Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1
Agenda 1. The Threats 2. The Protection 3. Q&A 2
The Mobile Workplaces
The Threats 4
Targeted Attacks up 42% in 2012 Internet Security Threat Report 2013 :: Volume 18 5
Targeted Attacks by Company Size 50% 2,501+ 50% 1 to 2,500 50% Employees 2,501+ 18% in 2011 9% 2% 3% 5% 31% 1,501 to 2,500 1,001 to 1,500 501 to 1,000 251 to 500 1 to 250 Greatest growth in 2012 is at companies with <250 employees Internet Security Threat Report 2013 :: Volume 18 6
The Technique Spear Phishing Watering Hole Attack Send an email to a person of interest Infect a website and lie in wait for them Targeted Attacks predominantly start as spear phishing attacks In 2012, Watering Hole Attacks emerged Internet Security Threat Report 2013 :: Volume 18 7
Phishing Internet Security Threat Report 2013 :: Volume 18 8
9
Effectiveness of Watering Hole Attacks 1 Watering Hole Attack in 2012 Infected 500 Companies All Within 24 Hours Watering Hole attacks are targeted at specific groups Can capture a large number of victims in a very short time Internet Security Threat Report 2013 :: Volume 18 10
APT on Windows vs. UNIX/Linux Symantec virus signature releases during 2012: OSX, 11 signatures (all Trojan horse) Linux, three signatures (all Trojan horse) Windows, 5,291 threats. (240m variants). Most Windows systems are compromised by: Indaequate anti malware software Poor patch management Expoitation of zero day vulnerability/unsafe end user behaviour Most Linux/UNIX systems breaches are customised and targeted High value information assets Highly managed systems (superuser, single purpose) 11
Our Websites are Being Used Against Us 53% of legitimate websites have unpatched vulnerabilities 24% have critical vulnerabilities unpatched 61% of malicious web sites are legitimate sites Internet Security Threat Report 2013 :: Volume 18 12
Vulnerabilities & Mobile Malware Platform Vulnerabilities Apple ios 387 Android 13 Blackberry 13 Windows Mobile 2 Device Type # of Threats Apple ios Malware 1 Android Malware 103 Symbian Malware 3 Windows Malware 1 Today there is no significant link between mobile OS vulnerabilities and exploitation by malware In the future that may change Internet Security Threat Report 2013 :: Volume 18 13
Android Malware Growth 200 5,000 180 4,500 160 4,000 140 3,500 120 3,000 100 2,500 80 2,000 60 1,500 40 1,000 20 500 0 Jan '11 Apr Jul Oct Jan '12 Apr Jul Oct 0 Cumulative Android Families 2011 2012 Cumulative Android Variants 2011 2012 Internet Security Threat Report 2013 :: Volume 18 14
What Does Mobile Malware Do? Capture passwords and keystrokes Access address book, forward emails Track location or Control camera Use up data bandwidth, drain battery, crash device Subscribe to premium SMS messages Mobile Malware, by OS
Example of Information Stealing Malware 用 屏 幕 做 太 陽 能 充 電! Android.Sumzand 1. User received email with link to download app 2. Steals contact information 3. Harvested email addressed used to spam threat to others 16
Protect Your Devices 17
The Threats Targets Internet Mail/File Server Web/AP/DB Server FW Windows Server Farm UNIX Server Farm Storage Si Employee Employee 18
Protect Your IT Assets Internet Mail/File Server Web/AP/DB Server FW Windows Server Farm UNIX Server Farm Storage Si Employee Employee 19
Protect Your Desktop and Laptop Defense in Depth File Website/ Domain/ IP address Network Network File Reputation Behavioral Network-based Reputation-based Protection File-based Protection Protection Behavioral-based Protection Stops malware as it travels over the network and tries to take up residence on a system Looks for and eradicates malware that has already taken up residence on a system Establishes information about entities e.g. websites, files, IP addresses to be used in effective security Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware Protocol aware IPS Browser Protection Host Firewall Antivirus Engine Auto Protect Heuristic Reputation Domain Reputation File Reputation Realtime Behavioral Signatures 20 20
Managed in the Cloud Intuitive Getting Started Wizard Step by step wizard guides user through choice of management and installation. Cloud managed service is recommended path for most customers. Installs in just minutes with only an internet connection. Not ready for the cloud or prefer on site management? The wizard will guide you to on premise management application download. 21
Protect Your Smartphone On device Scanning App Detection and Threat Identification in Android ecosystem Enterprise controls for Android security Over the air Management
Detect App & Internet Threats 1 Mobile Client Collectors Metadata from Norton mobile clients Android Marketplace Crawlers APKs from over 70 Android appstores APK Data Extraction Static code analysis Dynamic analysis Heuristics Mobile App Analysis System 2 3 Security Reputation Systems Advanced Data Analytics Privacy Trust Perform ance Resource Usage App Profiles 3 rd Party Feeds Mobile malware sample exchange Safe Web Domain Reputation Insight File Reputation Trusted Signer DB IP / Network Reputation Mobile Security for Android
Leverage Cloud Solution email protection 24
Leverage Cloud Solution web protection URL filtering Anti Virus & Spyware Roaming 25
Protecting Your Data 26
Questions? What data is out there to be protected? Who owns the data? How we/they use the data? Share to public cloud? Share through USB? Store at laptop or smartphone? Share via portal? What s the business impacts if data loss? What should be encrypted? What is in the encrypted files? 27
How Your data leaks? Lost Laptop Data Spills Posting to P2P Networks Intrusion Stolen USB Drive Anonymizing Proxies Well Meaning Insider Malicious Insider 28
Secure Your Data Full Disk Encryption Email Encryption Encryption Portable Encryption Files, Share, Cloud Storage Support desktop, laptop, server, mobile devices 29
Does encryption alone make data safe? Encryption helps encrypting your data in various channels, such as email, hard disk, public cloud, etc. 30
Data Loss Prevention It is about people SITUATION: Sending sensitive data over email Detection and Response Problem DLP Response Action Result Betty attempts to email confidential employee data without knowing it Network: DLP inspects content and context for policy match as email leaves server Endpoint: DLP inspects the mail when user hits send Network: Monitor, notify user, encrypt or block Endpoint: Display popup, justify, block email, remove content Help users understand and justify risk transparently Block or encrypt data in some cases Detection High performance Off Network Coverage Flexible Response 31
Manage Your Mobile Devices A Cloud Solution Sample Device Management Features* EAS email setup Password requirements Network (Wi Fi/VPN) define settings necessary for accessing network Block backup/icloud Restrictions (for example, screen capture, location services, encryption, camera, installation of apps, etc.) App push/uninstall Device inventory (for example, DeviceID/EMEI, device settings such as MAC address, application inventory, applied settings) End user self service MDM portal View devices, locations, wipe, lock, reset password *Supported device settings vary by platform 32
Manage Your Apps and Data A Cloud Solution SECURED CONTAINER APPROACH App deployment & provisioning User authentication across apps Copy & paste prevention Per app file encryption Remote data/app wipe ios & Android support 33
Secure Your email in Mobile. Configure Email Apps without the need of MDM. Configure multiple policies to tailor Email Apps settings to needs of each group. EAS server and user name Passcode requirements Copy and Paste restrictions Widget controls Synchronization and attachment size limits As Free Apps on Apple/Google app store. 34
Thank you! Copyright 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 35