Device-centric security strategies for the modern …...Wandera Mobile Security Suite SE CURE A CCE...

STI JN PAUMENVP SALES & BD, WANDERA

Device-centric security strategies for the modern workplace

The mobile-enabled enterprise has arrived

57%of corporate Internet use is mobile today

▪ More apps▪ Greater cloud access ▪ Faster connectivity

Source: StatCounter

0%

20%

40%

60%

80%

100%

2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

Desktop Mobile & Tablet

What is device-centric security?

Access to corporate resources depends on the device and user credentials, regardless of

the employee’s network location. That means employee access is treated the same whether

the user is at a corporate office, at home or in a coffee shop.

BeyondCorp: Design to Deployment at Google

https://storage.googleapis.com/pub-tools-public-publication-data/pdf/44860.pdf

Management

Agents

Certificate

Authorities

Asset

Inventories

Exceptions

Others Access Policy

Access Control

Engine

Device Inventory

Service

Trust Inferer

Web Proxy

Interactive

Login

Network Switch

D A T A

S O U R C E S

A C C E S S

I N T E L L IG E N C EG A T E W A Y S

Bug Tracker

Code

Repository

Network VLAN

R E S O U R C E S

Visibility Control

What risk vectors to look for

Shadow IT

72%of employees use unauthorized file sharing services

Unapproved usage

1 in 7employees access adult, gambling or

extreme sites weekly

High costs

>50%of corporate data

usage is not business critical

Insecure apps

1 in 25mainstream apps

leak sensitive credentials

Sources: Gartner, IDC, CIO.com and Wandera

What attack vectors to look for

Phishing

The #1 mobile

threat

Malware

1/3 of all malware

will be mobile by

2019 (Gartner)

Cryptojacking

25% of all businesses

have devices being

cryptojacked

UEM & MTD are great device-centric technologies

“Malicious threats or

data leakage risks

elude UEM controls.”

“MTD tools, especially

on iOS, have limited

visibility on the system

and background

processes.”Device configuration

& management

Threat

defenseApp

Threats

Web

ThreatsNetwork

Threats

Real-time data

visibility & control

Visibility (&control) gap in mobile

Internet

Secure Web Gateway

Endpoint Security

Active Directory

Firewall

10% of traffic

90% of traffic

Cellular, public & home WiFi

Traditional network security investments don’t pay off for mobile

Assessing trust: device, network, user, traffic, etc. aware

Real-time analysis

T R A F F I C A W A R E

Detailed usage breakdown

N E T W O R K A W A R E

User role, device, location, etc.

C O N T E X T A W A R E

Use case: Conditional access in a zero-trust world

Any Device

E N D P O I N T A P P L I C A T I ON S E C U R E A C C E S S L A Y E R

E N A B L IN G Z E R O -T RU ST C O N N E C T I V IT Y

U E M - B A SE D

C O N D I T I ON A L A C C E S S

W A N D E RA N A T I V E

C O N D I T I ON A L A C C E S S

Signal to UEM

when device

exceeds risk

threshold

Prevent risky

devices from

accessing

corporate

applications

✘

Use case: Network state matters

Accessible from anywhere

E N T E R P R I SE C L O U D S E R V I C E S

Accessing enterprise cloud apps

U S E R O N P U B L I C W I - F I

Inspecting all session traffic

M A N - I N - T H E -M I D D LE

Encrypts all traffic until threat is removed

F A I L S A F E E N C R Y P T I O N

Protect login credentials

Protect sensitive employee,

customer & partner data

Zero productivity lost

Define policy by network

state…

Use case: day phishing detection

AppAssessment

VulnerabilityAnalysis

TrafficAnalysis

WebReputation

BrandAnalysis

AnomalyDetection

• Compromise prevented• User protected• No “patient 0”

4-hours ofsuccessful phishing

16-hours ofunprotected users

Fortinet + Avira

Newly launched phishing attack: appleid-mobile.co.uk

Multi-level risk analysis

Use case: Network type matters

Use case: network trust

Case study: Altitude matters

▪ US international airline

▪ 5,000 employees

▪ $1.6bn annual revenue

O V E R V I EW

▪ New Samsung tablets

▪ Control devices in flight for max productivity

▪ Control data costs

P R O J E C T D R I V ER

78%

U N A P P R OV ED U S A G E

▪ Strict policy based on altitude -Implemented whitelist for productivity apps

▪ Locked down app usage on mobile data while roaming

▪ Maintained more liberal policy for ground WiFi

W A N D E R A C O N T R O L S

25%

R E V E N U E

O N B O A R D R E V E N U E R I S E D U E T O B O O S T E D F L I G H T S T A F F P R O D U C T I V I T Y

Use case: mobile app trust

Flexible filters to refine criteria

Wandera Mobile Security Suite

S E C U R E A C C E S S

P R E V E N T TH R E A TS

▪ Security rating

▪ Events / SIEM

▪ Usage analytics

▪ Data alerts

W E B C O N S O L E

R E A L - TI M E R E P O R TI N G

C L O U D G A T E W A Y

A P P L Y P O L I C Y

▪ Web filtering

▪ Data management

▪ Contextual policy

▪ WiFi and broadband

▪ Over the air

deployment

▪ Device management

U E M C O N N E C T

O P TI O N A L

U E M

▪ Zero-day phishing protection

▪ Privacy-preserving browsing

▪ Failsafe VPN

▪ Optional secure tunnel

▪ Vulnerability assessment

▪ App vetting

▪ Threat detection

▪ Usage reports

E N D P O I N T A P P L I C A T I ON

D E TE C T TH R E A TS

M I : R I A M

Flexible platform to address mobile fleet diversity

Standalone deployment options Real-time traffic monitoring

Diverse management strategiesUnmanaged Managed / Supervised

Single Pane of Glassfor Centralized Reporting and Policy Configuration

Secure and private cloud gateway

C L O U D G A T E WA Y

No private data decryption

Optional data anonymization

Configurable metadata storage

GDPR compliant

ISO certified

Encrypted tunnel and core

Millions of devicesBillions of daily web transactions

§Leading global enterprise footprint

Device-centric security checklist

Thank you!!!

Do you give access outside of corporate perimeter?

Have you invested in UEM & MTD?

Do you have enough visibility to assess trust levels?

Do you have enough control to prevent threats and enforce policy?

Consider a network element to enforce control