three secrets to becoming a mobile security superhero
TRANSCRIPT
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 1© 2016 Skycure Inc. 1 August 3, 2016
Three Secrets to Becoming a Mobile Security Superhero
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 2© 2016 Skycure Inc. 2
Quick Housekeeping
•There will be time for Q&A at the end•Ask questions using the GTW chat pane•The webinar is being recorded•All attendees will receive a copy of the slides/recording
Join the discussion #MobileThreatDefense
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 3© 2016 Skycure Inc. 3
Meet Your Speakers
John DicksonDirector of IT Infrastructure & Cybersecurity,Republic National Distributing Company
Brian KatzDirector of Mobile Strategy,VMware
Varun KohliVice President,Skycure
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 4© 2016 Skycure Inc. 4
Agenda
• Mobile Security Superhero- How to prove to your management that mobile threats are real- How to choose the right mobile security solution – SANS checklist- What to report to your CEO and board of directors
• Meet a real mobile security superhero: John Dickson from RNDC
• EMM Leader: Brian Katz from VMware AirWatch• How Skycure can help• Q & A
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 5© 2016 Skycure Inc. 5
Is Mobile Security Important?
Source: BYOD and Mobile Security – 2016 Spotlight Report
Q: What are your main security concerns related to BYOD?
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 6© 2016 Skycure Inc. 6
Are Mobile Attacks Real?
Source: BYOD and Mobile Security – 2016 Spotlight Report & Skycure Threat Intelligence Report
Q: Have any of your BYO or corporate-owned devices downloaded malware in the past?
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 7© 2016 Skycure Inc. 7
Are Mobile Attacks Real?Q: Have any of your BYO or corporate-owned devices connected to a malicious WiFi in the past?
Source: BYOD and Mobile Security – 2016 Spotlight Report
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 8© 2016 Skycure Inc. 8
Are Organizations Getting Impacted? Q: Have mobile devices been involved in security breaches in your organization in the past?
Source: BYOD and Mobile Security – 2016 Spotlight Report
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 9© 2016 Skycure Inc. 9
Are Organizations Getting Impacted? What is the real impact?
Source: Department of Health and Human Services
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 10© 2016 Skycure Inc. 10
What Are Leading Analysts Saying?
Phys
ical
Netw
ork
Vuln
erab
ilitie
s
Mal
ware
“Concerns related to advanced threats cannot be countered with traditional mobile security tools [such as EMM], as well as protection from wireless vulnerabilities and untrusted public networks, are the main drivers for adoption of these technologies.”
“Work environment is shifting away from employees using computers on premise towards causing smartphones and tablets off a corporate network. This will drive a growing priority around securing mobile devices.”
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 11© 2016 Skycure Inc. 11
Selection CriteriaMobile Threat Defense/Protection/Prevention
Requirement PriorityDeployment Process
Support app download from public stores HighOverall ease of deployment High
End User Experience
Low impact on device battery usage HighLow data usage MediumApp maintains end user’s privacy HighClear display of detected threats and mitigation options
High
Provide automatic mitigation options for most threats
High
Management & Administration
Provide visibility on detected threats and vulnerabilities
High
Provide an overall risk estimate per device HighProvide forensic capabilities on identified threats
Medium
Provide the option to define an organization-level compliance policy
High
Reporting High
OtherEMM integration HighSIEM integration HighProvide a third-party API Low
Requirement Priority
Threat Detection
Network ThreatsSecure communication downgrading (SSL stripping) attack detection
High
Secure traffic decryption (SSL decryption) attack detection
High
Content manipulation attack detection MediumRogue networks detection HighAbility to perform automatic mitigation on detected network threats
High
MalwareDetection of malicious apps based on different app properties
High
Detection of repackaged/fake apps HighDetection of malicious apps based on signatures/known exploits
Medium
Ability to block malicious app installation HighDetection of iOS malware HighDetection of malicious profiles on iOS devices HighDevice VulnerabilitiesAbility to identify jailbroken or rooted devices MediumAbility to identify device OS vulnerabilities HighAbility to prompt end users to upgrade their device OS version
Medium
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 12© 2016 Skycure Inc. 12
7 Things to Report to Your CEO and Board1. Details about the high profile public breach from last week/month2. Reason why the same thing cannot happen to your company3. What the current mobile risk score is and how you compare to
your peers4. Number of mobile incidents prevented in the last month5. Which people/devices/department were attacked the most6. Which dataset was targeted the most7. The overall ROI of your investment
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 13© 2016 Skycure Inc. 13© 2015 Skycure Inc.
