Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices
Similar a Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices (20)
Último
Último (8)
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices
- 1. Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices Sponsored by Skycure © 2016 The SANS™ Institute – www.sans.org
- 2. Today’s Speakers Lee Neely, SANS Analyst and Instructor Mic McCully, Solutions Architect, Skycure © 2016 The SANS™ Institute – www.sans.org 2
- 3. Introduction • Securing mobile devices is a team effort • Technology only goes so far • New options for more holistic security
- 5. What are we protecting? Credentials • VPN • E-Mail • Social Media • Other systems Documents/Photos/Data Contacts/Connections • PII, personal and corporate
- 6. Why are we protecting… • Network Access • Impersonation/Identity Theft • Data Access/Exfiltration/Modification • Corporate Espionage
- 7. How is data lost/stolen Insiders – User sends it – Recycle non-wiped devices – Weak or no passcode – Access malicious web site – Install software – Weaken settings
- 8. How is data lost/stolen Outsiders • Man in The Middle (MiTM) • Social Engineering • Logical or physical access
- 9. Attack Mitigations Physical Security Passcode, encryption, possession Network Security Use known networks (network spoofing) Disable unneeded services Malware Security Use the primary app stores, update OS/Apps Don’t root/jailbreak
- 10. Attack Vectors
- 11. Keeping OS and Applications Updated OS/App update checklist: • Has the update been regression tested? • What will the requirement be for applying that update? • Who is responsible to update the items and how will the update be applied? • What are the consequences of not applying updates? • What is your communication plan to affected parties?
- 13. Mobile Device Management Addresses the following areas well • Inventory • Configuration • Baseline • Provision Corporate Apps • Secure browser • Location tracking • Remote wipe, lock, password
- 14. Mobile Device Management Not intended to address: • Real-time threat detection • Malware analysis • Network protection • Vulnerability analysis
- 15. Adventures in Management Containerization • Mixed results, nice for BYOD Application Wrapping • Network, Authentication VPN • Per-app VPN • Full Device VDI
- 16. Threat Intel and Analytics Sources contain analyzed data: • Threat Actors (apps, networks, services) • Vulnerabilities • Exploits • Indicators of Compromise (IOC)
- 17. New Solutions • Application analysis • Location based defense • Distributed threat intelligence Challenge: Automation & Integration
- 18. New Paradigm What’s missing? Real-time risk analysis Location based threat response Distributed data collection
- 19. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 19 Old Endpoint Vs. New Endpoint IPS IDS FIREWALL USB SECURITY DLP DATA ENCRYPTION WIRELESS SECURITY APPLICATION CONTROL AV ?
- 20. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 20 Mobile Threat Landscape Physical Network Vulnerabilities Malware
- 21. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 21 Mobile Threat LandscapePhysical Network Vulnerabilities Malware
- 22. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 22 Mobile Threat LandscapePhysical Network Vulnerabilities Malware Man in the Middle WifigatePineapple arpspoofdnsspoof SSL stripping SSL decryption Content manipulation https://www.youtube.com/watch?v=F9qIgSRD5vs
- 23. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 23 Mobile Threat LandscapePhysical Network Vulnerabilities Malware “The Ultimate Reason Why Hackers Are Winning the Mobile Malware Battle” USA 2016 February 29 – March 4 Moscone Center, San Francisco Android Google Play Store Apple AppStore ”Chinese” Stores XcodeGhost YiSpecter Repackaged Apps Malicious Profiles iOS
- 24. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 24 Mobile Threat Landscape 0 50 100 150 200 250 300 350 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of CVEs Trajectory (Apr 15') 0 50 100 150 200 250 300 350 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of CVEs Physical Network Vulnerabilities Malware iOS Vulnerabilities Source: Skycure analysis based of CVEdetails.com
- 25. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 25 Skycure Solution Overview Physical Network Vulnerabilities Malware • 24x7 detection and protection • Network, device and app analysis • Multi platform Seamless experience Privacy Minimal footprint End-User App
- 26. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 26 Skycure Solution Overview Physical Network Vulnerabilities Malware • Policy enforcement • Risk-based management • Enterprise integrations • Visibility Security Visibility IT Satisfaction Management • 24x7 detection and protection • Network, device and app analysis • Multi platform End-User App Seamless experience Privacy Minimal footprint
