Marble & MobileIron Mobile App Risk Mitigation

Transcription

1 Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their own devices. Employees also regularly give apps sweeping permissions to download and use information stored on their device or accessed from the corporate network. Once uploaded to the app provider, the leaked information can no longer be controlled and may fall into the hands of hackers to help target other employees, like system admins or executives, and create personalized, highly effective spear phishing attacks. With 30 percent of Android apps capable of leaking users private data and exhibiting risky behaviors, all companies with mobile programs are vulnerable. While enterprises enjoy the improved business processes and productivity gains that mobile apps afford workers, managing app risk is key to securing corporate networks. MobileIron and Marble Security have partnered to provide a tightly integrated solution that allows enterprises to manage which mobile apps may be used on employee devices that access corporate systems. MobileIron provides IT administrators with a snapshot of apps installed on employees smartphones and tablets. Marble s App Risk Mitigation Software-as-a-Service (SaaS) detects apps with risky behaviors and enables policies to be created to remediate them. Marble continuously analyzes apps on managed devices and correlates external threat intelligence collected from dozens of external sources, providing up-to-the-minute visibility to the risk presented by apps. With this intelligence Marble applies a dynamic risk score for each app, enabling IT administrators to use MobileIron App Security and Access Control to create policies that restrict network access to devices, or remove apps, that exceed acceptable risk levels. About Marble Security Marble Security prevents mobile threats from compromising enterprise networks by layering mobile defense in depth. Marble s cloud service delivers app risk mitigation, secure messaging, and trusted networking to protect smartphones and tablet network communications. The Marble Mobile Risk Score (MMRS) is the world s most comprehensive mobile security scoring metric, uniquely factoring the risk of each user s behavior, individual apps, wireless and cellular networks, and devices. Marble s customers protect and secure more than 1 million individual users in the healthcare and financial services sectors Hamlin Court Sunnyvale, CA Tel Fax sales@marblesecurity.com 415 East Middlefield Road Mountain View, CA USA Tel Fax info@mobileiron.com 1

2 Table of Contents Contents Technology Alliance & MobileIron Integration Overview... 3 MobileIron and Marble Security Application Analysis... 4 Logging into the Marble Security Platform... 4 Logging into the MobileIron instance within Marble... 4 Application Analysis Results and Reports... 6 Sorting and Filtering... 6 Viewing Users/Devices... 6 Viewing Scan Results Remediation Options within Marble Security

3 Introduction MobileIron and Marble Security have partnered to provide a tightly integrated solution that allows enterprises to manage which mobile apps may be used on employee devices that access corporate systems. With 30 percent of Android apps capable of leaking users private data, all companies with mobile programs are vulnerable. Mobile apps present a significant risk to enterprise security at each stage of the cyber kill chain, from port scanning and compromising networks to exporting sensitive data. Cybercriminals either hack apps to insert malicious code, or exploit behaviors of legitimate apps to access devices, data, usernames, passwords, location, and online accounts of users and companies. With Marble, IT administrators restrict network access from mobile devices running risky apps, providing a high level of control for BYOD devices without disrupting user experience. Only Marble combines comprehensive, correlated risk intelligence across multiple data sources with an adaptive engine to assess dynamic app risks and automates remediation. Marble Labs, the research and response team of analysts at Marble, has analyzed 1.2 million Android and ios apps, testing for more than 500 dangerous behaviors, as well as malware, spyware and apps that take users to phishing sites or communicate with botnet command and control servers. New or unknown apps found on users devices are put to the front of the analysis queue, and typically analyzed within minutes. Today s overworked system administrators don t have time to establish hundreds of app risk attributes or make granular decisions about each of them. Marble s approach automates the analysis of each app against a comprehensive set of dangerous behaviors and provides the composite Marble Mobile Risk Score (MMRS) for each device. The MMRS is a comprehensive mobility security metric, uniquely factoring the risk of each user s behavior, individual apps, wireless and cellular networks, and devices. Administrators easily tune risk tolerance for their business, and set policies to automatically remediate threats, allowing the enterprise to trust users, devices, networks, and apps, even in a BYOD environment. Technology Alliance & MobileIron Integration Overview The global cybercrime infrastructure that fueled electronic crime, espionage, malware, DDoS and fraud on the PC during the last decade is now focused on attacking mobile users. These highly organized criminal organizations target corporate mobile users as the weakest link for compromising enterprise networks, where they can steal funds, proprietary data, and private employee information used for advanced persistent threats (APTs). Technically sophisticated, tenacious and well funded, these criminals frequently change tactics, attacking mobile users at all levels. Corporate IT is ill equipped to secure countless networks, millions of mobile apps, hundreds of devices and scores of mobile operating system versions, each of which serves as a specific attack point exploited by cybercriminals. Marble s integration with MobileIron offers a mobile threat mitigation solution that delivers deep protection to enterprise mobile users devices, providing layered security for corporate networks. Marble s adaptive engine analyzes and correlates thousands of risk factors in real time to calculate a composite Marble Mobile Risk Score. 3

