protecting those at risk in a mobile environment · • url d/b from rulespace, websense,...

Protecting those at risk in a mobile environmentSecuring the mobile market

Commercial: In Confidence 2Confidential © AdaptiveMobile Security Ltd 2007

Contents

Introduction1

3 Mobile Web Filtering

4 Message Filtering (MMS, SMS, Email)

5 Value added services

2 PolicyControl overview


Introducing AdaptiveMobile

AdaptiveMobile is the leading mobile security provider of unified customer protection for enterprises and individuals with over 95 million subscribers under our protection

We offer comprehensive proactive protection from the increasingly prominent threat of mobile viruses, malware, inappropriate content, unsolicited communications and spam at a corporate and consumer level.

AdaptiveMobile’s software works across all mobile and wireless bearers, for all technologies including messaging, internet and video.

AdaptiveMobile was founded in 2003 and boasts some of the world's largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The company is headquartered in Dublin with offices in the North America, Europe, South Africa, Middle East and Asia Pacific.


Protecting subscribers

Consumer MarketsGrowth in phone adoption by children:

• Number of teenagers own a phone is on the increase

• Average age for a child to get a first phone is on the decrease

Regulatory and legal concerns over unrestricted access to content

Parental concern over inadvertent and uncontrolled use

Bullying and harassment via mobiles increasing

Business Markets

Increasing mobile usage (Data, Messaging)Increasing Director liability

(Harassment, Inappropriate content)Greater adoption of Smart-phone devicesFear of uncontrolled spend unmatched to value


Building mobile loyalty

- Preventing exploitation- Controlling access to inappropriate content- Identifying, isolating and removing malware- Providing parents and employers with control

- Protecting privacy- Intercepting unsolicited messaging- Maintaining subscriber anonymity

- Pushing personalisation- Content recommendations- Targeted advertising- Subscriber profiling


Content Filtering Capabilities

Traffic Control Content Filtering ActionsContent

Categorisation

Text Inspection Malware

Spam Content Analysis

Block

Redirect

Modify

Notify

Report

Age

V

erifi

catio

n

• Illegal

• Adult

•Inappropriate

•Business & Entertainment

•Content partner tagging

Opt in/opt outFriends & FamilyPersonal Whitelist

Individual Blacklist Subscription controls

Traffic Analysis-Anti-flooding-Anti spoofing/faking-Suspicious traffic pattern detection

• Image Signatures• Image Analysis

Identity• Applications

OffensiveInappropriate Content Keyword detection

Viruses TrojansRogue Applications

Identity & Privacy ManagementContent & file signatures

Spam DetectionRBLSignature matchingAnti-phishing

CONTENT SECURITY

SMS

MMS

Email

Mobile Web

P2P

Voice

IMS

GSM /CDMA

Converged

WiFi

WiMAX

PARENTAL CONTROLS / CORPORATE CONTROLS

Bea

rer

Con

vers

ion

Con

tent

In

serti

onM

essa

ge

Ret

entio

nB

ehav

iour

Ana

lysi

sR

eque

st

Tagg

ing

ImageAnalysis

P2P Application Controls


Contents

Introduction1






Product overview

NetworkOperationsCentre


Subscriber Policy Register (SPR)

The SPR provides the interfaces to deliver user and group / operator security policies

• Category permissions• Blacklists / whitelists / walled garden• Redirect filters• Notification rules

LDAP / XML / RDBMS / RADIUS interface to existing user databases to utilise existing subscriber information

Caching of retrieved user information to improve performance and reduce load on external database servers

In-memory policy management

Flexible distribution of subscriber data between SPR and existing databases

Policy Management Reporting System

Administration Notification

Policy Decision Engine

SubscriberPolicy

Register

SecurityFilter

Manager

Administration Interfaces

Policy Enforcement Adapters


Sample policy hierarchy


Query Subscriber

Policy

SubscriberSubscriberPolicyPolicy

RegisterRegister

Query Subscriber

Policy

Policy Policy Decision Decision EngineEngine

MSISDNContent Filter: Under_18_Pre

Anti-Virus: Subscribed

(existing)Subscriber Provisioning

DatabaseUnder_18_PreContent Filter

- Gambling

- Adult/Mature

- etc

Anti-virus

- ON

Content Request/

Filtered Response

Apply Subscriber

Policy to content

CRM integration

Request user status

Return:Content Filter provisioning status

Policy Name



Applies individual subscriber policy to provide unique filtering decision in real time.