- 27. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 27 1 Million+ Global Threats Identified https://maps.skycure.com Millions of apps & networks tested monthly Crowd Wisdom 3rd Party Threat Databases Machine Learning Skycure Research Attackers & Threats Legitimate Apps & Services Mobile Threat Intelligence Platform
- 28. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 28 Have You Been Breached? 92% of users click on “Continue” compromising their Exchange identity (username and password) Source: Skycure Threat Intelligence
- 29. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 29 Why Customers Choose Skycure Public App Future-proof, end-user privacy & adoption Seamless Minimal impact on battery or data usage Proactive Predict, detect and prevent attacks Enterprise-grade Deployed at multiple Fortune 500 companies Skycure Research Discovered most talked about vulnerabilities Crowd Wisdom Profile good & bad app/network behaviors
- 30. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 30 Free Mobile Security Assessment Stage I: - Deployment: Less than a minute - Action: Install Skycure on 5-20 devices - Focus: End user requirements (connectivity, user experience, etc.) Stage II: - Duration: 1 hour - Action: Review Skycure Assessment Report - Focus: Organizational requirements (security, visibility, etc.) 0% 20% 40% 23% 30% 35% 41% 1 Month 2 Months 3 Months 4 Months
- 31. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 31 Next Steps Request a FREE 30 Day Trial! 1-800-650-4821 sales@skycure.com https://www.skycure.com/trial https://blog.skycure.com @SkycureSecurity TRIAL
- 32. Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. © 2016 The SANS™ Institute – www.sans.org 32
- 33. Acknowledgements Thanks to our sponsor: To our special guest: Mic McCully And to our attendees: Thank you for joining us today © 2016 The SANS™ Institute – www.sans.org 33
Notas del editor
- Teamwork between IT and users is needed to secure mobile devices Technology limitations are always being stretched both in the devices and the management solution Were going to talk about what both sides can do, then introduce some new options that may be able to close some of the gaps in the armor to create a more comprehensive solution. -- The ubiquitous use of mobile devices has radically changed the landscape of data protection, and the abundance of applications only complicates the situation. Regrettably, not every application is what it seems. Users can't always detect a well-crafted forgery or application that secretly exfiltrates data in addition to the displayed functions. Additionally, not every network is what it seems. Users stumble across illegitimate networks that a intercept or even change legitimate communications from mobile devices. And even legitimate operating systems and applications have numerous vulnerabilities that can be exploited. How, then, can mobile device data be protected? This webcast reviews the current and emerging services and practices designed to help secure and protect the data on these devices, and identifies areas where solutions are needed to fill the remaining gaps and provides recommendations for a holistic approach including mobile threat protection. Attendees will learn: What role security tools such as analytics can play in managing mobile devices What the risks are to mobile devices How mobile devices and data are currently protected and how effective those protections are Common attack vectors and possible mitigation strategies Features and capabilities that a solution should have to provide organizations with ideal mobile security and visibility
- Behaviors that increase the risk of compromise when compared to traditional laptop Apps: Legitimate app store only – helps – most common sources of mobile malware are secondary app stores (Apple/Google) Repackaged apps – look just like the legitimate app – but have added behaviors. Some had it all alon Permissions – it is confusing for users to understand the permissions, particularly in Android, and many folks just click “Accept” Always connected – looking for known wi-fi Default behavior is Wi-Fi connects to strongest signal for known network Wi-fi compromised three ways Misconfigured router is compromised – legit connection, legit AP, still owned Malicious device on legitimate network accessing information or providing bogus services Fake real network (Karma, Pineapple) Always on Most people don’t suspend the devices, so they’re available for exploit 24x7 People process information 24x7, independent of location People switch between personal and business processing on the same device Data Security To support this paradigm, applications are often written to favor speed over security. E.g. mobile application uses http, while browser versions use https. Patching/Updates Traditional IT – we push the patches, and can patch most ongoing Smartphones – limited device lifecycle, patch availablilty inconsisistent Application updates are in the users hands. While we can use a EMM to push updates of corporate apps, the others are in user control.
