Making Enterprise Ready - VOXvox.veritas.com/legacyfs/online/veritasdata/2pm_1528_Making Andr… ·...

Making Android Enterprise Ready 1

Making Enterprise Ready

Sean Yarger Sr. Manager, Mobility and Identity

SYMANTEC VISION 2014

Enterprise Benefits of Android

Java-based, get up and running with ease

Open source, no license or royalties

Choice of distribution mechanisms

Inter-application and inter-process architectures for unified

applications (enhanced UX)

Low cost of entry

Embeds better

Others?

Making Android Enterprise Ready 2 @SeanYarger


Consumer


69.7% 20.9%

@SeanYarger


Enterprise


~77%

@SeanYarger

SYMANTEC VISION 2014 Making Android Enterprise Ready 5

Security Concerns: Fragmentation

@SeanYarger


OS Fragmentation Version Codename Distribution

2.2 Froyo 1.10%

2.3.3 - Gingerbread 17.80% 2.3.7

3.2 Honeycomb 0.10%

4.0.3 - Ice Cream Sandwich 14.30% 4.0.4

4.1.x Jelly Bean 34.40%

4.2.x 18.10%

4.3 8.90%

4.4 KitKat 5.30%


Version Codename Distribution

2.2 Froyo 1.10%

2.3.3 - Gingerbread 17.80% 2.3.7

3.2 Honeycomb 0.10%

4.0.3 - Ice Cream Sandwich 14.30% 4.0.4

4.1.x Jelly Bean 34.40%

4.2.x 18.10%

4.3 8.90%

4.4 KitKat 5.30%


Device Fragmentation Source: OpenSignal



Device Fragmentation Source: OpenSignal


599 11,800+ Android

Manufacturers

Distinct Android

Devices


Android Screen Real Estate Source: OpenSignal



iOS Screen Real Estate Source: OpenSignal



Fragmentation

Manufacturers fall behind Google’s reference release due to their own changes

Carriers can take months or even years to update the OS on their offered devices

Vulnerabilities get left unpatched on older versions

To COPE or not to COPE?



Security Concerns: Marketplaces

@SeanYarger


Android



Apple



Marketplaces

Android is a truly open OS

Curation is based mainly on categorization

Security is loose or non-existent

Google Play is the king of malware

Users don’t pay attention to app permissions

Vulnerabilities can cause actual performance issues and data loss -- not just minor inconveniences



Security Concerns: Malware

@SeanYarger

Mobile Threats

Android remains the platform of choice for malware authors

18

Android

Symbian

Windows

Number of Threats

57

1

1

Percent of Threats

97%

2%

2%

0 0%

Platform

iOS

Mobile Threats: Malicious Code by Platform, 2013 Source: Symantec

Mobile Malware

Creation of new mobile

malware slowed as

malware authors focused

on improving existing

malware

Average number of

variants per family in

2012 was 1:38

Increased to 1:57 in 2013

19

Average Number of Variant Per Family

Average Number of Variant Per Family

1:38 1:57 2012 2013

Mobile Users at Risk

20

50%

38%

Source: 2013 Norton Report

Don’t use basic precautions such as passwords, security software or back up files for their mobile device

Of smartphone users have experienced mobile cybercrime in past 12 months

72% 90%

78%

56% 48% 33%

DELETE SUSPICIOUS EMAILS FROM PEOPLE

THEY DON’T KNOW

HAVE AT LEAST A BASIC FREE ANTIVIRUS

SOLUTION

AVOID STORING SENSITIVE FILES

ONLINE

Mobile Security IQ

21

Source: 2013 Norton Report

Mobile: A Dangerous Mix

1. Prevalence of mobile devices

2. Maturing of mobile malware

3. Mixing of work and personal information on devices

4. User’s lack of smart smartphone risk awareness

22

Mitigating Mobile Attacks

23

Application Management • Secure data in corporate applications regardless of device ownership

Device Management • Remotely wipe devices in case of theft or loss, control password policies

• Update devices with applications as needed without physical access

Device Security • Guard mobile device against malware

• Prevent the device from becoming a vulnerability

Identity & Access Control • Provide strong authentication and authorization for access to enterprise

applications and resources

• Ensure safe access to enterprise resources from right devices with right postures

Secure File Sharing • Enable encrypted file sharing to ensure security as users share information


Mitigation: Device Management

@SeanYarger

SYMANTEC VISION 2014 25

• Diminished user privacy

• Managing personal devices = more overhead

• Cannot take targeted remediation; whole device or nothing

• “All or nothing” policies (ex: block Airdrop & iCloud)

• User experience is impacted

MDM being used to solve broader mobile challenges can bring unplanned challenges

Why MDM [Alone] Doesn’t Solve the Problem

Making Android Enterprise Ready @SeanYarger


Mitigation: Identity & Access Control

@SeanYarger


Identity & Access Control

• Extend enterprise directories to Mobile (via SAML)

• Integrate CAs where applicable (devices, email, WiFi)

• Per-app VPNs

• 2FA


“We want to prove the user is who they say they are, and then give

them access to business resources.”