4 For MobileIron users, Marble Security provides two integrations: Basic No Marble client loaded on end-user mobile devices With MobileIron credentials, Marble extracts the mobile App information from MobileIron s servers and performs the app analysis Results are provided in reports formatted by the admin Advanced Marble s client is loaded onto mobile devices; either via MobileIron s MAM, or downloaded from public App stores Admin can now unlock Marble s VPN, DNS service, Marble Messenger, and secure browser MobileIron and Marble Security App Risk Mitigation Marble Security takes advantage of MobileIron s ability to request and receive device and application details from its users. By integrating with Marble Security, MobileIron becomes a real-time app risk mitigation tool. Stops mobile apps from compromising enterprise networks Assures the integrity of mobile devices by analyzing every app for risky behaviors Applies access policies to groups, departments, and locations based on app risk Key Benefits Protects enterprise networks, corporate data and employee privacy from risky mobile app behaviors, providing multiple, automatic remediation options for dangerous apps Fuses layers of advanced app analysis with external threat intelligence feeds to determine risk levels Allows companies to safely roll out BYOD programs to employees with ios and Android devices The administrator can configure the Marble Security admin portal to automatically analyze and remediate certain risky behaviors from their users apps. In addition for those admins interested in additional enterprise grade security features, Marble also offers an optional client (available on Android and ios) that provides: Secure Messaging Secure Browser Secure, private VPN Logging into the Marble Security Platform System administrators easily set-up the MobileIron and Marble integration by logging into Marble s admin console, where they can access and sign into their organization s MobileIron instance. Administrators see a complete list of ios and Android apps installed on users devices and a risk score for each device. Based on this score, admins can set policies that restrict network access from mobile devices running risky apps, providing a high level of control for BYOD devices without disrupting user experience. To configure the Marble Security Portal: Set your web browser to the Marble Security Portal Use your Marble credentials to login. Logging into the MobileIron instance within Marble Once inside of the Marble Security Platform, navigate to the Integrations tabs if no client is being used, then all other options should be greyed out. 4

5 The first time you login, click on the blue Actions button, and choose configure to enter your MobileIron credentials and to start the application analysis process. A pop-up box will come up here you can enter your login information. It is very important to enter your MobileIron credentials and the URL provided to you by MobileIron. Once you have entered your credentials, click save, and the pop-up box will close. You can then click on the MobileIron hyperlink and it will take you to the results of the application analysis. Please note that once you have entered your MobileIron credentials, it is not necessary to enter them again, unless they have changed. If you need to change your login information, just click on the blue Actions button and select Update 5

6 Application Analysis Results and Reports Once you have completed the login process, the application analysis process will start. Marble will send a request back to MobileIron to send over a complete list of applications and other device information. These details will be used to populate the Application List tab (shown below). Most of the applications will already reside within Marble s servers, and will be shown quite rapidly. For those that may not be in the Marble system, Marble will download and analyze them, providing results in as little as 30 minutes, or take up to several hours. Sorting and Filtering It is possible to sort all of the columns in the results tab. Just click on the column you want to sort on and then click on the blue arrow to sort. Click again and the sort will reverse. To filter results, enter text into the Search box on the right side of the screen, above the action column and the system will automatically start to filter and only show those results that meet this filtering criteria. For example, if you entered in An into the search box, you would see all Android apps (designated in the first column) and then any app name with An in it, for example Angry Birds. Once you have the filtered results, you can still sort the columns to give you exactly the information you need in exactly the right order you need it in. Viewing Users/Devices The default view is to sort on the application name. In this view, there is a column called Devices. To see all of the users with that particular application, just click on the number in the Device column and another line will appear below to show you all of the users with that particular application. For example, you can see the user of the app Street View in the red box below. 6

7 Viewing Scan Results Obtaining the results of application analysis is critical. This gives the admin the exact risk attributes that are associated with a particular application. Application results are presented as one of 6 categories unique to the Marble solution: Privacy Data Leakage Account takeover Device takeover Malware Risky Behavior By clicking on the scan results hyper link, the window will accordion and you will see results displayed below. 7

8 Remediation Options within Marble Security In order to complete the circle of application risk management, the Marble solution also allows an admin to create customized remediation options. By tying the risk score to one or more remediation tasks, it takes a potentially complicated task, simplifies and automates it. Remediation works by assigning a risk score to each event (application, device info, etc) and then cross referencing it to the remediation table below. Scores range between 0 and 10, with 0 the lowest risk (safest) and 10 being the most risky. An admin can choose one, some, all or none of the choices below. Please note that choosing Wipe and Retire carry larger risk, and once they are executed, cannot be undone. To set one of the remediation options, simply check one of the boxes and either drag the slider to the right, or enter a number between zero and 10. Then you are done, Marble will then execute the remediation option for each user based on your selection. 8

9 Troubleshooting There are several possible issues a user may have. Some of the most common include the following: Login Failure to Marble Security Login Failure with Mobile Iron Credentials No Results after entering Mobile Iron Credentials Greyed items/not being able to get to other sections Reference Visit the Marble Security page on MobileIron s partner portal for information on MobileIron configurations. Contact Information Marble offers IT administrators several ways to receive support if problems or questions arise: Customer support portal Customers may access Marble s Customer Support Portal to track their support requests and search our Knowledge Base for answers. User Guides Use indexed and searchable documents to find the answers you need by downloading the Marble Access Quick Start Guide, the complete Marble Access Guide, or the Marble Control Guide. Technical support engineers are available to respond to support requests Monday through Friday, from 6 a.m. until 5 p.m. Pacific Time. support@marblesecurity.com. 9

10 Phone Customers may speak directly to a technical support engineer Monday through Friday, from 6 a.m until 5 p.m. Pacific Time. Call Marble s technical support staff toll free from the United States at , or directly dial