Embracing Complete BYOD Security with MDM and NAC

Similar documents
Embracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout

Total Enterprise Mobility. Norbert Elek

Securing BYOD With Network Access Control, a Case Study

The ForeScout Difference

ForeScout MDM Enterprise

How To Improve Your Network Security

AirWatch Solution Overview

Network and Device Level Mobile Security Controls IT Considera-ons in the BYOD Era

Mobile device Management mit NAC

Technical Note. ForeScout MDM Data Security

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

Unified Windows Device Management in the Enterprise

Addressing BYOD Challenges with ForeScout and Motorola Solutions

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

What We Do: Simplify Enterprise Mobility

Total Enterprise Mobility

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Symantec Mobile Management Suite

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Managing Mobility in the BYOD Era:

Managing and Securing the Mobile Device Invasion IBM Corporation

IT Self Service and BYOD Markku A Suistola

Cisco Mobile Collaboration Management Service

Advanced Configuration Steps

MDM Mobile Device Management

Ben Hall Technical Pre-Sales Manager

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Kaspersky Security for Mobile

Mobile Device Management for CFAES

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

MaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang

IBM United States Software Announcement , dated February 3, 2015

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

How To Write A Mobile Device Policy

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

Sophos Mobile Control

M a as3 6 0 fo r M o bile D evice s

MAM - Mobile Application Management

Symantec Mobile Management for Configuration Manager 7.2

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Welcome! Thank you! mobco about mobile samsung about devices mobileiron about mobile IT accellion on mobile documents hands-on devices and race karts

IBM Endpoint Manager for Mobile Devices

An Intelligent Solution for the Mobile Enterprise

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

6 Things To Think About Before Implementing BYOD

Symantec Mobile Management 7.1

Athena Mobile Device Management from Symantec

Multi-OS Enterprise Mobility Management. Perfectly balancing end-user and corporate needs

EndUser Protection. Peter Skondro. Sophos

BYOD: End-to-End Security

IBM Endpoint Manager and MaaS360 Overview Presentation

Chris Boykin VP of Professional Services

Secure, Centralized, Simple

IT Resource Management & Mobile Data Protection vs. User Empowerment

CHOOSING AN MDM PLATFORM

Symantec Mobile Management 7.2

Choosing an MDM Platform

Mobile device and application management. Speaker Name Date

Strategic Road Map for Network Access Control

Private Geräte im Unternehmen - ein großes Potential mit Risiken

MobileIron. Hendrik Van De Velde Exclusive Mobile Eco-system

BYOD: BRING YOUR OWN DEVICE.

Data Loss Prevention and Secure Access for Mobile Content. Ojas Rege VP Strategy

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

Symantec Mobile Management 7.1

Addressing NIST and DOD Requirements for Mobile Device Management

McAfee Enterprise Mobility Management

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Mobilize your Enterprise in 60 Minutes!

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

IBM MobileFirst Protect: Secure & Manage your mobile enterprise

Secure Your Mobile Workplace

Mobile First Government

Feature List for Kaspersky Security for Mobile

Solve BYOD with! Workspace as a Service!

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

Workplace-as-a-Service BYOD Management

IT Enterprise Services

Direct Control for Mobile & Supporting Mac OS X in Windows Environments

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Transcription:

Embracing Complete BYOD Security with MDM and NAC Clint Adams, CISSP, Director, Mobility Solutions Keith Glynn, CISSP, Sr. Technical Solutions Engineer August 22, 2013

Today s Speakers Clint Adams, CISSP Director, Mobility Solutions MaaS360 by Fiberlink Keith Glynn, CISSP Sr. Technical Solution Engineer ForeScout Technologies 3

The BYOD Revolution 95% Already said yes to BYOD Source: http://newsroom.cisco.com/release/854754/cisco-study-it-saying-yes-to-byod http://www.eweek.com/c/a/enterprise-networking/cisco-enterprises-are-embracing-byod-252679/ 4

