protecting those at risk in a mobile environment · • url d/b from rulespace, websense,...
TRANSCRIPT
Protecting those at risk in a mobile environmentSecuring the mobile market
Commercial: In Confidence 2Confidential © AdaptiveMobile Security Ltd 2007
Contents
Introduction1
3 Mobile Web Filtering
4 Message Filtering (MMS, SMS, Email)
5 Value added services
2 PolicyControl overview
Commercial: In Confidence 3Confidential © AdaptiveMobile Security Ltd 2007
Introducing AdaptiveMobile
AdaptiveMobile is the leading mobile security provider of unified customer protection for enterprises and individuals with over 95 million subscribers under our protection
We offer comprehensive proactive protection from the increasingly prominent threat of mobile viruses, malware, inappropriate content, unsolicited communications and spam at a corporate and consumer level.
AdaptiveMobile’s software works across all mobile and wireless bearers, for all technologies including messaging, internet and video.
AdaptiveMobile was founded in 2003 and boasts some of the world's largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The company is headquartered in Dublin with offices in the North America, Europe, South Africa, Middle East and Asia Pacific.
Commercial: In Confidence 4Confidential © AdaptiveMobile Security Ltd 2007
Protecting subscribers
Consumer MarketsGrowth in phone adoption by children:
• Number of teenagers own a phone is on the increase
• Average age for a child to get a first phone is on the decrease
Regulatory and legal concerns over unrestricted access to content
Parental concern over inadvertent and uncontrolled use
Bullying and harassment via mobiles increasing
Business Markets
Increasing mobile usage (Data, Messaging)Increasing Director liability
(Harassment, Inappropriate content)Greater adoption of Smart-phone devicesFear of uncontrolled spend unmatched to value
Commercial: In Confidence 5Confidential © AdaptiveMobile Security Ltd 2007
Building mobile loyalty
- Preventing exploitation- Controlling access to inappropriate content- Identifying, isolating and removing malware- Providing parents and employers with control
- Protecting privacy- Intercepting unsolicited messaging- Maintaining subscriber anonymity
- Pushing personalisation- Content recommendations- Targeted advertising- Subscriber profiling
Commercial: In Confidence 6Confidential © AdaptiveMobile Security Ltd 2007
Content Filtering Capabilities
Traffic Control Content Filtering ActionsContent
Categorisation
Text Inspection Malware
Spam Content Analysis
Block
Redirect
Modify
Notify
Report
Age
V
erifi
catio
n
• Illegal
• Adult
•Inappropriate
•Business & Entertainment
•Content partner tagging
Opt in/opt outFriends & FamilyPersonal Whitelist
Individual Blacklist Subscription controls
Traffic Analysis-Anti-flooding-Anti spoofing/faking-Suspicious traffic pattern detection
• Image Signatures• Image Analysis
Identity• Applications
OffensiveInappropriate Content Keyword detection
Viruses TrojansRogue Applications
Identity & Privacy ManagementContent & file signatures
Spam DetectionRBLSignature matchingAnti-phishing
CONTENT SECURITY
SMS
MMS
Mobile Web
P2P
Voice
IMS
GSM /CDMA
Converged
WiFi
WiMAX
PARENTAL CONTROLS / CORPORATE CONTROLS
Bea
rer
Con
vers
ion
Con
tent
In
serti
onM
essa
ge
Ret
entio
nB
ehav
iour
Ana
lysi
sR
eque
st
Tagg
ing
ImageAnalysis
P2P Application Controls
Commercial: In Confidence 7Confidential © AdaptiveMobile Security Ltd 2007
Contents
Introduction1
3 Mobile Web Filtering
4 Message Filtering (MMS, SMS, Email)
5 Value added services
2 PolicyControl overview
Commercial: In Confidence 8Confidential © AdaptiveMobile Security Ltd 2007
Product overview
NetworkOperationsCentre
Commercial: In Confidence 9Confidential © AdaptiveMobile Security Ltd 2007
Subscriber Policy Register (SPR)
The SPR provides the interfaces to deliver user and group / operator security policies
