Post on 08-May-2015
description
Webinar: A Three-Pronged Approach to Mobile Security
• View Webinar Archive: http://go.mojave.net/webinar-3pronged-mobile-security
• Learn more about Mojave Networks: http://www.mojave.net
Information
Primer on Mobile Security
Tyler Shields, Forrester Research
3
Making Leaders Successful Every Day
Mobile Security TrendsSecurity Requires More Than Just MDM!
Tyler ShieldsSenior Analyst, Mobile and Application SecurityJune XX, 2014
© 2014 Forrester Research, Inc. Reproduction Prohibited 6
What do your USERS want!
Anywhere Access No Roadblocks Any Device All Data
© 2014 Forrester Research, Inc. Reproduction Prohibited 7
What will they DO to get it!
16%
22%
35%
42%
SHADOW IT BYOD
© 2014 Forrester Research, Inc. Reproduction Prohibited 8
• What mobile device management options are there? Vendor selection?
• How do I get off of Blackberry? Should I get off of Blackberry?
• We don’t think MDM is quite enough. Which technologies do I need to secure my environment?
• How do I apply application security and management to my mobile strategy?
• What should I do to secure the content that is on my mobile devices?
What is the ENTERPRISE asking?
© 2014 Forrester Research, Inc. Reproduction Prohibited 9
What SHOULD the ENTERPRISE be asking?
• What level of security do I need to offset my mobile risk?
• What combination of technologies can help me meet my business goals?
• Where is the real risk in mobile?
• How can I securely enable my users to get their jobs DONE!
© 2014 Forrester Research, Inc. Reproduction Prohibited 10 10
Support a wider variety of mobile devices and platforms (e.g., tablets, iOS, Android)
Improve or modernize our mobile app(s) to deliver more information or transaction support
Update our security technologies and processes to better support mobile interactions
Re-architect traditional or back-end apps to make it easier to interface with and support mobile front-end apps
Re-architect our middleware to better support mobile front-end applications
Expand machine-to-machine (M2M) or 'Internet of things' initiatives
Create a set of standard APIs or services that allow mobile app developers to more eas-ily access functions from transactional business applications
Expand or enhance data center infrastructure to handle increasing volume of customers' mobile interactions
22%
20%
14%
26%
26%
27%
26%
22%
48%
48%
46%
45%
45%
38%
42%
45%
24%
23%
36%
18%
19%
17%
16%
26%
Low priority High priority Critical priority
“How important is each of the following initiatives in your firm's mobility strategy for supporting your customers over the next 12
months?”
Base: 891 North American and European enterprise network and telecommunications decision-makers
Source: Forrsights Mobility Survey, Q2 2013
82%
© 2014 Forrester Research, Inc. Reproduction Prohibited 11
The number of different platforms/operating systems
Rate of releases of the different operating systems/platforms
Providing device security
Securing the apps and data
Complying with regulatory requirements
Managing devices that are used for both personal and corporate apps
44%
29%
59%
64%
33%
45%
“What challenges, if any, does your firm face when managing smartphone/tablet applications and devices?”
Source: Forrsights Mobility Survey, Q2 2013
Base: 891 North American and European enterprise network and telecommunications decision-makers
© 2014 Forrester Research, Inc. Reproduction Prohibited 12
Are You Overwhelmed Yet?!
• Mobile Device Management• Enterprise Mobile Management• Mobile Application Management• Mobile Security Platform• Application Wrapping SDK• Mobile Static Analysis
Competing Visions and Solutions
• Application Wrapping• Secure Network Gateways• Machine Learning• Mobile Behavioral Analysis• RBMM
Emerging Technologies
© 2014 Forrester Research, Inc. Reproduction Prohibited 13
Mobile Device
Management
Containerization
Virtualization
Application Hardening
Application Wrapping
Anti-Malware
App Reputation
Mobile Authentication
Device Reputation
Mobile DLP
Mobile Endpoint Security
Static Code Analysis
Secure Mobile Content Sharing
Secure Mobile Network
Gateways
1. Application hardening2. Application wrapping
3. Containerization4. Mobile anti-malware
5. Mobile application reputation services
6. Mobile authentication solutions7. Mobile device management
8. Mobile device reputation services9. Mobile DLP
10. Mobile end point security11. Mobile static code analysis
12. Mobile virtualization13. Secure mobile content sharing
14. Secure mobile network gateways
Mobile Security
Technologies
© 2014 Forrester Research, Inc. Reproduction Prohibited 14
Technologies By Layer
The Mobile Security Stack
The Future State of Mobile!
© 2014 Forrester Research, Inc. Reproduction Prohibited 16
Impact of User / Admin Experience on Technology Success
Minimal B-Value Add Moderate B-Value Add Significant B-Value Add
Anti-malware Mobile Device Reputation Mobile Content Sharing
Virtualization Mobile DLP Mobile Device Management
App Hardening Mobile Application Reputation
Secure Mobile Network Gateway
Application Wrapping
Mobile Authentication
Mobile Static Code Analysis
Containerization
Good Experience Moderate Experience Bad Experience Unknown
© 2014 Forrester Research, Inc. Reproduction Prohibited 17
Impact of User / Admin Experience on Technology Success
Minimal B-Value Add Moderate B-Value Add Significant B-Value Add
Anti-malware Mobile Device Reputation Mobile Content Sharing
Virtualization Mobile DLP Mobile Device Management
App Hardening Mobile Application ReputationSecure Mobile Network Gateway
Containerization Mobile Authentication Application Wrapping
Mobile Static Code Analysis
Good Experience Moderate Experience Bad Experience Unknown
© 2014 Forrester Research, Inc. Reproduction Prohibited 18
Device Management
2012
2012 and BEFORE
Mobile Device ManagementMobile device management (MDM) solutions use platform API hooks to
imposecontrol onto smartphones and tablets.
