MECS: Mobile Enterprise Compliance and Security Server



Similar documents
Ensuring the security of your mobile business intelligence

Why you need. McAfee. Multi Acess PARTNER SERVICES

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Secure Your Mobile Workplace

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Symantec Mobile Management Suite

Copyright 2013, 3CX Ltd.

Symantec Mobile Management for Configuration Manager 7.2

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

iphone in Business Mobile Device Management

McAfee Enterprise Mobility Management

Chris Boykin VP of Professional Services

How To Protect Your Mobile Devices From Security Threats

Deploying iphone and ipad Security Overview

Mobile Device Management Version 8. Last updated:

Copyright 2013, 3CX Ltd.

Symantec Mobile Security

PULSE SECURE FOR GOOGLE ANDROID

Security Overview Enterprise-Class Secure Mobile File Sharing

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Mobile Device Management Version 8. Last updated:

Securing Corporate on Personal Mobile Devices

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Deploying iphone and ipad Mobile Device Management

Feature List for Kaspersky Security for Mobile

FileCloud Security FAQ

iphone in Business Security Overview

Athena Mobile Device Management from Symantec

McAfee Enterprise Mobility Management

Good for Enterprise Good Dynamics

Cloud Services MDM. ios User Guide

Kaspersky Security for Mobile Administrator's Guide

Symantec Mobile Management 7.2

Symantec Mobile Management 7.1

Parla, Secure Cloud

Systems Manager Cloud Based Mobile Device Management

ipad in Business Mobile Device Management

Introduction. PCI DSS Overview

IT Resource Management vs. User Empowerment

Kony Mobile Application Management (MAM)

Mobile First Government

Kaspersky Security 10 for Mobile Implementation Guide

Secure , Calendar, Contacts, Tasks, File sharing and Notes across devices

ipad in Business Security

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

When enterprise mobility strategies are discussed, security is usually one of the first topics

IBM Endpoint Manager for Mobile Devices

How To Manage A Mobile Device Management (Mdm) Solution

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

ONE Mail Direct for Mobile Devices

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Sophos Mobile Control Administrator guide. Product version: 3.6

Windows Phone 8.1 in the Enterprise

Kaspersky Security for Mobile

Systems Manager Cloud-Based Enterprise Mobility Management

Symantec Mobile Management 7.1

Mobility Manager 9.5. Users Guide

ManageEngine Desktop Central. Mobile Device Management User Guide

Sophos Mobile Control Administrator guide. Product version: 3

Research Information Security Guideline

Data Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

10 best practice suggestions for common smartphone threats

Healthcare Buyers Guide: Mobile Device Management

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

BYOD Guidance: BlackBerry Secure Work Space

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Guideline on Safe BYOD Management

Sophos Mobile Control SaaS startup guide. Product version: 6

10 Quick Tips to Mobile Security

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Google Identity Services for work

iphone in Business How-To Setup Guide for Users

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Achieving PCI-Compliance through Cyberoam

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

Total Enterprise Mobility

What We Do: Simplify Enterprise Mobility

How To Use A Microsoft Mobile Security Software For A Corporate Account On A Mobile Device

Product Manual. Mobile Device Managment Version 8.1. Last Updated: 06/07/15

A guide to enterprise mobile device management.

How To Protect Your Mobile Device From Attack

IT Resource Management & Mobile Data Protection vs. User Empowerment

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

PMDP is simple to set up, start using, and maintain

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Transcription:

MECS: Mobile Enterprise Compliance and Security Server Mobile Active Defense locks down, secures and puts your iphones, ipads, Androids, other smartphones and tablets into regulatory compliance. By employing the most stringent security standards and enforcement mechanisms, the Mobile Enterprise Compliance and Security (MECS) Server enforces policy across your entire mobile enterprise. MECS gives you device management, security controls, remediation, compliance and centralized administration over your mobile workforce. The MECS Server extends your existing enterprise and network security policies the same level of control you already enjoy in your existing fixed infrastructure. Security Put mobile devices into compliance Trusted access to corporate resources Always-on VPN (AES 256) Use any Certificate Authority Stateful inspection firewall Echo existing enterprise policies Role-based administration Geolocation policy enforcement Secure browsing Content filtering, White/Black listing Native Mobile Device Management Support Application awareness Exchange data sync Active Sync configuration Password controls Passcode lock and erase on multiple failed attempts Remediation Anti-virus filtering Email security: spam, phishing and malware filtering Security updated >100X per day Zero footprint on the smartphone: does not drain battery, use CPU resources or consume bandwidth Secure personal email Security cannot be removed by user (as with MDM) Hosted or non-hosted option Management Remote device wipe Attachment restrictions App usage restrictions Email accounts LDAP/CalDAV Calendars/Web clips Device encryption Enforce compliance policies Policy driven Role, device and user based Keep unauthorized devices off networks Jail break detection Rogue device detection Automatic remediation channel Admin notification Device disconnect Device erasure Compliance HIPAA (Healthcare) ISO 27001 (Global) PCI (Retail) GLBA (Finance) Sox (Public) NIST 800-53 NIST 800-124 Use your existing DLP MECS Server v 1.1 Effective 1 February 2011. Subject to change.

