Check Point Mobile Threat Prevention

©2015 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd.

CHECK POINT

MOBILE THREAT

PREVENTION

Peter Kovalcik| Security Engineer

©2015 Check Point Software Technologies Ltd. 2

Taking Mobile Security Beyond Mobile Threat Prevention

Mobile Threat Prevention

Threat Prevention for

mobile devices

Capsule Cloud

Protect laptops

when off the

business network

Capsule Workspace & Docs

Protect business data

on mobile devices

Target solutions for mobile use-cases


MOBILE THREATS are ESCALATING in frequency and sophistication

1Source: Kindsight Security Labs Malware Report 2014

2Source: Kaspersky IT Threat Evolution Q1 2015 Report

3Source: Check Point Targeted Attacks on Enterprise Mobile

In the Enterprise: 50% chance you having 6 or

more mobile targeted attacks3

Sophistication of mobile threats on the rise:

Ransomware, Masque Attack, Wirelurker,

Heartbleed, mRAT and more

3.3x new malicious mobile programs were

detected in Q1 2015 than it did over the previous

quarter.

15 million mobile devices infected with Malware1


MOBILE THREATS are ESCALATING in frequency and sophistication

Certifi-gate: Multiple vulnerabilities in pre-

loaded 3rd party mRST’s

Stagefright:

Android (Pre 4.1) vulnerability that can be

exploited via MMS messages

Masque Attacks on IOS: Hacking team uses 11

popular apps such as Facebook, Twitter, Skype,

and WhatsApp as trojans to leak info

What’s next?


WHAT IS

STAGEFRIGHT?


HOW DEUTSCHE TELEKOM REACTED


WHAT IS

CERTIFIGATE?


A malicious app can fool plugin authentication, allowing attackers to replicate device screens and to simulate user clicks, giving them full device control.

HOW IS IT

EXPOSED?


WHO’S AT

RISK?

Pre-loaded plugins are

found on Android devices

manufactured by LG,

Samsung, HTC and ZTE.

Plugins can’t be stopped,

can’t be removed, and

can only be updated

when new system

software is pushed

to a device.


THE HIGHLIGHTS 100,000 Scan Downloads

30,000 Anonymous Scan Submissions

• An instance of Certifi-gate was found running in the wild in an app on Google Play (Google has now removed it)

• At least 3 devices sending anonymous scan results were actively being exploited

• 15% of devices anonymously reported having a vulnerable plugin installed

• Devices made by LG were the most vulnerable followed by Samsung and HTC

Certifi-Gate Scanner App Results


WHAT WE DON’T CONTROL?

How to protect against


Mix of personal and business data

Can’t control individuals’ behavior

No protection from zero day or advanced threats

MOBILE DEVICES Are difficult to control


Focused on device management

Provide only protection for known threats

or app reputation

Limited protection from secure wrappers

and containers

Today’s solutions leave

SECURITY GAPS


Static Policy

Enforcement

Data Leakage

Prevention

Unknown, Targeted &

0day Cyber Threats

Protection Against

Known Threats

Mobile Device

Management

Advanced Threat

Detection & Mitigation

Secure Containers and

Wrappers

Anti-Virus, Anti-Bot,

App Reputation

HOW TO PROTECT?


Innovation Drives Industry’s Highest Mobile Threat Catch Rate

Advanced App Analysis

Sandboxing

(Emulation)

Advanced Static

Code Analysis

Uncovers new

malware and

targeted exploits

Network

Wi-Fi

Man-in-the-Middle

(MitM) attacks

Host Threat Analysis

Malicious

Configurations

Exploits and file

system manipulation

Threat Framework

Multi-dimensional

Risk/Trust

assessments

Accurate risk

classifications

to effectively mitigate

risk


HOW IT WORKS CLOUD-BASED RISK ASSESSMENT, THREAT DETECTION

AND MITIGATION

Agent runs in the

background on

device, sending

risk data to Check

Point Mobile

Threat Prevention

MTP analyzes

device, apps

and networks

to detect attacks

3

MTP assigns a

real-time risk

score, identifying

the threat level.

4

• On Device Remediation Immediately Sent to User

• Risk-based Network Protection

Real-time

visibility; MDM,

SIEM & NAC

integration

2

… 1


USER EXPERIENCE

Preserves user device experience, battery life, privacy

Easily push lightweight agent to users through your MDM

Amnon: Graphics is not consistent

TRANSPARENT


IDENTIFICATION


Addressing the Mobile Security Challenge

Capability MDM Secure

Container MAM App Rep Anti-Virus

Check

Point

MTP

Validate App

Certificates

Detect Jailbroken

Devices

Identify Suspicious

App Behavior

Correlate Device, App,

& Network Activity

Capabilities Needed to Protect Mobile

Devices from Advanced Threats


Key Feature Comparison

Net

wo

rk

Ven

do

rs

Ch

eck

Po

int

Fir

eEye

Lo

oko

ut

Zim

per

ium

Sky

cure

Pal

o A

lto

Net

wo

rks

Detect unknown

malicious apps

1 2

Detect changes to OS &

device exploits

3

3

4 4

Detect connections to

malicious networks

(MiTM)

Full device Risk

Assessment (Correlate

Device, App and Network

Activity)

5

5

6

7

Adaptive Mitigation &

remediation

8 8 8

Cloud Based Mobile

Threat Presentation

9

Secure Container for

mobile devices

10

10

10

10

10

Summary

A complete Mobile

Threat Prevention

Solution

1) Behavioral Analysis

only

2) Android apps only

3) root/jailbroken device

4) Device monitoring

How to Compete Against...

FireEye • Focus only on Applications – The solution cannot prevent other attack vectors

such as network and mobile OS exploits , leaving the device exposed to

vulnerabilities

• No proactive protection – The solution requires 3rd party solution (MDM) in order

to mitigate threats on already infected devices at an extra cost

Lookout • Focus only on Applications – The Solution cannot prevent other attack vectors

such as network and mobile OS exploits, leaving the device exposed to

vulnerabilities



• Limited integration with enterprise MDM’s (only MobileIron & Airwatch)

Zimperium • Limited detection methods – the solution uses only behavioral analysis to detect

malicious activity on the device, leaving it exposed to more sophisticated attack

vectors



• Limited integration with enterprise MDM’s (only MobileIron & Airwatch)

Skycure • Partial Protection – the solution focus is on network exploits (MiTM) with weak

protection against other attack vectors such as malicious applications and OS

exploits which leaves the device exposed to vulnerabilities

Palo Alto

Networks

• On-premise solution only – All mobile traffic must be backhauled to on premise

PAN hardware (Management and Gateway at an extra cost) . Redirection of mobile

traffic can cause bandwidth and latency issues for mobile traffic

• Partial protection – Palo Alto Wildfire can analyze only android applications. It has

limited ability to protect against iOS based attacks and exploits

5) Only apps

6) Network &

apps

7) HIP only

8) Requires MDM

9) w/ On-premise

appliance

10) Via 3rd party MDM

Competition– Check Point Mobile Threat Prevention

Check Point Mobile Threat Prevention

Technology

Transcript of Check Point Mobile Threat Prevention