• Supporting millions of individual policies• Engineered to scale to all subscribers in a network• Minimised processing time for each transaction

Manages initiation of security component analysis based on message type and sender / recipient profile eg:

• Web request: URL database / dynamic rating• MMS: application signature, virus signature, text analysis, URL

category, image signature, image analysis …

Manages message and request manipulation based on responses from security components and user profile

• Block / Redirect• Notify• Manipulate (including advert insertion)• Log




SubscriberPolicy

Register

SecurityFilter

Manager




Security Filter Manager

Supports and abstracts multiple third-party security components to allow plug and play migration

• Illegal lists (IWF, NCMEC)• Content provider rating lists• URL d/b from Rulespace, Websense, SurfControl, Symantec• Dynamic rating• Anti-virus from McAfee, Trend, Sophos, Symantec• Anti-spam from Symantec, Cloudmark, RBL’s• Image analysis and image signatures• Realtime security & phishing lists from Websense, Google

Supports override lists and signatures for local administrators; and global signature updates from AdaptiveMobile

Manages update processes from multiple vendors via AdaptiveMobile NOC




SubscriberPolicy

Register

SecurityFilter

Manager




Policy Management Console

Policy Manage

mentReporting System



SubscriberPolicy

Register

SecurityFilter

Manager




System Administration

ReportingSystem Admini stration

Notification


SubscriberPolicy

Register

SecurityFilter

Manager



Policy Management


Contents

Introduction1






Ensure appropriate access to all on-net and off-net content based on the individual user’s profile

Age Verified

Unrestricted Access to all under 18’s

Mobile web filtering


Filtering waterfallTr

affic

Lev

els

New site rating (99%)

Not to scale100%100%Opt-in/out(up to 90%)

20%20%Dynamic whitelisting (40-60%)

10%10%

URL D/B(up to 99.9%)

0.1%0.1%

0.001%0.001% Uncategorisable


The real scale of the problem

Total Traffic12m hits:

1.8m unique URL’s

70.2% - Internal or Partner

sites

29.8% - Externalsites

5.0% - Adult Content [27,009]

24.4% - CategorisedNon-Adult

Content

0.5% - Uncategorised Content [9,632]

(but 0.017% of traffic hits)

Global composite from analysis across 5 major operators

29.9% - Dead links and typos

50.9% - Non adultContent

18.5% - Webmail (corporate)

0.7% - Adult [6 URLs]

Analysis of the 0.5% Uncategorised Content


Policy Decision

Engine

Content Filtering (Mobile Web)

Subscriber Profile Retrieved

Subscriber Policy Retrieved

Blocked Allowed

Redirect

Existing Customer

Information Database

Subscriber Policy Register (SPR)

Content

Content Request

Content Delivered

Is user opted in?To which group?


PolicyFilter (Mobile Web)

Whitelisted

URLs

Blacklist

URLs

Dynamic Categorization

ProcessURL Category

Database

URL Category Override

URL Database Update Service

Requested

URL Filter Result

Walled

Garden Deliver URL

Deliver URL

Redirect

Individual Profile

Parental Control

Corporate Control

Operator / MVNO

Policies


Redirect capabilities

Redirection of subscriber requests to a specific location based on

• Subscriber profile (Corporate, Consumer etc)– Redirect to a specific page on a portal– Redirect to a custom corporate customer page– Pass user variables to support page customisation

• Adult Verification Status (redirect to a verification page)– Redirect to an information page– Redirect to an age verification page

Request manipulation– Redirect to an alternative service (route Google to Yahoo!)– Turn safe search capabilities on– Provide user tokens (age range, preferences) to trusted third-

parties


Filter

Handling uncategorised sites

Uncategorised

Site1st Request

Categorisation

of site

Update to URL override list

Decision based on group policy for uncategorised sites

Block Allow

Subsequent Requests

Decision based on group policy for site category

Block Allow

CFE

Uses one or more dynamic rating engines

Priority SLA-based Manual Review

Submission and measurement of URL d/b vendor updates


Mobile web reporting

Monitoring usage for• Operations• Marketing• Corporate Subscriber

Services

Delivering:• Increased content

revenue• Enhanced subscriber

profiling• Value-added services


Contents

Introduction1






SMSSMS MMSMMS EmailEmail

Protecting against

Interconnect & on-net spam

Interconnect fraud

Harassment / bullying

Inappropriate content

Malware initiated SMS

Offensive / illegal text

Phishing or inappropriate Wap push

Premium content subscription management

Protecting against

Spam

Inappropriate text / images

Virus replication

Malware initiated downloads

Inappropriate web links / phishing

Harassment / bullying

Privacy infringement

Protecting against

Spam

Mobile viruses

Anti phishing

Blacklisting of operator’s own email service

Message Filtering


Message

Filter

Message Filtering

Subscriber Profile Retrieved

Subscriber Policy Retrieved

Blocked

Delivered

Customer Information Database

SPR

Message Sent

ModifyNotify


PolicyFilter (MMS, SMS, Email)