Mobile Device Lockdown Compliance Encryption and VPN Privacy, security and compliance urge strong encryption be used to protect data during transmission and storage. Solves the mobile remote access problem. All traffic between the smartphone and the M.A.D. servers is protected with powerful AES 256 bit encryption. Certificate Authentication is used to ensure VPN security. Email sent to the smartphone from the M.A.D. servers is encrypted. Certificates of Authority The M.A.D MECS Server is tightly linked wtth M.A.D. s CA. Each user has an individualized certificate created specifically for them. This certificate is used for VPN access. Third party CA service upon request. De-Provisioning When a user leaves the company for any reason, or if the smartphone is lost or stolen, the device should be immediately de-provisioned. No more access to corporate networks should be allowed. The certificate is part of a user s profile and the administrator can revoke the certificate at any time, thus locking the user from Enterprise access. Mobile Device Lockdown To properly secure any computing device, the concept of lock down is one of the first essential elements. Locking down a device means that the control and management of the device has been placed with the administrator who implements policy. With Mobile Active Defense, lock down is achieved with the provisioning of the devices you choose to allow on your data networks. You can use choose to host in our facilities or your own data center(s). Mobile Device Provisioning is based up approved CAs (Certificates of Authority); either yours, ours or any other you choose. Imports your existing policies and enforcement rules. Integrates with existing DLP solutions. Import users with AS/AD/LDAP. Syslog data collected for your use Enforces an Always-On 256bit AES VPN. All data traffic is encrypted from the device to the MECS Server Protects all public WiFi traffic (Firesheep and other hacking tools are rendered useless.) Prevents data interception and password theft. Secures voice with encrypted VoIP.

Mobile Device Management Management Enforcing security policy across the enterprise is a requirement for audit, compliance and risk management. The M.A.D. MECS Server enforces Smartphone Compliance and Security and gives the administrator extraordinary control to extend corporate security policy to the smartphone. Just as security management wants to control desktop computer functionality, the M.A.D. MECS Server provides similar capabilities for mobile devices. Each phone OS has its own defined policy. Policies include all specific configurable options per phone OS. Custom iphone policies include: Allow use of Safari Allow use of YouTube Allow use of itunes Allow installing apps Allow use of camera Allow screen capture Allow user to uninstall profile Allow or disallow app download M.A.D. Management Console A clean and streamlined User Interface allows M.A.D. MECS administrators to quickly configure the desired security profile(s) for smartphone users. User and device management is highly granulated to allow the Enterprise the level of control they choose: Users are assigned to at least one group defined by the administrator. Groups can contain users and other groups for more detailed analysis and controls. User information includes username, password, email address, phone type, OS version, M.A.D. version, M.A.D. protection status, phone unique ID, location, organization, and department. User data includes all email accounts configured on the smartphone. User information can be entered manually, imported by a CSV / XML file, or be linked to an Active Directory or LDAP server. Additional mail server can be configured for direct access to Enterprise mail server to support features such as contacts and calendar management. Phone profiles can be downloaded, emailed, or exported for staging.

Mobile Enterprise Device Firewall Mobile Enterprise Device Firewall Mobile devices must be controlled to the same stringent levels that fixed enterprises are and that s exactly what Mobile Active Defense does. Mobile Active Defense is the first and only complete UTM (Unified Threat Management) tool set for mobile work forces. M.A.D. allows companies to lock down and control mobile devices with complete assurance and confidence that their security and compliance will not be compromised. At the heart of Mobile Active Defense s power is a firewall which an organization can configure within a short time. Import your existing policies and enforcement rules. Integrate with existing DLP solutions. Enforce services, ports and protocols. Role-based users and group policy enforcement. Mobile devices are invisible to the Internet. Select rules for services Policy Questions Do you want to control access to corporate resources like you do with your desktops? Do you want to control what web sites and IP ranges your mobile users can access? Do you want to extend your existing security and compliance policies to your mobile workforce? Administer controls and policy by users and roles A comprehensive centralized management interface for your entire mobile enterprise.