Top IT Management Concerns Source: Infoworld / Forrester http://www.infoworld.com/d/wp/the-expanding-role-of-mobility-in-the-workplace-211973 5

How to get it done? 6

10 Steps to BYOD Implementation 1. Form a committee 2. Gather data 3. Identify use cases 4. Create an economic model 5. Formulate policies 6. Decide how to protect your network 7. Decide how to protect data 8. Build a project plan 9. Evaluate solutions 10. Implement solutions 7

Poll Question 1 How far along is your organization in completing the 10 steps to BYOD implementation? a) Completed 1 to 3 steps b) Completed 4 to 6 steps c) Completed 7 to 9 steps d) All 10 steps completed 8

Gartner Recommendations http://www.gartner.com/technology/topics/byod.jsp 9

Gartner Recommendations Combine NAC and mobile device management (MDM) to enforce policies in a BYOD environment. Personally owned devices that are not managed by MDM agents should be limited to Internet access only, or placed in a limited access zone where they can access a subset of applications and network resources as per user/group role. 1 The network security team should be part of the overall project team that defines how BYOD will be supported. NAC should be an integral component of the overall architecture, so that the network has the ability to restrict access to devices that are noncompliant with BYOD policies. 2 1 Gartner, Securing BYOD With Network Access Control, a Case Study, 29 August 2012, Lawrence Orans 2 Gartner, Getting Your Network Ready for BYOD, 28 September 2012, Lawrence Orans 10

MDM + NAC: 1 + 1 = 3 MDM focus is mobile device NAC focus is network Visibility MDM Alone NAC Alone MDM + NAC Full info on managed mobile devices only Basic info on managed and unmanaged devices Complete Network Access Control None Full Complete Compliance Mobile devices PCs, Mac, Linux Complete Deploy Agent Pre-registration Network based Both 11

Network Access Control (NAC) 12

What is Network Access Control (NAC)? Technology that identifies users and network-attached devices and automatically enforces security policy. LIMITED FIXED 13

ForeScout NAC Real-time Network Asset Intelligence Device type owner, login, location Applications, security profile Policy-based Network Controls Grant access, register guests Limit or deny access Automated Endpoint Enforcement Remediate OS, configuration, security agents Start/stop applications, disable peripherals Block worms, zero-day attacks, unwanted apps Phased-in, manual or fully automated X 14

ForeScout Market Leadership *Magic Quadrant for Network Access Control, December 2012, Gartner Inc. *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Garnter, Inc. "Magic Quadrant for Network Access Control," Report G00238941, December 3, 2012, Lawrence Orans, John Pescatore. 15

Mobile Device Management (MDM) 16

MDM/EMM is Integral for BYOD Supports BYOD with self-service enrollment Configure devices and protect employee privacy Enforce security policies and meet regulations Push content, apps and docs to separate workspaces 17

Current MDM Best Practices Device ios: ~80% of all enterprise devices. Leading BYOD choice. Android: Standards to reduce fragmentation. Tablets in field operations. Policy: Password, Require device encryption, Email/EAS configuration Integration AD/LDAP: 15% integrate for device enrollment & app/doc access Email Access Control: 20% quarantine new devices w/o MDM Apps Docs App Catalog: 80% of companies pushing apps Enterprise Apps: 25% of companies pushing enterprise apps Enterprise Apps: On average 6 apps per business. Median is 3. Containerize specific workflows / use cases: 40% of customers use Doc Mgmt Specific LOB use cases sales materials, BOD materials, flight materials 18

Comprehensive Mobility Management The Essentials SMS, email, or URL enrollment Email, calendar, contact profiles VPN and Wi-Fi settings Device feature configuration Policy updates & changes Inventory management Compliance reporting Device Enrollment, Acceptable Use OTA Configuration Advanced Management Mobile app management Document sharing Event-based policies Proactive expense controls BYOD privacy settings Shared device support Self service portal Enterprise App Catalog Location-based policies 19 19

