The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Transcription

1

2 The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific applications become widely adopted and standardized across mobile devices, the applications themselves are increasingly becoming the targets of attacks. Read on for the top 10 must-follow rules for implementing Trusted Mobility and securing your organization now. Total mobile malware samples across all operating systems , 138 samples ,472 samples

3 1 2 Employ an organization wide Trusted Mobility use policy Ensure all mobile network users are trained and informed on acceptable use policy as well as to be alert and aware of potential hacker attempts to gain information and/or access to their personal mobile devices and network resources. Implement a robust and comprehensive Mobile Device Management (MDM) Implement a robust and comprehensive Mobile Device Management (MDM) solution to monitor and protect the mobile device being used for network access. The MDM should provide support across a broad array of the most popular smartphones and mobile devices. MDM anti-malware should provide protection against malicious applications, spyware, infected SD cards, and malware based attacks while the on device firewall protects mobile device interfaces. Host checking should be automated to assess device security posture including device, OS version, malware status, patch and jailbreak/rooted status. Additionally, the MDM should provide remote locate, track, lock, wipe, backup and restore functionality to retrieve, protect or restore a lost or stolen mobile device and the corporate data on that device. 3 Provide secure VPN encryption to protect data in transit Provide secure VPN encryption to protect data in transit to and from the mobile device. The best and easiest way to do this is with an SSL VPN client to effortlessly protect data in transit over un-trusted networks. 4 Implement granular network access control (NAC) Implement granular network access control (NAC) to properly authenticate users and to dynamically assign access rights based upon the user, the device, network location, time of day and applications. NAC solution should be standards based and provide access control across all networks for all users and devices while implementing a layered security strategy at multiple enforcement points within the network. 5 Implement firewalls at all entry and exit points Implement firewalls at all entry and exit points (data centers, main offices and branch offices) that integrates with the NAC solution and dynamically enforces firewall policy based upon access controls for all mobile users. 6 Leverage Intrusion Detection and Prevention (IDP) over wired and wireless networks Leverage Intrusion Detection and Prevention (IDP) over wired and wireless networks to monitor all traffic streams from any mobile user and device coming in and out of business networks and locations. IDP should monitor traffic on the business network across WiFi and wired networks as well for connected mobile and static devices. 7 Implement and enforce application level security Track application usage by groups and down to the individual users by device, detect application behavior anomalies, enforce application use policies in real-time, provide application firewalling and protect against application distributed denial of service attacks. 8 Deploy a Security Incident and Event Monitor (SIEM) Deploy a Security Incident and Event Monitor (SIEM) to aggregate and correlate event log reporting across all devices in the network. The SIEM should flag anomaly behavior and rate and order alerts based on the perceived risk, from high to low. 9 Integrate and centralize the management Integrate and centralize the management from the endpoint device, secure access, network access control, firewall and IDP such that the holistic security solution can be managed from a single pane of glass. 10 Employ a KIS model. Keep It Simple by consolidating devices as possible. Many next generation security platforms are able to consolidate stateful firewall security with routing, switching, unified threat management (UTM), IDP, Application layer security and standards based NAC implementations to greatly reduce the number of devices in the network. The most significant reason for network security gaps is human error, hence the most significant thing one can do to protect against this risk is to simplify the security solution being used for trusted mobility. 3

4 Cumulative Android malware increase Types of malware targeting mobile devices 3500% 3000% 13,302 Malware Samples 0.09% SMS-Flooder 0.09% Worm 2500% 36.43% SMS Trojan 2000% 1500% 1000% 500% 0% 400 Malware Samples Jun Jul Aug Sep Oct Nov Dec 63.39% Spyware In the last seven months of 2011 alone, malware targeting the Android platform rose 3,325%. Attacks 2011: A year in review JANUARY GEINIMI PROVIDES A SIGN OF COMPLEXITY TO COME Geinimi was the first Android malware to leverage botnet-like capabilities and repackage legitimate applications with malware. These repackaged applications, primarily targeting games, were released in third-party application stores in Asia and were sideloaded by users to their Android mobile devices. MARCH DROID DREAM CREATES A NIGHTMARE Droid Dream infected legitimate applications in the official Android Market, affecting more than 50,000 users. By exploiting an existing vulnerability in the Android operating system, the malware gained root account privileges, and installed additional malevolent and dangerous code on the Android device without user intervention or knowledge. JAN FEB MAR APR MAY FEBRUARY ADRD GENERATES TRAFFIC ADRD issued commands to Android devices to send HTTP search requests to specific addresses. The malware increased site rankings for a specific website, resulting in additional advertising revenue. MAY DROID KUNGFU MAKES A DISGUISED ATTACK Droid KungFu leveraged two different exploits that enabled root access of Android devices through encrypted payloads so they could go undetected by malware scanning engines. The result of the attack provided the attacker with total control over the device. JUNE JULY THE RETURN OF DROID KUNGFU 2 AND 3 Droid KungFu gave way to Droid KungFu 2 (June) and Droid KungFu 3 (July), which contained malware that obfuscated their communications and code making it much more difficult for security experts to identify and stop the malware. Like their predecessor, it gave attackers total control over the device. OCTOBER DECEMBER FAKE INSTALLERS SIMPLY FOCUS ON MAKING MONEY Between October and December, there was a sharp rise in fake installers (discussed later in this report), with an 872 percent increase in the number identified. This malware tricks users into paying via premium text messages for otherwise free or pirated versions of applications found in third-party application stores. JUN JUL AUG SEP OCT NOV DEC SEPTEMBER DROID DELUXE TARGETS USER ACCOUNTS Droid Deluxe gained root access on infected Android devices, stealing credentials, social network account information and banking login information. By leveraging the Android operating system s root permissions, Droid Deluxe was able to bypass existing security controls. NOVEMBER ios CODE SIGNING VULNERABILITY A vulnerability in Apple s ios platform allowed a security researcher to sneak an unreviewed application onto the official Apple App Store, proving it is possible to get malicious applications past Apple s app screening process. Source: Juniper Mobile Threat Center 4

5 Top 10 Considerations for a Secure Mobile Enterprise 1 Enterprise-wide Trusted Mobility Use Policy 2 Mobile Users Remote Office 6 MDM and Security Mobile Users IDP Intrusion Detection and Prevention Hacker Internet/www Supplier 3 Secure SSL VPN Partner App Store 7 Application Level Security/Policy Corporate NAC Network Access Controls Data Center Private Cloud 8 SIEM Security Incident and Event Monitor 4 5 Hybrid Cloud 9 Source: Juniper Networks 2012 Firewall at all entry/exit points 10 Public Cloud Keep it Simple: Consolidate multiple functions into single platforms with a common OS and integrated Management and Visibility. CNOC Centralized End-to-End Management and Visibility LEGEND Inspection Network Access Control Firewall Application Level Security 5

6 Corporate and Sales Headquarters Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA Phone: 888.JUNIPER ( ) or Fax: APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: Fax: EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: EMEA Sales: Fax: Copyright 2012 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Printed on recycled paper EN Jul 2012