Content Filtering Want to restrict access to adult sites or content? Need to increase productivity and effectiveness by limiting social networking on company time? What other content would you like to restrict from your mobile enterprise? Content Filtering Most enterprises control what resources their employees can access at their desktops and sometimes their laptops. Mobile Active Defense gives you the same power over the contents that can be accessed or downloaded to your smartphones. Web sites IP Ranges Content based upon category; adult materials, auctions, gambling and more than 65+ categories. Filter across all devices, roles of users or specific users. Content filtering is one of the most important security controls you can have on your mobile devices. Companies want to protect themselves from lawsuits, harassment claims, poor images and a entire range of improper inappropriate behavior. Apply policy by IP or domain name Smartphone Content Filtering and Policy Enforcement The M.A.D. MECS Server URL filtering keeps corporate assets and users from accessing unacceptable, offensive, hostile or other policy prohibited web sites. Individual policies are created and assigned to specific groups of users. Administrator can select which categories are permitted or denied access from the smartphone. Administrator can add individual URLs for specific whitelisting and blacklisting of web sites. These URLs become part of each policy file. Enforcement can be set by geo-location.

Location Based Firewall and Policy Enforcement Automatically control and change access permissions, content filtering and other firewall rules based upon the physical location of the mobile device. Mobile devices are mobile. They don t just sit in the office. They travel extensively, to places far and wide. Mobile Security means that the security and compliance controls are automatically adjusted based upon the physical location of the device. Only Mobile Active Defense gives you the tools you need to effectively control and manage your mobile enterprise. Perhaps you want to set up a suite of Geolocation Based Policies. No adult materials on the device Cannot access enterprise resources from specific cities or countries Mobile Behavior is Different Only access Corporate Web Portal and no other URLs No app store downloads It seems that nomadic users behave in a similar manner to office-based users, whereas those that Manage and control by user, groups and roles have mixed locations follow policy while in the office, but when off-site, they appear to relax their browsing habits considerably. This lax behavior is not only contrary to company policy, but increases the risk of infection from malware. Geolocation Geolocation is the identification of the realworld geographic location of an object, such as a cell phone or an internet-connected computer terminal. Geolocation may refer to the practice of assessing the location, or to the actual assessed location. MECS Location Based Firewalls Real time map : The Real Time Map shows the last reported location of any highlighted device and time of last phone home. Geo-Location Based Firewalls dynamically enforce constantly changing network access controls, content filtering rules and policies across mobile computing devices, as their physical location shifts. Geo-location rule base: Administrators create rules based on the physical locations of devices within the MECS policy editor. The rules allow or deny access based on the current country a user is located in or by a fixed distance from a set destination, i.e. 30 miles from the company office. Reporting: Administrators can report on the entire history of where and when devices have travelled.

Email Security Email Security iphones, ipads, tablets and other smart phones are just pocketsized computers and just as vulnerable as your real computers. You protect your desktop and laptop computers with anti-virus software, spyware detection, spam removal and anti-phishing tools. But, do you protect your iphone? Why not? With Mobile Active Defense, the MECS Server combines the best of Enterprise grade spam and virus protection without slowing down your iphone or other mobile device. Using M.A.D. s Zero Footprint Security technology, all of your emails are screened over our servers before they ever reach your idevice thus guaranteeing that you only receive the pure email you want. Split Tunneling MECS allows personal devices on the network, but gives owners ability to not pass personal data over the corporate network. Choose which applications to secure using M.A.D. and pass them through the corporate network. By personal internet surfing or email NOT passing over corporate network on a personal device, helps alleviate risk of needing to hand over corporate data in the case of an electronic discovery type of lawsuit or request. Split Tunneling and sandboxing are not ideal secure techniques, but MECS allows powerful split tunneling capailities to those companies who want to utilize it. Once your MECS is up and running, you can forget about the daily hassle of updates, scans, wasted time and bandwidth. We do it all for you! M.A.D keeps your security current with more than 100 automatic updates every day. No downloads required. With M.A.D. you always have the latest protection available against the newest threats. Enterprise-Class Email Protection Automatically screens, filters and deletes viruses, spam, phishing and malware before it reaches you or your device. Over 100 security updates every day, automatically. Protects the Enterprise from infection. Compatible with existing mobile email applications. Supports POP3 and IMAP email accounts. Works with all leading email services including Gmail, Yahoo, Mobile Me, AOL and more! * Protect as many email addresses as you want on your idevice, tablet or smartphone. Choose what size emails or attachments you want to accept or reject. M.A.D. uses Zero Footprint Security Does not slow down the smartphone. Does not use valuable memory. Does not drain battery. Does not use any CPU resources. Does not use costly bandwidth to keep your smartphone current with the latest security updates.