Robust Mobile Security Device Encryption and passcodes Jailbreak/Root detection Locate, lock, wipe Email Auto-quarantine/access approval Contain emails and attachments Remote wipe of work email Applications Blacklist/Whitelist mobile apps Wrapping and compliance rules Remote wipe of managed apps Documents Password authentication Restrict copy, paste, share Remote wipe of work files Web Define URL filters and categories Allow access to intranet sites Disable native/3 rd party browsers Network Configure Wi-Fi and VPN profiles Cert delivery and authentication Dynamic policy based on SSID 20

MaaS360 Enterprise Mobile Security Dual Persona to separate personal and work data in the BYOD era Secure Mail Application Security Secure Document Sharing Secure Browser A Trusted WorkPlace container for seamless security and productivity 21

Why Choose Comprehensive MDM? Provide options to address multiple use cases Protects corporate resources and reduces risk of data loss Preserves the native experience on the device Allows you to manage the data even if employee owned Platform choice and device type left to end user ***** * Device Level App/Doc Level App Catalog App Wrapping Doc Catalog Enterprise Level Work 22

Why Customers Love MaaS360 Proven approach to cloud mobility management Powerful features to address the full mobility lifecycle Secure containers to separate work and play Exchange AD/LDAP Lotus BES Certs Seamless integration with all your existing infrastructure Simple and fast with an exceptional experience 23

Integrated ForeScout + MaaS360 24

MaaS360 Integration with ForeScout NAC Cloud Extender Exchange/ Office 365 AD/LDAP Lotus BES Certs ForeScout MDM Console ForeScout CounterACT Unified visibility Unified access policy Unified reporting Automated MDM enrollment On-access assessment Block malicious activity 25

Unified Visibility 26

Unified Reporting 27

Integration Benefit: Automated MDM Enrollment Manual Enrollment User calls help desk Help desk asks questions Help desk sends MDM enroll info Network team sets policy exception to access MDM app User enrolls device in MDM Network team reset policy exception ForeScout Auto Enrollment User connects Identified, Classified, Authenticated MDM Enrolled 28

Integration Benefit: Greater Security with On-Access Compliance Assessment Device connects to network CounterACT asks MDM to provide real-time compliance assessment If device is not-compliant, CounterACT blocks device and sends message to end-user After end-user corrects the problem, MDM confirms compliance, then CounterACT allows the device onto the network MDM ) ) ) ) ) ) ) Recheck? ForeScout CounterACT Your Enterprise Network 29

Efficiency Security MDM + NAC Integration Benefits + Complete visibility of all mobile devices on the network Prevent unauthorized devices from accessing the network. Automated enrollment process for new mobile devices Unified compliance reporting for all endpoints on the network. 30

Poll Question 2 Has your organization deployed an MDM and/or NAC solution? a) Mobile Device Management b) Network Access Control c) A combination of NAC and MDM d) Not using either at this time 31

Large Bank BYOD Case Study Challenge and approach The Challenge Large financial services company. More than 100,000 endpoints, 200 locations worldwide. Needed to support 10,000 BYOD smartphones, tablets and laptops Project Plan Risk and compliance team led the project Identified use cases for smartphones, tablets, laptops Defined security requirements and policies Selected security controls Security controls ForeScout CounterACT NAC Fiberlink MaaS360 MDM Citrix Receiver Gartner Case Study: Securing BYOD With Network Access Control, Published: August 2012, Lawrence Orans, Doc. G00226207 http://blog.forescout.com/gartner-case-study-securing-byod/ 32