• Category permissions• Blacklists / whitelists / walled garden• Redirect filters• Notification rules
LDAP / XML / RDBMS / RADIUS interface to existing user databases to utilise existing subscriber information
Caching of retrieved user information to improve performance and reduce load on external database servers
In-memory policy management
Flexible distribution of subscriber data between SPR and existing databases
Policy Management Reporting System
Administration Notification
Policy Decision Engine
SubscriberPolicy
Register
SecurityFilter
Manager
Administration Interfaces
Policy Enforcement Adapters
Commercial: In Confidence 10Confidential © AdaptiveMobile Security Ltd 2007
Sample policy hierarchy
Commercial: In Confidence 11Confidential © AdaptiveMobile Security Ltd 2007
Query Subscriber
Policy
SubscriberSubscriberPolicyPolicy
RegisterRegister
Query Subscriber
Policy
Policy Policy Decision Decision EngineEngine
MSISDNContent Filter: Under_18_Pre
Anti-Virus: Subscribed
(existing)Subscriber Provisioning
DatabaseUnder_18_PreContent Filter
- Gambling
- Adult/Mature
- etc
Anti-virus
- ON
Content Request/
Filtered Response
Apply Subscriber
Policy to content
CRM integration
Request user status
Return:Content Filter provisioning status
Policy Name
Commercial: In Confidence 12Confidential © AdaptiveMobile Security Ltd 2007
Policy Decision Engine
Applies individual subscriber policy to provide unique filtering decision in real time.
• Supporting millions of individual policies• Engineered to scale to all subscribers in a network• Minimised processing time for each transaction
Manages initiation of security component analysis based on message type and sender / recipient profile eg:
• Web request: URL database / dynamic rating• MMS: application signature, virus signature, text analysis, URL
category, image signature, image analysis …
Manages message and request manipulation based on responses from security components and user profile
• Block / Redirect• Notify• Manipulate (including advert insertion)• Log
Policy Management Reporting System
Administration Notification
Policy Decision Engine
SubscriberPolicy
Register
SecurityFilter
Manager
Administration Interfaces
Policy Enforcement Adapters
Commercial: In Confidence 13Confidential © AdaptiveMobile Security Ltd 2007
Security Filter Manager
Supports and abstracts multiple third-party security components to allow plug and play migration
• Illegal lists (IWF, NCMEC)• Content provider rating lists• URL d/b from Rulespace, Websense, SurfControl, Symantec• Dynamic rating• Anti-virus from McAfee, Trend, Sophos, Symantec• Anti-spam from Symantec, Cloudmark, RBL’s• Image analysis and image signatures• Realtime security & phishing lists from Websense, Google
Supports override lists and signatures for local administrators; and global signature updates from AdaptiveMobile
Manages update processes from multiple vendors via AdaptiveMobile NOC
Policy Management Reporting System
Administration Notification
Policy Decision Engine
SubscriberPolicy
Register
SecurityFilter
Manager
Administration Interfaces
Policy Enforcement Adapters
Commercial: In Confidence 14Confidential © AdaptiveMobile Security Ltd 2007
Policy Management Console
Policy Manage
mentReporting System
Administration Notification
Policy Decision Engine
SubscriberPolicy
Register
SecurityFilter
Manager
Administration Interfaces
Policy Enforcement Adapters
Commercial: In Confidence 15Confidential © AdaptiveMobile Security Ltd 2007
System Administration
ReportingSystem Admini stration
Notification
Policy Decision Engine
SubscriberPolicy
Register
SecurityFilter
Manager
Administration Interfaces
Policy Enforcement Adapters
Policy Management
Commercial: In Confidence 16Confidential © AdaptiveMobile Security Ltd 2007
Contents
Introduction1
3 Mobile Web Filtering
4 Message Filtering (MMS, SMS, Email)
5 Value added services
2 PolicyControl overview