This technology allows support for multiple
platforms and form factors, extends management and security policies to
bothcorporate-liable and employee-owned devices, and automates service desk
support.
© 2014 Forrester Research, Inc. Reproduction Prohibited 19
Secure Network Gateway
2013
Device Management
2012
2013
Application Wrapping
2013
Secure Mobile Content Sharing
2013Isolated Technologies
Application wrapping and secure network gateway technologies gain
traction. Secure mobile content sharing becomes an easy plug and
play for vendor offerings. Price drops rapidly as base MDM becomes
commoditized.
© 2014 Forrester Research, Inc. Reproduction Prohibited 20
Secure Network Gateway
2013
Device Management
2012
2014
Application Wrapping
2013
Secure Mobile Content Sharing
2013
Enterprise Mobile Management
2014
*
Enterprise Mobile ManagementA new offering is born. EMM is the
new buzz. Isolated technologies sold in a single platform offering.. The
same players with a slightly different game.
© 2014 Forrester Research, Inc. Reproduction Prohibited 21
Secure Network Gateway
2013
Device Management
2012
2015 and BEYOND
Application Wrapping
2013
Secure Mobile Content Sharing
2013
Enterprise Mobile Management
2014
*Mobile Authentication
Risk Based Security
Risk Based Mobile Management
Risk Based Mobile ManagementUnderstanding WHO is at the device
and real risk values are as important as security of the device is itself.
2015 adds mobile authentication to the offering mix. Quantification of risk is the future trend. Applying math to risk and using calculated risk values
to enforce security controls. The future is in RBMM.
© 2014 Forrester Research, Inc. Reproduction Prohibited 22
The Next Wave of Awesome – Techs That Quantify Risk
Up and Coming Technologies
VS VS VS
Mobile Application
Reputation
Mobile Device
Reputation
Mobile Authentication
Risk Based Mobile
Management & Security
© 2014 Forrester Research, Inc. Reproduction Prohibited 23
What It Means - Enterprises
$
Find roadmaps that go beyond point solutions
Risk tolerance versus user experience
Expect significant consolidation
Defense in Depth
Maximize security while minimizing
UX impact
Demand innovation!
© 2014 Forrester Research, Inc. Reproduction Prohibited 24
Nobody Ever Got Fired For Buying…
Technology Leading Products
A Strong Product RoadmapDefense in Depth
MobileIron
A Product That Matches Your Needs
VMWare / Airwatch
Citrix
Fiberlink/IBM
Good
Stable Technology
Webinar: A Three-Pronged Approach
to Mobile Security
• Mobile Risks
• Pillars of Mobile Security• Device• Apps• Network• Analytics
• Background
• Ask our Experts: Q&A
Agenda
26
27
Understanding Mobile Risk
Why is Knowing Your Mobile Risk Important?
28
• Protecting company data
• Safeguarding other enterprise infrastructure
• Identifying compliance issues
• Creating better policies with better visibility
Quantifying Mobile Risk
29
• Employee Data Access
• Installed Apps
• User / Device Behavior
• Non-mobile Events
Understanding Mobile Risk is Imperative
Source: Verizon 2014 Data Breach Investigations Report
Number of breaches per category
31
Pillars of Mobile Security
Mobile Security
Network AnalyticsApplicationsDevice
Four Pillars of Mobile Security to Reduce Risk
• MDM
• Password policies
• Containers
Typical Device Level Security
33
Typical Application Level Security
34
• App catalog
• White / Black List
• App wrapping
Typical Network Level Security
PC’s Traditionally Protected
Mobile is Completely Unprotected
Typical Mobile Analytics Available to other Platforms
37
How Does Mojave Manage the Pillars?
HealthEvaluate apps, processes, diagnostics, and behavior to assess risk
Native ExperienceNo wrapping or containers to interfere with the native experience
PrivacyWipe corporate information and set granular employee privacy policies
PoliciesSet configurations, deliver
policies, and manage apps
Device – Security without the Hassle
38
39
Monitoring Device Health
• Over 50 data points collected daily
• Monitor for critical changes in device health
• Feeds of data for other security tools to analyze
Results1. More visibility
2. Better DLP
3. Block threats
Analysis1. Static & dynamic
2. Enterprise risk
3. Protocol identification
App Reputation
Collection1. Thousands of apps/day
2. App stores, 3rd parties, and devices
40
Gain Visibility into App Risk
41
App Data
All Data
Globally Distributed Network Optimized for Mobile
42
Gain Visibility into Data Flow
43
Network threats blocked per device
10 per month120 per year
44** Based on Mojave Networks aggregate customer usage data
• Tie mobile events to broader user profile
• Leverage existing security tools
• See activity that has never been available
Real-time Event API Completes the Loop
45
Mon
itor A
nalyze
Policy
Mojave Connect Real-time API
Common Syslog formats
Better Correlate Mobile Events with Other Enterprise Data
Real-time API’s = Faster Risk Assessment
46
Visibility Security
Effortless & Seamless
Mojave Networks Delivers
47
Control
• MDM solutions only protect from a small subset of mobile risks
• 4 pillars necessary to provide true mobile security
• Mobile risk should be combined with other threat intelligence
Summary
48
49
About Mojave Networks
Mojave Networks Background
• Founded in 2011 and based in Silicon Valley
• Lead investment from Bessemer Venture Partners & Sequoia Capital
• Veteran team from Symantec, McAfee, Lookout, Palo Alto Networks, Cenzic
• Deep security DNA with patent pending technology
• Customers in Healthcare, Finance, Transportation, Government and more
50
51
Questions & Answers