McAfee Enterprise Mobile Security (Non-NDA) · McAfee Mobile Update • Mobile is #1 on McAfee’s list of strategic priorities, and we are investing heavily in this business unit

16 September 2011

Mobility ManagementBringing Mobile Devices into the Security Infrastructure

Carl Peter

Enterprise Solution Architect, Mobility, EMEA

McAfee Mobile Update

• Mobile is #1 on McAfee’s list of strategic priorities, and we are investing

heavily in this business unit

• We believe security, policy, and compliance will be the biggest pain points

and are investing accordingly

• Thematically, we are focused on (i) security efficacy, (ii) quality, usability &

scalability, (iii) extending our portfolio

• Key updates include:

- Launch of McAfee Mobile Security (Jun)

- App Protection (App Alert) public beta (Aug)

- Enterprise Mobility Management 9.6 (announce 20 Sep)

- Significant success with Operators & Large Enterprise

Hypergrowth in Mobile Devices

Computing Cycles in Perspective (from Morgan Stanley)

Devic

es/U

se

rs (

MM

in

Lo

g S

cale

)

1,000,000

100,000

10,000

1,000

100

10

1

1960 1980 2000 2020

Mobile

Internet

Desktop

Internet

PC

Minicomputer

Mainframe

10B+

Units??

1B+ Units/

Users

100M

Units

10M Units

1M Units

“The desktop internet ramp was just a warm-up act

for what we’re seeing happen on the mobile internet.”

The pace of mobile innovation is “unprecedented, I

think, in world history.”

Mary Meeker, Morgan Stanley – April 2010”“

Enterprise Mobility: The Pressure is On

Mobile is forcing the industry to replicate what we did last

decade across an explosion of platforms…this year!

Trends

• Consumerization of IT– Employee-owned devices on

the corporate network

• Device diversity– iOS, Android, Windows, etc.

• App explosion– Beyond email and web

• Mobile threat emergence– Android an early favorite

DATA goes MOBILE – The Problem is Rapidly

Escalating

EMAILS INCULDE

OF THE COMPANIES

INTELLECTUAL

PROPERTY

60%

Today’s Business Challenge:Transformation of Enterprise Mobility

7

The Old Problem: Mobile Email

Secure Mobile

Messaging

The New Problem: Enterprise Mobility 2.0

Secure Mobile App

Management

Mobile Enterprise App Evolution is Moving RapidlyThe new way of working - What becomes important?

Web &

Social

Media

Enterprise and LOB

Apps

Basic

Services

Customer

Facing

Apps Centralize Policy Management

Multiple Platform Support

Protect Data

Protect Users

Automate Compliance &

Reporting

Easy Self-Service Provisioning

http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=328888671&mt=8





http://www.appstorehq.com/epichaiku-iphone-121918/app

Mobile Threat Outlook

Hackers have set their sights on mobileThe surge of mobile app & content downloads has

rejuvenated hackers’ interest in mobile technology

Mobile platforms are vulnerableThe fragility of mobile device security is proven, and

exploitation of vulnerabilities is accelerating

No vendor or mobile OS is immuneMalicious activity follows consumers everywhere and will not

stop in front of Android, iOS, J2ME, BlackBerry and the

mobile web

Android’s inbuilt

trusted source

protection can be

disabled easily

Threatening strategic assetsCustomer data, location data, billing interface, network, and

brand are expected to be the most target & affected assets

Mobile Threat Research

McAfee, Inc., June 2011

Mobile Malware Trend and Outlook

2 1000iOS Androidvs

Known Threats 2011

Mobile Malware on the Rise

Device loss and theft remains a top concern, however, Android attacks have

increased by 238% since Dec 2010. While Symbian remains the most attacked

mobile platform in terms of total malware samples, Android has emerged as the

platform experiencing the largest number of new attacks. No iOS targeted attacks

were found in the wild in Q2.

Total Mobile Malware Samples Mobile Malware Target Platforms

Source: McAfee Labs Aug 2011

BlackBerry

VBS

MSIL

Python

Android

Java ME

Symbian

0

200

400

600

800

1000

1200

1400

1Q '09 2Q '09 3Q '09 4Q '09 1Q '10 2Q '10 3Q '10 4Q '10 1Q '11 2Q '11

Mobile Security Requirements

Protect Mobile Devices

Protect Mobile Data

Protect Mobile Apps

Mobile Security DirectionDevelopment and Integration

Protect Mobile Devices• Device management (MDM)

• Anti-malware

• Web protection

Protect Mobile Data• Data protection (MDM)

• Only viable when device security is assured

• Sandbox/Containers – work; but at expense of user experience

Protect Mobile Apps• Enterprise App Store

• McAfee SECURE™ for App Stores

• McAfee App Alert™

The information contained in this document is for informational purposes only and should not be deemed on offer by McAfee or create

an obligation on McAfee. McAfee reserves the right to discontinue products at any time, add or subtract features or functionality, or

modify its products, at its sole discretion, without notice and without incurring further obligations.