Applies individual message filtering decision in real-time• Supporting millions of individual policies• Engineered to scale to all subscribers in the network• 50ms average processing time for each message

Covers all bearers consistently based on individual user profile• SMS, MMS, Email

Supports multiple 3rd party technologies for • Anti-Virus/Anti-Spam; McAfee, Symantec, TrendMicro• Image Analysis

Provides configurable notification services to subscribers and administrators

Providers early warning of ‘suspect’ traffic patterns in the network


PolicyFilter (SMS, MMS, Email)

Global Traffic

Controls

Trafficanalysis

Anti Virus Anti Spam Personal BlacklistWhitelist

ContentFiltering

On-netMM1

SS7 (Activity detection + blocking)

InterconnectMM3 / MM4

SMTP

SS7 (Activity detection + blocking)

VASPMM7

SMPP Not Applicable

CIMD2 Not Applicable

Interconnect frauds


PolicyFilter (MMS)

Personal whitelist /blacklist

Text analysis

Manual Review

Image Analysis

Signature comparison

MMS Filter Result

Virus scanning

Deliver

Modify

Notify

Reject

Individual Profile

Parental Control

Corporate Control

Operator / MVNO

Policies

Disinfect


PolicyFilter (SMS)

Protocol consistency

& SMSC blacklist

Spam signatures Manual

Review

Content Category

Text & URL analysis

SMS Filter Result

Personal blacklist / whitelist

Deliver

Modify

Notify

Reject

Individual Profile

Parental Control

Corporate Control

Operator / MVNO

Policies

Disinfect


Inbound fraud detectionDynamic blocking of blacklisted or spoofed “SMSC” addresses Content filtering based on target subscribers profile/preferencesDynamic filtering of SPAM or phishing SMSDynamic filtering of IMSI trawling

SMS: Interconnect Filtering

Home core network

3rd Party, internationalSMSCs

International SS7 Network

GWMSC

Subscriber

UnfilteredInbound SMS Interconnect

Interception Point

PCFFiltering

The SMS is processed and either:

- delivered unchanged

- modified and delivered

- blocked


SMS: Interconnect Filtering

Home core network

3rd Party, internationalSMSCs

International SS7 Network

GWMSC

Subscriber

Filtered Outbound SMS

PCFFiltering

Unfiltered Outbound SMS

Outbound fraud detection and filtering(Open SMSC)

The SMS is processed and either:

- delivered unchanged

- modified and delivered

- blocked


SMS: Content Provider Filtering

Age-related control over use of premium-rate services

Enforcement of user “STOP” command on per-user/per-service basis

Audit of content / short code contracts

Management of user preferences

Mobile terminated (MT) messages from content providers over SMPP/ / CIMD


SMS: Content Provider Filtering

Value Added Service Providers

Home networkSMSC

Subscriber

Home CoreNetwork

MDCEFiltering

STP

MSC

SMPP/IPProxy (1) Access OK

(2) Access Restricted -Advice SMS sent to

Subscriber

Age-related control over use of subscription to premium-rate services

Corporate control of subscription to premium-rate services.

Age-related control over use of subscription to premium-rate services

Corporate control of subscription to premium-rate services.

Mobile originated (MO) messages from content providers over SMPP/ / CIMD


SMS: Peer to Peer (MO->MT)

Home networkSMSC

MO Subscriber

Home CoreNetwork

PCFFiltering

MSC

STP

MT Subscriber

MSC

Implementation of personal White/Blacklists

Closed user group filtering for corporate, VIPs or parental control


Email: Outbound SMTP filtering

IP Address pools are being blocked by ISP

Mobile subscribers using datacards are connecting to external mail services like hotmail

If they are infected with Virus or are seen as a source of SPAM the IP address they are using is blacklisted

These IP addresses are pooled for all subscribers in your network – Corporate customers can be denied service


Email: Outbound SMTP filtering

Intercept and re-direct SMTP traffic to an inspection platform:

• Anti-Virus Check• Anti-Spam Check

Remove or filter virus attachments and SPAM messaging.

Collect information on users that are sources of VIRUS and SPAM and direct marketing information to them• Resell PC Anti-virus• Deny service malicious users


Contents

Introduction1






Driving new revenues

Handset virus Disinfection

MMS

Email

Web

SMS to MMS

Network Protection

SubscriberProfiling

Cost Protection

Churn Protection

Advert insertion

MMS to Email

Revenue Growth

New revenue from existing customers New revenue sources

Profiling

Portal Optimisation

SMS

• Infected handsets• Rogue applications• Spam bots• DoS

Content manipulation

• Content preferences• Mobile content purchases• P2P network analysis

Parental Controls / Enterprise Controls

• MMS Interception• SMS Interception• Web redirection• Email Interception


Parental Controls


(3) The subscriber can then use the link in the notification to download a specific cleanser for their phone.