Commercial: In Confidence 17Confidential © AdaptiveMobile Security Ltd 2007
Ensure appropriate access to all on-net and off-net content based on the individual user’s profile
Age Verified
Unrestricted Access to all under 18’s
Mobile web filtering
Commercial: In Confidence 18Confidential © AdaptiveMobile Security Ltd 2007
Filtering waterfallTr
affic
Lev
els
New site rating (99%)
Not to scale100%100%Opt-in/out(up to 90%)
20%20%Dynamic whitelisting (40-60%)
10%10%
URL D/B(up to 99.9%)
0.1%0.1%
0.001%0.001% Uncategorisable
Commercial: In Confidence 19Confidential © AdaptiveMobile Security Ltd 2007
The real scale of the problem
Total Traffic12m hits:
1.8m unique URL’s
70.2% - Internal or Partner
sites
29.8% - Externalsites
5.0% - Adult Content [27,009]
24.4% - CategorisedNon-Adult
Content
0.5% - Uncategorised Content [9,632]
(but 0.017% of traffic hits)
Global composite from analysis across 5 major operators
29.9% - Dead links and typos
50.9% - Non adultContent
18.5% - Webmail (corporate)
0.7% - Adult [6 URLs]
Analysis of the 0.5% Uncategorised Content
Commercial: In Confidence 20Confidential © AdaptiveMobile Security Ltd 2007
Policy Decision
Engine
Content Filtering (Mobile Web)
Subscriber Profile Retrieved
Subscriber Policy Retrieved
Blocked Allowed
Redirect
Existing Customer
Information Database
Subscriber Policy Register (SPR)
Content
Content Request
Content Delivered
Is user opted in?To which group?
Commercial: In Confidence 21Confidential © AdaptiveMobile Security Ltd 2007
PolicyFilter (Mobile Web)
Whitelisted
URLs
Blacklist
URLs
Dynamic Categorization
ProcessURL Category
Database
URL Category Override
URL Database Update Service
Requested
URL Filter Result
Walled
Garden Deliver URL
Deliver URL
Redirect
Individual Profile
Parental Control
Corporate Control
Operator / MVNO
Policies
Commercial: In Confidence 22Confidential © AdaptiveMobile Security Ltd 2007
Redirect capabilities
Redirection of subscriber requests to a specific location based on
• Subscriber profile (Corporate, Consumer etc)– Redirect to a specific page on a portal– Redirect to a custom corporate customer page– Pass user variables to support page customisation
• Adult Verification Status (redirect to a verification page)– Redirect to an information page– Redirect to an age verification page
Request manipulation– Redirect to an alternative service (route Google to Yahoo!)– Turn safe search capabilities on– Provide user tokens (age range, preferences) to trusted third-
parties
Commercial: In Confidence 23Confidential © AdaptiveMobile Security Ltd 2007
Filter
Handling uncategorised sites
Uncategorised
Site1st Request
Categorisation
of site
Update to URL override list
Decision based on group policy for uncategorised sites
Block Allow
Subsequent Requests
Decision based on group policy for site category
Block Allow
CFE
Uses one or more dynamic rating engines
Priority SLA-based Manual Review
Submission and measurement of URL d/b vendor updates
Commercial: In Confidence 24Confidential © AdaptiveMobile Security Ltd 2007
Mobile web reporting
Monitoring usage for• Operations• Marketing• Corporate Subscriber
Services
Delivering:• Increased content
revenue• Enhanced subscriber
profiling• Value-added services
Commercial: In Confidence 25Confidential © AdaptiveMobile Security Ltd 2007
Contents
Introduction1
3 Mobile Web Filtering
4 Message Filtering (MMS, SMS, Email)
5 Value added services
2 PolicyControl overview
Commercial: In Confidence 26Confidential © AdaptiveMobile Security Ltd 2007
SMSSMS MMSMMS EmailEmail
Protecting against
Interconnect & on-net spam
Interconnect fraud
Harassment / bullying
Inappropriate content
Malware initiated SMS
Offensive / illegal text
Phishing or inappropriate Wap push
Premium content subscription management
Protecting against
Spam
Inappropriate text / images
Virus replication
Malware initiated downloads
Inappropriate web links / phishing
Harassment / bullying