@SeanYarger


Mitigation: Device Security

@SeanYarger


Advice About Android Threats

• An automated system for generating intelligence about mobile applications

– Security

• Identifying malware and goodware (trusted apps)

– Greyware Risks / Potentially Unwanted Apps (PUAs)

• Identifying privacy risks and annoyances (e.g. aggressive advertisements) in apps

– Performance

• Identifying how apps impact battery life and use cellular data



Scale


3 million+ Android apps

10 thousand new apps processed every 24 hours

2 hundred thousand malicious apps identified

1.5 million apps identified with greyware/PUA risks

200+ app stores crawled continuously

@SeanYarger


Android Threats - Ratings

• Security Ratings

• Greyware Ratings (potentially unwanted app behaviors)

• Performance Ratings


Score >= 100 Known Good (Trusted App)

Score >= 75 High-Confidence Good (Trusted App)

Score >= 50 Medium-Confidence Good

Score >= 1 Low-Confidence Good

Score <= -1 Low-Confidence Bad

Score <= -25 Medium-Confidence Bad

Score <= -75 High-Confidence Bad

Score <=- 100 Known Bad

@SeanYarger


Sample Ratings (Example #1)


com.rovio.angrybirds v. 3.0.0 SHA256: 89EE8ADD0221029E609D…

Security Rating

Score +80 (Trusted App)

Application First Seen: 2009-03-05 Popularity: Millions of downloads

Signer (Publisher)

First Seen: 2009-03-05 Popularity: Millions of downloads

Greyware Risks

Exports IMEI to www.cooguo.com

Exports device info to www.cooguo.com

Exports settings info to data.flurry.com

Displays ads in the app (AdMob, Burstly, InMobi)

Collects location coordinates (InMobi)

Performance Rating

Foreground 50 (Moderate Usage)

Background 18 (Low Usage)

Cellular Bandwidth Usage

50 (Average)

@SeanYarger




com.tcn_app_newstype v1.1 SHA256: C2701E8F35F1F52801351…

Security Rating

Score +10 (Low-Confidence Good)

Application First Seen: 2011-05-04 Popularity: 100s of downloads

Signer (Publisher)

First Seen: 2011-05-04 Popularity: 100s of downloads

Greyware Risks

Exports call logs to 124.243.125.55

Exports contacts to 124.243.125.55

Exports location to 124.243.125.55

Can export phone number

Can export IMEI

Performance Rating

Foreground 20 (Low Usage)

Background 50 (Medium Usage)

Cellular Bandwidth Usage

70 (Higher than Average)

@SeanYarger




net.oking.newcommon v1.0 SHA256: 8476A358C3EB393E86AB…

Security Rating

Score -110 (High-Confidence Malware)

Application First Seen: 2010-03-15 Popularity: 50,000 – 250,000

Signer (Publisher)

First Seen: 2010-03-15 Popularity: 50,000 – 250,000

Attributes Uses an exploit Uses premium services

Greyware Risks

Sends SMS messages

Exports settings info to androids-market.ru

Exports SMS message history

Performance Rating

N/A

@SeanYarger


Mitigation: Application Management

@SeanYarger


Containerization and Wrapping


• Done in one of three ways:

1. Encrypted Sandbox

2. Hypervisor

3. Wrapping

• Isolates and encrypts

• Per app container

• Allows/disallows OS or app access in/out of the container

• Most require code edits

• Important!

– Solution re-signs app w/out code change

– No rooting or jailbreaking required

– Integrated access control

• Containerization • App Wrapping

@SeanYarger


Containerization and Wrapping


• Done in one of three ways:

1. Encrypted Sandbox

2. Hypervisor

3. Wrapping

– Authentication Required (SSO)

– Allow Local Storage

– Offline Access

– Run on rooted?

– Copy/paste

– Restrict network

• Containerization • App Wrapping

@SeanYarger


Android App Stores



Apple



Enterprise App Store



Mitigation: Secure File Sharing

@SeanYarger


Share Files Securely Anytime, Anywhere



Secure File Sharing (no really)


Encryption Management

Secure Authentication • SAML support provides

strong, certificate-based authentication

• Single Sign-On (SSO) avoids having separate login credentials

• Multiblind Key Encryption (MBKE) • Companies manage their own keys

@SeanYarger

SYMANTEC VISION 2014 Making Android Enterprise Ready 44 @SeanYarger

Application Management

Device Management

Device Security

Identity & Access Control

Secure File Sharing

Making Enterprise Ready - VOXvox.veritas.com/legacyfs/online/veritasdata/2pm_1528_Making Andr… ·...

Documents

Transcript of Making Enterprise Ready - VOXvox.veritas.com/legacyfs/online/veritasdata/2pm_1528_Making Andr… ·...