- What’s so important on those devices? Corporate Data Personal Data Information about you, your friends, your company How to reach others How to connect Stored passwords in applications Stored username/passwords in notes/documents/contacts – or insecure password management apps. Sensitive personal or sensitive corporate data Why – Next slide
- This is kind-of the point. To Become you To act as you To become someone else Data for further action/compromise. Consider the data as pieces of a puzzle, which solving allows access your data/systems Ask Why to expose the risks. Be well aware of what the devices do, what information they process and how that information can be used & abused
- 0Insider – So often they are trying to get their job done. Type of Insider + type of action = = loss Accidental - Malicious Theft Hactivists Deliberate - Email it to my home so I can work on it Take shot with camera because can’t copy/paste… Cloud use Personal gain, revenge, etc. Accidental Respond/Forward wrong email, Put file in wrong folder, Too much data in document or message Connecting to a malicious, compromised or misleading network (free public wi-fi anyone?) PWN2OWN – Fully patched Android, could install any app by Chrome hitting web site. *Network legit, device legit, even so---
- Were it as simple as a burglar- Separately or in combination Users leveraged to aid the process – install malicious or repackaged apps. Some protections prevents installation of top of legit copies. Talk bout physical access soon
- Download a Mobile Security App = from AV to More comprehensive solutions
- Mobile device operating systems and applications vulnerabilities drive the need to keep the OS and applications updated. When a device needs an update, ask:
- Deployment Provision OTA Ease of on/off-boarding End User Experience Low battery use Low data use (Esp. BYOD) Threat Detection Network Malware Device Vulnerabilities Management and Administration Detected threat reporting Identify device OS vulnerabilities Per-device Risk estimate Reporting Other Seim integration API
- Deployment Provision OTA Ease of on/off-boarding End User Experience Low battery use Low data use (Esp. BYOD) Threat Detection Network Malware Device Vulnerabilities Management and Administration Detected threat reporting Identify device OS vulnerabilities Per-device Risk estimate Reporting Other Seim integration API
- Containers- Common security model Users often want to work outside container as apps/functions not in-container Provides nice hardened spot for BYOD Must configure data in/exfil settings Application Wrapping To add to container or MDM, but, need source and application has to use frameworks wrapping tool supports. Secure Network access Authentication integration VPN- Per application – possibly exploitable as kernel controls Full device – any malware on device can access, can leverage network controls for remote access. VDI Connectivity and user experience largest challenges
- Beyond analysis and human intervention Typically, reports are read by local analyst and actions taken, blended with data from local systems Real time application of data is needed The mobile device could be an added source of threat data Imagine aggregating data from thousands of mobile devices?
- Application analysis Not just in-house, there are services that provide this information Location based defense Distributed threat intelligence Imagine dynamically changing the security configuration based on distributed threat information and device location? ** Make sure setting revert when appropriate ** For example DefCon BlueTooth attacks were mitigated by disablement of BT. Manual analysis and application of threat information won’t scale.
- Transition to SkyCure
- The thing that is common in most of the reasons mentioned in the previous slide is Endpoints. If we talk about Old Endpoints they are full of security solutions – IDS, IPS, Av, Wireless security, USB security, Encryption, DLP, and so on. (CLICK) What about the new Endpoints? What kind of security do you have on them?