Privacy infringement
Protecting against
Spam
Mobile viruses
Anti phishing
Blacklisting of operator’s own email service
Message Filtering
Commercial: In Confidence 27Confidential © AdaptiveMobile Security Ltd 2007
Message
Filter
Message Filtering
Subscriber Profile Retrieved
Subscriber Policy Retrieved
Blocked
Delivered
Customer Information Database
SPR
Message Sent
ModifyNotify
Commercial: In Confidence 28Confidential © AdaptiveMobile Security Ltd 2007
PolicyFilter (MMS, SMS, Email)
Applies individual message filtering decision in real-time• Supporting millions of individual policies• Engineered to scale to all subscribers in the network• 50ms average processing time for each message
Covers all bearers consistently based on individual user profile• SMS, MMS, Email
Supports multiple 3rd party technologies for • Anti-Virus/Anti-Spam; McAfee, Symantec, TrendMicro• Image Analysis
Provides configurable notification services to subscribers and administrators
Providers early warning of ‘suspect’ traffic patterns in the network
Commercial: In Confidence 29Confidential © AdaptiveMobile Security Ltd 2007
PolicyFilter (SMS, MMS, Email)
Global Traffic
Controls
Trafficanalysis
Anti Virus Anti Spam Personal BlacklistWhitelist
ContentFiltering
On-netMM1
SS7 (Activity detection + blocking)
InterconnectMM3 / MM4
SMTP
SS7 (Activity detection + blocking)
VASPMM7
SMPP Not Applicable
CIMD2 Not Applicable
Interconnect frauds
Commercial: In Confidence 30Confidential © AdaptiveMobile Security Ltd 2007
PolicyFilter (MMS)
Personal whitelist /blacklist
Text analysis
Manual Review
Image Analysis
Signature comparison
MMS Filter Result
Virus scanning
Deliver
Modify
Notify
Reject
Individual Profile
Parental Control
Corporate Control
Operator / MVNO
Policies
Disinfect
Commercial: In Confidence 31Confidential © AdaptiveMobile Security Ltd 2007
PolicyFilter (SMS)
Protocol consistency
& SMSC blacklist
Spam signatures Manual
Review
Content Category
Text & URL analysis
SMS Filter Result
Personal blacklist / whitelist
Deliver
Modify
Notify
Reject
Individual Profile
Parental Control
Corporate Control
Operator / MVNO
Policies
Disinfect
Commercial: In Confidence 32Confidential © AdaptiveMobile Security Ltd 2007
Inbound fraud detectionDynamic blocking of blacklisted or spoofed “SMSC” addresses Content filtering based on target subscribers profile/preferencesDynamic filtering of SPAM or phishing SMSDynamic filtering of IMSI trawling
SMS: Interconnect Filtering
Home core network
3rd Party, internationalSMSCs
International SS7 Network
GWMSC
Subscriber
UnfilteredInbound SMS Interconnect
Interception Point
PCFFiltering
The SMS is processed and either:
- delivered unchanged
- modified and delivered
- blocked
Commercial: In Confidence 33Confidential © AdaptiveMobile Security Ltd 2007
SMS: Interconnect Filtering
Home core network
3rd Party, internationalSMSCs
International SS7 Network
GWMSC
Subscriber
Filtered Outbound SMS
PCFFiltering
Unfiltered Outbound SMS
Outbound fraud detection and filtering(Open SMSC)
The SMS is processed and either:
- delivered unchanged
- modified and delivered
- blocked
Commercial: In Confidence 34Confidential © AdaptiveMobile Security Ltd 2007
SMS: Content Provider Filtering
Age-related control over use of premium-rate services
Enforcement of user “STOP” command on per-user/per-service basis
Audit of content / short code contracts
Management of user preferences
Mobile terminated (MT) messages from content providers over SMPP/ / CIMD
Commercial: In Confidence 35Confidential © AdaptiveMobile Security Ltd 2007
SMS: Content Provider Filtering
Value Added Service Providers
Home networkSMSC
Subscriber
Home CoreNetwork
MDCEFiltering
STP
MSC
SMPP/IPProxy (1) Access OK
(2) Access Restricted -Advice SMS sent to
Subscriber
Age-related control over use of subscription to premium-rate services
Corporate control of subscription to premium-rate services.