Large Bank BYOD Case Study Use Case 1: Employee-Owned Tablets and Smartphones MDM required for device to gain access to wireless BYOD network MDM solution selected must integrate with NAC solution MDM provides device compliance information to NAC solution NAC facilitates enrollment into MDM NAC initiates on-access compliance assessment by MDM Devices supported: Apple, Android, Windows Phone, BlackBerry Security policies If the device has an MDM agent, NAC grants access to a separate wireless BYOD network Citrix Systems' Receiver agent provides access to a subset of applications on the corporate network, based on the user's profile, thereby creating a limited-access zone If the device does not have an MDM agent, NAC limits the device to Internet access only If the device has been jailbroken or rooted (as determined by the MDM agent), the NAC system denies access Gartner Case Study: Securing BYOD With Network Access Control, Published: August 2012, Lawrence Orans, Doc. G00226207 http://blog.forescout.com/gartner-case-study-securing-byod/ 33

Large Bank BYOD Case Study Use Case 2: Employee-Owned Windows Laptops NAC used to enforce Windows security policies Up-to-date patches are required Up-to-date antivirus signatures are required Disk encryption is required Specific ports must be blocked via a personal firewall (such as Telnet/SSH) Optional NAC agent must be enabled Data loss prevention (DLP) agent is required Actions If the Windows laptop is compliant with all six of the policy criteria, it is granted full access to the corporate network If the Windows laptop is noncompliant, it is limited to Internet access only The user is provided details on non-compliance and offered means to conform If conformed, user is automatically re-checked and allowed access Gartner Case Study: Securing BYOD With Network Access Control, Published: August 2012, Lawrence Orans, Doc. G00226207 http://blog.forescout.com/gartner-case-study-securing-byod/ 34

Large Bank BYOD Case Study Use Case 3: Employee-Owned MacBook Laptops NAC used to enforce Mac OS security policies Must be running OS 10.5 or later. Optional NAC agent or agentless approach must be enabled. DLP agent is required. Actions: If the MacBook is compliant with all three of the policy criteria, it is granted full access to the corporate network. If the MacBook is noncompliant with one or more of the policies, it is limited to Internet access only. Gartner Case Study: Securing BYOD With Network Access Control, Published: August 2012, Lawrence Orans, Doc. G00226207 http://blog.forescout.com/gartner-case-study-securing-byod/ 35

Large Bank BYOD Case Study Phased Approach Phase 1 A pilot project in which 200 IT staffers brought personally owned devices to work. This phase lasted six months, during which time the project team refined the policies Phase 2 1,000 employee-owned devices owned by employees in the information risk management, team. The goal was to assess end-user experience and the overall performance of the solution Phase 3 All employees and contractors may participate. By year-end 2014, the company expects that about10,000 personally owned devices will be supported Gartner Case Study: Securing BYOD With Network Access Control, Published: August 2012, Lawrence Orans, Doc. G00226207 http://blog.forescout.com/gartner-case-study-securing-byod/ 36

Large Bank BYOD Case Study: Results 85% of devices are Windows, 10% are smartphones and tablets, 5% are MacBooks The BYOD initiative has added 1% to total number of endpoints 1 FTE supports entire BYOD and NAC initiative (100,000 endpoints total) Gartner Case Study: Securing BYOD With Network Access Control, Published: August 2012, Lawrence Orans, Doc. G00226207 http://blog.forescout.com/gartner-case-study-securing-byod/ 37

Large Bank BYOD Case Study: Recommendations Combine NAC and MDM to enforce policies in a BYOD environment. Personally owned devices that are not managed by MDM agents should be limited to Internet access only, or placed in a limited access zone where they can access a subset of applications and network resources as per user/group role BYOD policies should be broad-based and protect the wired and wireless networks. Use cases should address smartphones and tablets that need wireless access, as well as laptops (Mac and Windows) that need wired access Gartner Case Study: Securing BYOD With Network Access Control, Published: August 2012, Lawrence Orans, Doc. G00226207 http://blog.forescout.com/gartner-case-study-securing-byod/ 38

Thank You *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service ]depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 39 ***Frost & Sullivan chart from 2013 market study Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth Base year 2012, n-20

Thank you for joining! Follow-up: kglynn@forescout.com cadams@fiberlink.com Questions? 40

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information