The RNDC Story
WHO WE ARE
14
15
RNDC AT-A-GLANCE
16
RNDC SECURITY TECHNOLOGIES
Mobile DevicesSFA/BYOD
AirWatch MDM*
AntiMalwareAntiHackingPatch Mgmt(Skycure)
17
RNDC’S MOBILE THREAT DEFENSE JOURNEY
Mobile is where PC was 20 years agoMobile is actually MORE VALUABLE and MORE VULNERABLE than other corporate devices
You don’t just need to manage these devices, you need to SECURE THEM too
THERE WAS SKEPTICISM EARLIER…
18
MANAGEMENT BUY-IN WAS EASY
1 2• Leveraged SKYCURE’S
iOS MALICIOUS PROFILE EXPLOIT
• Took over CFO’s iPhone in less than a minute
• Easiest sell ever
• Skycure gave 250 FREE SEATS as part of the trial
• 30% DEVICES had known vulnerabilities
• 10 DEVICES had keystroke loggers
19
MY SELECTION CRITERIA
USER IT
• USER EXPERIENCE
• PRIVACY• BATTERY LIFE
• CLOUD was a must• Integrated like glue with
AIRWATCH• Protection against
MALICIOUS APPS, NETWORKS AND DRIVE-BY WEBSITES
WHO ELSE DID WE
LOOK AT?
ZIMPERIUM AND
LOOKOUT
Zimperium had a complicated UX and required scripting
Lookout did not do anything for network awareness and protection
20
WHAT DO I REPORT ON?
• MULTIPLE DEVICES had malicious activity• SKYCURE HELPED WITH IMMEDIATE REMEDIATION• GETTING MORE MOBILE RELATED QUESTIONS – There is more
awareness• Helps to drive more applications into the AirWatch App Store rather than fighting the
pushback• This gives us a touch into the salesforce automation program.
THIS WAS MISSING EARLIER.• “THANK YOU’S” from all associate levels, especially for securing BYO
devices and personal data in addition to business data21
OVERALL IMPACT OF SKYCURE
5,000+Users
8,000Devices
~10,000Networks Scanned
850,000Apps Analyzed
4,000,000Tests Performed
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 22© 2016 Skycure Inc. 22© 2015 Skycure Inc.
AirWatch Overview
Manage All Endpoints in a Single Solution
23
Any Endpoint Any Use Case
Knowledge worker
Corporate | BYO
Task workerLine of Business
No userKiosk | IOT
Modern Management Framework
Out of box configuration
Policies and security settings
Over-the-air management and
updates
Asset tracking
Full lifecycle management
Protect Company Apps and Data Through Multi-layered Security
24
Intelligent Access Controls | Automated Compliance
Secure the Endpoint
Trust the User
Containerize the App
Safeguard the Data
Protect the Network
25
Skycure + AirWatch allows you to predict, detect and proactively mitigate mobile threatsSkycure and AirWatch Integration
Malware
Vulnerabil-ity
Network
Mobile Threats
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 26© 2016 Skycure Inc. 26© 2015 Skycure Inc.
Skycure Overview
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 27
Skycure – High Level OverviewLeading Product & ResearchCustomers
Venture BackedStrategic Partners
CONSUMER GOODS
FINANCIAL SERVICESMANUFACTURING TRANSPORTATIO
N
FORTUNE 50 PHARMACEUTICAL
COMPANY
250+TV channelsFORTUNE 100
HEALTHCARE COMPANY
FORTUNE 500 FINANCIAL SERVICES
COMPANIES
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 28© 2016 Skycure Inc. 28
Skycure Solution Overview
Phys
ical
Netw
ork
Vuln
erab
ilitie
s
Mal
ware
• 24x7 detection and protection
• Network, device and app analysis
• Multi platform
Seamlessexperience
Privacy Minimalfootprint
End-User App
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 29© 2016 Skycure Inc. 29
Phys
ical
Netw
ork
Vuln
erab
ilitie
s
Mal
ware
• Policy enforcement• Risk-based
management• Enterprise
integrations
Security Visibility IT Satisfaction
Management• 24x7 detection and
protection• Network, device and
app analysis• Multi platform
End-User App
Seamlessexperience
Privacy Minimalfootprint
Skycure Solution Overview
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 30© 2016 Skycure Inc. 30
Phys
ical
Netw
ork
Vuln
erab
ilitie
s
Mal
ware
• Policy enforcement• Risk-based
management• Enterprise
integrations
Security Visibility IT Satisfaction
Management• 24x7 detection and
protection• Network, device and
app analysis• Multi platform
Seamlessexperience
Privacy Minimalfootprint
End-User App
Skycure Solution OverviewMobile Threat Intelligence Platform
1 Million+ Global Threats Identifiedhttps://maps.skycure.com
Real-Time ThreatIntelligence
CrowdWisdom
Millions ofmonthly tests -
apps & networks
SkycureResearch
No iOS Zone, Malicious Profiles, WiFiGate,
LinkedOut
ThreatAggregator
Dozens of threat feeds from 3rd parties
LegitimateServices
Attackers & Threats
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 31© 2016 Skycure Inc. 31
Is your organization vulnerable?
50 Free Skycure Licenses• Step 1 – Download Skycure Public App (Recommendation: 5-20
devices) • Step 2 – Review Skycure Assessment Report in 4 weeksWhat do we usually find?
NUMBER OF DEVICES WITH MALICIOUS APPS INSTALLED
PERCENTAGE OF DEVICES EXPOSED TO NETWORK
THREATS
PERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-
SEVERITY VULNERABILITIES
EVERY ORG
with 200+ devices had
iOS malware
81.57%
7.22%
1-800-650-4821 [email protected]