Mobile Security Remediation Mobile Security Remediation Every enterprise security and compliance effort requires remediation; a controlled process to mitigate any potential damage from a real or perceived security threat. M.A.D. Mobile Enterprise Compliance and Security Server (MECS) offers the strongest and most comprehensive remediation options available for idevices and other smart mobile devices. With enterprises using hundreds of millions of smart mobile devices, the risks and security concerns are far greater than from those computing devices located inside of a physically controlled environment. Employee Provisioning Just as companies provision new employees with their computers, access rights and related technology enablement, firms also need a process to deprovision employees, swiftly and completely. The mobile space complicates this process, but with M.A.D. Mobile Security Remediation, we do most of the work for you. Employee is terminated on premises but does not have mobile device. Employee is a remote worker or telecommuter and must be deprovisioned remotely. Employee is suspected of causing data breaches and his device must be quarantined. Malicious Activity Detection & Jailbreaking Jail Breaking. No company wants a hacked computer or mobile device on their data network; the risk is just too great. M.A.D. s Mobile Security Remediation TM employs a sophisticated suite of detection mechanisms to detect whether or not an idevice has been jail broken. Suspicious Behavior in any network is cause for concern and M.A.D. is on constant lookout for suspicious mobile device activity. For all of these reasons, Mobile Active Defense gives enterprises peace of mind with thorough and flexible Mobile Security Remediation. High speed remediation channel initiated within seconds of malicious or suspicious event detection. Adminstrator is immediately notified via the MECS administration console, email or SMS. The administrator then chooses which policy-driven remediation action to take, based upon user, device or role: In lower risk situations the administrator may choose to merely notify the user(s) of their violation(s). When an event is deemed more important or critical, the administrator may choose to disconnect the offending device(s) from network and ban access until out of band communications and decisions have been made. In even more extreme instances, the administrator may choose to remotely wipe the offending device(s) within seconds, thus further protecting the data confidentiality of the organization. Physical The physical aspect of data protection is just as important as the cyber aspect, and focuses on the human factor and human error. Lost devices. More than 600,000 smart phone and PDAs are lost at U.S. airports alone. In a six month period, passengers left behind over 30,000 mobile phones in New York City yellow cabs. 22,000 mobile devices left in London taxis weekly. Stolen corporate mobile devices from restaurants, airports, lockers, trunks of automobiles, parking facilities, valets, and other public places. The Power of Mobile Security Remediation Determine last known location of mobile computing devices. Create a Location Device history of mobile computing devices. Initiate remediation processes when mobile computing devices are under any of multiple types of cyberattacks. Automatically isolate unwanted or rogue mobile computing devices from data networks. Detect unusual and suspicious behavior. Get details on detection and remediation of offending mobile devices.

Meeting Compliance Guidelines MANAGEMENT NETWORK SECURITY *BlackBerry Phones Only. **Effective Feb.1, 2011. Subject to change. ActiveSync/ MDM Native iphone Security Google Phone Good Exchange data sync X X X X X X X X X Remote device wipe X X X X X X X X X Attachment restrictions X X X X X X X X X Device management interface X X X X X X X X X PIN / passcode control, lock & erase on multiple failed attempts X X X X X X X X X App / usage restrictions Safari, itunes, iphone, ipad, camera, etc) X X X X X X X X X VPN settings X X X X X X X X Email Accounts X X X X X X X X ActiveSync configuration X X X X X X X X X LDAP and CalDAV X X X X X X X X Subscribed calendars X X X X X X X X Web clips and credentials X X X X X X X X X Device encryption X X X X X X X X X All traffic routed over VPN with certificate authenticated AES 256 Bit encryption (any CA) X X Disallow manual VPN control X X Secure full access to authorized corporate resources X X Secure browsing X X Policy driven mobile UTM X X Fast and scalable deployment with no changes to existing architecture X X Role-based administration X X X X X User groups by policy X X Blocks unauthorized smart phones X X X Rogue & jailbroken device detection X Automatic Remediation X Stateful inspection firewall X X URL and content filtering X X Whitelisting & blacklisting X X Enforce access & content policy rules based upon location X 100+ automatic security updates daily X X Personal email security - virus, spam, malware & phishing protection X X Meets compliance requirements X X Lock-down security and compliance for non-blackberry mobile devices X User experience unchanged X X MobileIron Trust Digital Boxtone Zenprise BlackBerry BES* M.A.D. MECS Copyright 2011, M.A.D. Partners, LLC. All rights reserved. Mobile Active Defense and M.A.D. logos and trademarks are property of M.A.D. Partners, LLC. Other product names and trademarks, may be trademarks of their respective owners. M.A.D. Partners, LLC does not accept any liability for errors or omissions in these specifications, which may be subject to change without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information