 2 Good is far more than just MDM Good delivers greater value and productivity
More informationplatforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential
Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.
More informationEnterprise Mobile Threat Report
Enterprise Mobile Threat Report The State of ios and Android Security Threats to Enterprise Mobility I. Introduction This report examines enterprise security threats for ios and Android. While Android
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More information2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE
2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE WHO ARE WE? 12 years of local Tech, Training and Website services Service the 4 areas of life Regularly
More informationMobile First Government
Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More information[BRING YOUR OWN DEVICE POLICY]
2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2
More informationMobile Security & BYOD Policy
Mobile Security & BYOD Policy Sarkis Daglian Assistant Manager, Desktop Support Office of Information Technology Isaac Straley UCI Information Security Officer Office of Information Technology Speakers
More informationData Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.
Data Loss Prevention Whitepaper When Mobile Device Management Isn t Enough Your Device Here. Good supports hundreds of devices. Contents Shifting Security Landscapes 3 Security Challenges to Enterprise
More informationApp Reputation Report February 2013 The Authority in App Security
App Reputation Report February 2013 The Authority in App Security Introduction The Appthority App Report for February 2013 provides an overview of the security risks behind 100 free ios and Android apps.
More informationAndroid vs. Apple ios Security Showdown Tom Eston
Android vs. Apple ios Security Showdown Tom Eston About Your Presenter Tom Eston CISSP, GWAPT Manger of the SecureState Profiling & Penetration Team Specializing in Attack & Penetration, Mobile Security
More informationBuilding Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.
Building Trust in a Digital World Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd. 2 Global incidents Equivalent of 117,339 incoming attacks per day, everyday Total number
More informationPractical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security
Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security March 14, 2013 About: Daniel Security researcher for almost a decade
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationPractical Attacks against Mobile Device Management Solutions
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationSmart Ideas for Smartphone Security
Page 1 of 6 8814 Fargo Road, Suite 105 Richmond, Virginia 804.360.4490 www.seltekinc.com July 2013 Computer Forensics IT Support Security ediscovery Security Apps for your Smartphone Smart Ideas for Smartphone
More informationIt s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions
It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect
More informationInformation Security Updates Mobile Security Best Practices for General User
Information Security Updates Mobile Security Best Practices for General User A ccording to research figures from Business Intelligence 1, the number of smartphones sold worldwide has already surpassed
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationBrainloop Secure Dataroom Version 8.30. QR Code Scanner Apps for ios Version 1.1 and for Android
Brainloop Secure Dataroom Version 8.30 QR Code Scanner Apps for ios Version 1.1 and for Android Quick Guide Brainloop Secure Dataroom Version 8.30 Copyright Brainloop AG, 2004-2015. All rights reserved.
More informationAndroid Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold
Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Introducing Stephan Linzner Benjamin Reimold Consultant, Software Engineer Mobile Developer Founder of Stuttgart GTUG
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationToday s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
More informationAddressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360.
MaaS360.com > White Paper Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation.
More informationMobile Health Apps 101: A Primer for Consumers. myphr.com
Mobile Health Apps 101: A Primer for Consumers just think APP This guide is designed to help you understand and make educated decisions about using mobile health applications ( app ). When considering
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationMobile Device as a Platform for Assured Identity for the Federal Workforce
Mobile Device as a Platform for Assured Identity for the Federal Workforce Dr. Sarbari Gupta President and CEO, Electrosoft U.S. Army Information Technology Agency (ITA) Security Forum Fort Belvoir Electrosoft
More informationYour Digital Dollars Online & Mobile Banking
Your Digital Dollars Online & Mobile Banking There are a lot of benefits to being able to bank or make payments from just about anywhere, but it s important to know how to do these things safely. Understanding
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationSNOOPWALL FLASHLIGHT APPS THREAT ASSESSMENT REPORT
SNOOPWALL FLASHLIGHT APPS THREAT ASSESSMENT REPORT Summarized Privacy and Risk Analysis of Top 10 Android Apps by SnoopWall mobile security experts and the Privacy App scanner THREAT REPORT Apps Super-Bright
More informationIzplatītākie mobilo iekārtu lietošanas riski, kas apdraud organizācijas datu un informācijas sistēmu drošību Raivis Kalniņš 2015, Riga
Riga, Latvia Izplatītākie mobilo iekārtu lietošanas riski, kas apdraud organizācijas datu un informācijas sistēmu drošību Raivis Kalniņš 2015, Riga What We Do? Data Security Solutions business card Endpoints
More informationFileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.
FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates
More informationAdvanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer
Advanced Online Threat Protection: Defending Your Online Banking Customers Against Modern Malware and Fraud Andrew Bagnato Senior Systems Engineer Agenda Modern malware a targets Account credentials Financial
More informationWearable Technology Evolution & Security: Grant Brown - Security Strategist Symantec
Wearable Technology Evolution & Security: Grant Brown - Security Strategist Symantec 3.58 KM 12.11 KPH 493 Calories 114 BPM WEARABLE TECH EVOLUTION AND SECURITY GRANT BROWN SECURITY STRATEGIST @thegrantbrown
More informationEnd User Devices Security Guidance: Apple ios 8
GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy
More informationCloud Backup and Recovery for Endpoint Devices
Cloud Backup and Recovery for Endpoint Devices Executive Summary Armed with their own devices and faster wireless speeds, your employees are looking to access corporate data on the move. They are creating,
More informationPCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics
PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics About Us Matt Halbleib CISSP, QSA, PA-QSA Manager PCI-DSS assessments With SecurityMetrics for 6+ years SecurityMetrics Security
More informationEXECUTIVE SUMMARY Cloud Backup for Endpoint Devices
EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices According to Gartner, by 2015 more than 60% of enterprises will have suffered material loss of sensitive corporate data via mobile devices. Armed with
More informationProtecting against Mobile Attacks
2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile
More informationReliance Bank Fraud Prevention Best Practices
Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.
More informationU.S. Mobile Benchmark Report
U.S. Mobile Benchmark Report ADOBE DIGITAL INDEX 2014 80% 40% Methodology Report based on aggregate and anonymous data across retail, media, entertainment, financial service, and travel websites. Behavioral
More informationManaging and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS
Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Blancco White Paper Published 14 February 2013 Introduction Advanced mobile devices like
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationSECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE
SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE Michael CLICK TO Albek EDIT MASTER - SecureDevice SUBTITLE STYLE 2011 Driven by changing trends and increasing globalization, the needs of
More informationMobile Security: Threats and Countermeasures
Mobile Security: Threats and Countermeasures Introduction Mobile devices are rapidly becoming the primary end-user computing platform in enterprises. The intuitive user-experience, robust computing capabilities,
More informationMobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program
Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications
More informationAnswers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.
Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating
More informationThe Evolution of the Enterprise And Enterprise Security
The Evolution of the Enterprise And Enterprise Security Introduction Today's enterprise is evolving rapidly, with new technologies such as consumer-grade mobile devices, internet-based applications and
More informationThe Future of Enterprise Mobility: Part II. Strategic Options for Mobile Security Firms
The Future of Enterprise Mobility: Part II Strategic Options for Mobile Security Firms Evolution to a Mobile World Mobile Web Compu&ng and Global IT Ecosystem 10,000,000,000 Desktop Web 1,000,000,000 PCs
More informationPredatory Hacking of Mobile Devices
Predatory Hacking of Mobile Devices SESSION ID: MBS-W03 Jeff Forristal CTO Bluebox Security www.bluebox.com If you haven t heard the world has gone mobile. 2013 Q4 shipments: 227.8m smartphones (IDC) vs.
More informationSecureCom Mobile s mission is to help people keep their private communication private.
About SecureCom Mobile SecureCom Mobile s mission is to help people keep their private communication private. We believe people have a right to share ideas with each other, confident that only the intended
More informationMobile App Security: Who Else is on Your Device? August 27, 2013
Mobile App Security: Who Else is on Your Device? August 27, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Hari Pendyala ISSA Fellow
More informationIEEE CQR 2010 A Holistic Approach to Mobile Security
A Holistic Approach to Mobile Security Khoi Nguyen, Group Product Manager Mobile Security and Management Group Symantec Amber Kick-off Meeting Introduction Khoi Nguyen, Group Product Manager, Mobile Security
More informationSecurity in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)
Security in an Increasingly Threatened World SMS: A better way of doing Two Factor Authentication (2FA) January 2015 The Proliferation of The App World The revolution of the smart phone forever affected
More informationPentesting Mobile Applications
WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer
More informationEmbracing Complete BYOD Security with MDM and NAC
Embracing Complete BYOD Security with MDM and NAC Clint Adams, CISSP, Director, Mobility Solutions Keith Glynn, CISSP, Sr. Technical Solutions Engineer August 22, 2013 Today s Speakers Clint Adams, CISSP
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More information