Virus Disinfection

(2) Policy Filter detects infection and generates a virus notification (SMS or MMS) to the infected device, pointing them at the correct client or disinfect

(1) Subscriber sends Virus or Spam message from device or laptop

Virus Recovery Engine

Virus Recovery Engine

http://www.operamini.com/download/?phone=i-mate_pocket_pc_phone_edition


MMS to Email (Personal whitelisting)

(1) Subscriber sends MMS to Email address(2) PolicyFilter (MMS) adds email

address to the sender’s personal whitelist and delivers via MMSC

Email Delivered over MM3

Email Reply sent

(3) PolicyFilter (MMS) confirms email sender is on subscriber’s personal whitelist and delivers email as MMS

http://www.operamini.com/download/?phone=i-mate_pocket_pc_phone_edition


Subscriber Profiling

Subscriber-centric filtering generates insight into subscriber preferences

- What they do off-net- What they buy through m-payments and SMS- Who they communicate with- Who they influence

- Building up views of users preferences for types of media and content, - their propensity to browse to drive data usage- their propensity to purchase to drive content revenues

- Together, increasing the value of mobile as an advertising medium


Subscriber Profiling

Subscriber Profiling used to identify groups of users who are going off-net for content:

-Allows for promotion of on-portal services to target subscribers

- Identifies new revenue-generating content and applications

- Allows integration to portal content management to provide personalisation of deck

Subscriber Profiling used to identify groups of users who are going off-net for content:

-Allows for promotion of on-portal services to target subscribers

- Identifies new revenue-generating content and applications

- Allows integration to portal content management to provide personalisation of deck

Portal Optimisation

Portal Optimisation

Provide content partners with information on individual subscribers

- Age group- Content preferences by subject - Propensity to purchase by content type

While retaining the privacy of the individual subscriber

Provide content partners with information on individual subscribers

- Age group- Content preferences by subject- Propensity to purchase by content type

While retaining the privacy of the individual subscriber

SubscriberTagging

SubscriberTagging


SMS to MMS with Advert Insertion


Mobile advertising

RelevanceRelevance

Web MMS SMS

PolicyFilter (Mobile Advertising)

-Identifies which messages are applicable for advertising based on user policy

- Can analyse content to determine what adverts are most applicable

- Can insert advert from 3rd party campaign manager

PolicyFilter (Mobile Advertising)

-Identifies which messages are applicable for advertising based on user policy

- Can analyse content to determine what adverts are most applicable

- Can insert advert from 3rd party campaign manager

DeliveryDelivery

Subscriber Policy Register (Mobile Advertising)

- What adverts are appropriate for each user (permissions)

- What content categories each user is interested in (preferences)

- What types of advertising each user will accept and for which communications

Subscriber Policy Register (Mobile Advertising)

- What adverts are appropriate for each user (permissions)

- What content categories each user is interested in (preferences)

- What types of advertising each user will accept and for which communications

••InIn--MessageMessage ••Pre / Post TextPre / Post Text••Post MessagePost Message

••InterstitialInterstitialpagespages


Telecom Grade Architecture

Our solution has been designed specifically for telecom service providers environment• Telecom environment certified system platforms• Highly available configurations• Open system interfaces for integration

– Reference databases– Customer self-care portals– Network adapters for integration with existing infrastructure

• A number of reference platforms to meet specific IT infrastructure policies

http://welcome.hp.com/country/us/en/welcome.html

http://www.intel.com/index.htm?iid=CorporateV3+Header_1_Logo

http://images.google.com/imgres?imgurl=http://www.centuryclub100.org/img/sun_logo.jpg&imgrefurl=http://euskadigital.net/enredando_net/euskal_13/ponencias.htm&h=160&w=300&sz=27&tbnid=vKad2NTyQuW0aM:&tbnh=59&tbnw=111&prev=/images%3Fq%3Dsun%2Bmicrosystems%2Blogo&start=3&sa=X&oi=images&ct=image&cd=3


AdaptiveMobile advantages

Proven scalability Across millions of subscribers;

Lowest total cost of ownership Through unified solution for content filtering, subscriber protection and anti virus.

Consistent content and subscriber based filtering Across all traffic bearers (SMS, MMS, IMS, Web/Wap)

Flexible service creation For consumer segments and individual corporates

Rapid extensibility of subscriber-protection Through integration with major telecom equipment vendors and security vendors

protecting those at risk in a mobile environment · • url d/b from rulespace, websense,...

Documents