Age-related control over use of subscription to premium-rate services
Corporate control of subscription to premium-rate services.
Mobile originated (MO) messages from content providers over SMPP/ / CIMD
Commercial: In Confidence 36Confidential © AdaptiveMobile Security Ltd 2007
SMS: Peer to Peer (MO->MT)
Home networkSMSC
MO Subscriber
Home CoreNetwork
PCFFiltering
MSC
STP
MT Subscriber
MSC
Implementation of personal White/Blacklists
Closed user group filtering for corporate, VIPs or parental control
Commercial: In Confidence 37Confidential © AdaptiveMobile Security Ltd 2007
Email: Outbound SMTP filtering
IP Address pools are being blocked by ISP
Mobile subscribers using datacards are connecting to external mail services like hotmail
If they are infected with Virus or are seen as a source of SPAM the IP address they are using is blacklisted
These IP addresses are pooled for all subscribers in your network – Corporate customers can be denied service
Commercial: In Confidence 38Confidential © AdaptiveMobile Security Ltd 2007
Email: Outbound SMTP filtering
Intercept and re-direct SMTP traffic to an inspection platform:
• Anti-Virus Check• Anti-Spam Check
Remove or filter virus attachments and SPAM messaging.
Collect information on users that are sources of VIRUS and SPAM and direct marketing information to them• Resell PC Anti-virus• Deny service malicious users
Commercial: In Confidence 39Confidential © AdaptiveMobile Security Ltd 2007
Contents
Introduction1
3 Mobile Web Filtering
4 Message Filtering (MMS, SMS, Email)
5 Value added services
2 PolicyControl overview
Commercial: In Confidence 40Confidential © AdaptiveMobile Security Ltd 2007
Driving new revenues
Handset virus Disinfection
MMS
Web
SMS to MMS
Network Protection
SubscriberProfiling
Cost Protection
Churn Protection
Advert insertion
MMS to Email
Revenue Growth
New revenue from existing customers New revenue sources
Profiling
Portal Optimisation
SMS
• Infected handsets• Rogue applications• Spam bots• DoS
Content manipulation
• Content preferences• Mobile content purchases• P2P network analysis
Parental Controls / Enterprise Controls
• MMS Interception• SMS Interception• Web redirection• Email Interception
Commercial: In Confidence 41Confidential © AdaptiveMobile Security Ltd 2007
Parental Controls
Commercial: In Confidence 42Confidential © AdaptiveMobile Security Ltd 2007
(3) The subscriber can then use the link in the notification to download a specific cleanser for their phone.