RISK & COMPLIANCENAC • app scanning

CONTENTweb • email

NETWORKFW • NAC • nDLP

ENDPOINTAV • DLP

SECURITY MANAGEMENTePolicy Orchestrator

ePolicy

Orchestrator

McAfee Uniquely Can Accomplish This

Continuum of endpoints

Mobile Product Portfolio

WaveSecure VirusScan

Family

Protection

Enterprise

Mobility

Management

User

mobile device

management

Anti-malware

for mobile devices

Enterprise

mobile device

management(secure enterprise

application mobility)

Web protection

for mobile devices

Parental control

for mobile devices

SiteAdvisor

Report installed

app behaviors

App Alert

McAfee Mobile Security

Self-Service Provisioning…Delighting the User

Easy, Secure, Automated

Go to the

App Store

1 2

Enter Your Email

Credentials

IT Services are

Auto-Provisioned

4

Agree to

Corporate Policy

3


17 September 28, 2011

op

tio

nal

Self-Service Provisioning for Android


1

Go to the

Marketplace

2

Enter Your Email

Credentials

3

Agree to

Corporate Policy

4

IT Services are

Auto-Provisioned


Enterprise-Grade Solution Scalable Server-Centric Architecture

19

McAfee EMM Supported OS/Web services

• Windows 2003 32-bit / Windows 2003 32-bit R2



Benefits

• All communications across network boundaries are on SSL. No custom ports need to be opened.

• No dedicated hardware needed: complete software overlay compatible with virtual machines. September 28, 2011

• EMM Compliance Manager

• EMM Self-service Portal

• EMM Device Management Gateway

DMZ

EMM Compliance Proxy

443

Internal Network

443

443

Directory Server (LDAP)

EMM Admin through Browser

Mail Server(Exchange/Lotus)

443

3891433

MS SQLDatabase Server

21952196

iPad

Android

Windows

Mobile

Symbian

webOS

iPhone

McAfee ePolicyOrchestrator (ePO)

EMM Console Hub Server

Blackberry Enterprise Server (BES)

Enterprise-Grade Solution EMM AUTHENTICATION TO DEVICES





DMZ


443

Internal Network

443

443




443

3891433


21952196

iPad

Android

Windows

Mobile

Symbian

webOS

iPhone




1 Devices connect over 443/SSL to the EMM Compliance Proxy

1

Self-Service Provisioning…Delighting the User


Go to the

App Store

1 2

Enter Your Email

Credentials

IT Services are

Auto-Provisioned

4

Agree to

Corporate Policy

3



op

tio

nal

Self-Service Provisioning for Android


1

Go to the

Marketplace

2

Enter Your Email

Credentials

3

Agree to

Corporate Policy

4

IT Services are

Auto-Provisioned







DMZ


443

Internal Network

443

443




443

3891433


21952196

iPad

Android

Windows

Mobile

Symbian

webOS

iPhone




2 The EMM Compliance proxy will communicate to the EMM Hub Server over 443 using

SSL for user authentication

2






DMZ


443

Internal Network

443

443




443

3891433


21952196

iPad

Android

Windows

Mobile

Symbian

webOS

iPhone




3 The EMM Hub Server will perform an LDAP lookup to the Active Directory Server

3






DMZ


443

Internal Network

443

443




443

3891433


21952196

iPad

Android

Windows

Mobile

Symbian

webOS

iPhone




4 If the user is an authorized user and is compliant our EMM Proxy server will proxy

communication between active sync and the mobile device over 443/SSL.

4

4

But Enabling Mobility Brings RiskWeb 2.0, Apps 2.0, Mobility 2.0

IT

HR

Finance

Sales

IT

There is a policy

disconnect between IT

and end users

More than half of all

users don’t lock their

devices

Almost 1 in 5

devices are lost

each yearMobile devices

predicted to be New

Malware Frontier

DrdDream

• 1st major Trojan

embedded in app

• 50+ apps removed

from Android Market

• Steals information and

waits for instructions

from C&C server

Zeus

• Targeting banks using

mTAN authentication

• Used against major

Spanish institution

• Signed app for BB,

WM, Symbian S60

09Droid

• Not malware but fake

banking apps sold at

$1.49

• Linking to bank’s own

web site

• Apps targeted 35

banks of all sizes

Recent Malware Examples

Documents

McAfee Enterprise Mobile Security (Non-NDA) · McAfee Mobile Update • Mobile is #1 on McAfee’s list of strategic priorities, and we are investing heavily in this business unit