Virus Disinfection
(2) Policy Filter detects infection and generates a virus notification (SMS or MMS) to the infected device, pointing them at the correct client or disinfect
(1) Subscriber sends Virus or Spam message from device or laptop
Virus Recovery Engine
Virus Recovery Engine
Commercial: In Confidence 43Confidential © AdaptiveMobile Security Ltd 2007
MMS to Email (Personal whitelisting)
(1) Subscriber sends MMS to Email address(2) PolicyFilter (MMS) adds email
address to the sender’s personal whitelist and delivers via MMSC
Email Delivered over MM3
Email Reply sent
(3) PolicyFilter (MMS) confirms email sender is on subscriber’s personal whitelist and delivers email as MMS
Commercial: In Confidence 44Confidential © AdaptiveMobile Security Ltd 2007
Subscriber Profiling
Subscriber-centric filtering generates insight into subscriber preferences
- What they do off-net- What they buy through m-payments and SMS- Who they communicate with- Who they influence
- Building up views of users preferences for types of media and content, - their propensity to browse to drive data usage- their propensity to purchase to drive content revenues
- Together, increasing the value of mobile as an advertising medium
Commercial: In Confidence 45Confidential © AdaptiveMobile Security Ltd 2007
Subscriber Profiling
Subscriber Profiling used to identify groups of users who are going off-net for content:
-Allows for promotion of on-portal services to target subscribers
- Identifies new revenue-generating content and applications
- Allows integration to portal content management to provide personalisation of deck
Subscriber Profiling used to identify groups of users who are going off-net for content:
-Allows for promotion of on-portal services to target subscribers
- Identifies new revenue-generating content and applications
- Allows integration to portal content management to provide personalisation of deck
Portal Optimisation
Portal Optimisation
Provide content partners with information on individual subscribers
- Age group- Content preferences by subject - Propensity to purchase by content type
While retaining the privacy of the individual subscriber
Provide content partners with information on individual subscribers
- Age group- Content preferences by subject- Propensity to purchase by content type
While retaining the privacy of the individual subscriber
SubscriberTagging
SubscriberTagging
Commercial: In Confidence 46Confidential © AdaptiveMobile Security Ltd 2007
SMS to MMS with Advert Insertion
Commercial: In Confidence 47Confidential © AdaptiveMobile Security Ltd 2007
Mobile advertising
RelevanceRelevance
Web MMS SMS
PolicyFilter (Mobile Advertising)
-Identifies which messages are applicable for advertising based on user policy
- Can analyse content to determine what adverts are most applicable
- Can insert advert from 3rd party campaign manager
PolicyFilter (Mobile Advertising)
-Identifies which messages are applicable for advertising based on user policy
- Can analyse content to determine what adverts are most applicable
- Can insert advert from 3rd party campaign manager
DeliveryDelivery
Subscriber Policy Register (Mobile Advertising)
- What adverts are appropriate for each user (permissions)
- What content categories each user is interested in (preferences)
- What types of advertising each user will accept and for which communications
Subscriber Policy Register (Mobile Advertising)
- What adverts are appropriate for each user (permissions)
- What content categories each user is interested in (preferences)
- What types of advertising each user will accept and for which communications
••InIn--MessageMessage ••Pre / Post TextPre / Post Text••Post MessagePost Message
••InterstitialInterstitialpagespages
Commercial: In Confidence 48Confidential © AdaptiveMobile Security Ltd 2007
Telecom Grade Architecture
Our solution has been designed specifically for telecom service providers environment• Telecom environment certified system platforms• Highly available configurations• Open system interfaces for integration
– Reference databases– Customer self-care portals– Network adapters for integration with existing infrastructure
• A number of reference platforms to meet specific IT infrastructure policies
Commercial: In Confidence 49Confidential © AdaptiveMobile Security Ltd 2007
AdaptiveMobile advantages
Proven scalability Across millions of subscribers;
Lowest total cost of ownership Through unified solution for content filtering, subscriber protection and anti virus.
Consistent content and subscriber based filtering Across all traffic bearers (SMS, MMS, IMS, Web/Wap)
Flexible service creation For consumer segments and individual corporates
Rapid extensibility of subscriber-protection Through integration with major telecom equipment vendors and security vendors
Commercial: In Confidence 50Confidential © AdaptiveMobile Security Ltd 2007