Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
McAfee MVISION MobileAnalysis & Intel on Mobile Threat Metrics & Protecting Public Sector from Zero-day Attacks with Machine Learning Detection
Andrew Osborn | CISSP, GSLC
VP | Global Solutions - Telco & Gov't
MCAFEE CONFIDENTIAL
Early Gift to you?
* So what do they have in common?
MCAFEE CONFIDENTIAL
Even Apple has stated...
An Endpoint is an Endpoint is an Endpoint…And just another attack surface!
MCAFEE CONFIDENTIAL
10m devices without a passcode
4m devices with encryption disabled
3m developer options enabled
2.1m devices with unknown sources enabled
1.4m devices with USB debugging
250k internal network access
Discerning <or> Intriguing Metrics?
28% of tampered devices were NOT rooted
219m file system changed events
2m daemon anomaly
20.4m total scans
81m connections to open Wi-Fi nets
16m total active MitM attacks
* Malicious Profiles more prevalent than malware for
iOS
MCAFEE CONFIDENTIAL
MVISION Platform Analytics for nation State:
• NSO, Gamma, LU, the
Russian Military Intel Service’s
(GRU), China & APT41, DPRK
& Lazarus and countless other
known Nation State Actor(s)
and players are actively using
these threats as attack
surfaces in order to gain
access to either multiple,
targeted devices or upstream
servers / services and the data
• Also used in potential
coordinated DDoS attacks
• MVISIONS’s solution is
designed to stop these types
of attacks at their very earliest
stage of the Cyber Kill Chain
MCAFEE CONFIDENTIAL
A novel if not effective way?
MCAFEE CONFIDENTIAL
Mobile Security Attack Framework Alignment
* Cyber Kill Chain
* MITRE ATT&CK for Mobile
• NIST Special Publications > FISMA > FedRAMP• NIAP Common Criteria & NSA Mobility Capability Pkgs• Cybersecurity Information Sharing Act (CISA) Exec
Mandates• Dept. of Homeland Security Continuous Diagnostics &
Mitigation• Groups: Advanced Technology Academic Research Center
(ATARC)
MCAFEE CONFIDENTIAL
Local Guidance & Framework; Is this for us too?
• Australia’s Office of the Australian Information Commissioner (OAIC):
o Notifiable Data Breaches (NDB) notification & protection against mobile device threats
scheme
o “Must cover multiple access levels, including device, app, network, and content
protection” and “real-time monitoring is an essential part” of the required security
measures…
• Australian Signals Directorate (ASD):
o Published ‘how-to’ guides for tackling getting more organizations to adopt security
protocols and strategies like phishing detection & prevention
• APEC Cross-Border Privacy Rules (ACBPR):
o Protects flow of data and privacy of data for Japan and other AsiaPac partners
o Although the system solutions are voluntary, there are enforceable rules governing
international transfers of data provides both strong privacy protections
• Information & Communications Technology (ICT):
o Provides a Gov’t framework for Cybersecurity and architecture, which include mobility
and IoT and is akin to the U.S.’s NIST’s FISMA and include Cloud Standards
• Groups/Alliances:
o Australian Competition & Consumer Commission (ACCC) & Cloud Security Alliance:
Security, Trust & Assurance Registry (CSA STAR)* What does it mean; guidance / compliance / best practices around securing, collecting threat Intel is already been made!
MCAFEE CONFIDENTIAL
* Doesn’t matter
how many ‘Jedi
moves’ you have,
it only takes one
time to lower your
guard to get
‘“owned”
It might seem unfair?
MCAFEE CONFIDENTIAL
What makes up mobile attacks?
Device Attacks
THE Sole
Objective for
Persistent
Foothold
Network Attacks
The Primary
Mechanism for
Targeted Attacks
Malicious Apps
Untargeted,
Advertising &
Fraud Threats
Phishing Sites
Untargeted,
Fraud & Exploit
Delivery
Start of targeted attacks> 90%
MCAFEE CONFIDENTIAL
Patented Detection Engine Designed for Mobile
Detection engine uses machine learning and behavioral
analysis to provide real-time, on-device protection
against both known and unknown threats
Device Networ
k
Applicatio
n
On-device▪ No need for cloud lookup
Advanced Threat Classifiers▪ 99.999% effective
ML for malware▪ Stop exploits without updates
ML for phishing▪ Only proven way to prevent phishing attacks
Phishing
Attacks
MCAFEE CONFIDENTIAL
How can we help?
• Identification of devices risko On outdated/vulnerable OSo Compliance violationso Configuration issues
• Exploit detection o On device
• Deepest set of device threat detection and remediation controlso 24 specific device policies
• Adding security value and controls onto specialized platformso Samsung KNOXo Android Enterprise
• Application Vettingo iOS & Android-based
• Broadest range of network threat
detection and remediation
controls
o 21 specific network policies
o Layer 2 through 7 detection
• Ability to trigger remediations
o Wi-Fi disconnect
o VPN
o Block specific app traffic
MCAFEE CONFIDENTIAL
MVISION is Not an EMM/MDM... It Complements Them
MVISION is the ‘only MTD solution’ capable of working with multiple EMMs in one implementation:
Intune
X
EMM MVISION
X
X
X X
X X
(X) X
X
X
X
X
X
X
X
X
Access controls to corporate email, VPN, app delivery & removal
Features & Benefits
Secure corporate document sharing & secure web security
Ability to revoke access from non-compliant mobile devices
“Always on” protection on the device
Detect if device has proper security enabled (e.g., pin, encryption)
Jailbreak detection
Root/compromise detection
Network attack (e.g., MITM, rogue access points) detection
OS compromise & exploitation detection
Malicious app and profile detection
Mobile phishing detection
Provide detailed app risk & privacy analysis
Reconnaissance scan detection
Detailed mobile threat intelligence and forensics
MCAFEE CONFIDENTIAL
Is that my job; we’ll get to it!?
MCAFEE CONFIDENTIAL
MVISION Mobile Advanced App Analysis
Dynamic & Static Analysis of Mobile Applications - ATD & AST but for Mobile Apps
Machine Intelligence – Risk Scoring
Advanced App Analysis Engine
Analysis
• Dynamic Analysis
• Static Analysis
• Cross Application Correlation
• 3rd Party Code
• Payload Inspection
• Various Threat Engines
Forensic Correlation
• Registrant History
• Communications
• URL Reputation
• Data Leakage
• Privacy Violations
• Security Violations
• Distribution Footprint
Validation
• OWASP Mobile Top 10
• Chain of Trust
• SSL Certificate Validation
• Vulnerabilities
• Certificate Pinning
• Repacking
• Developer Reputation
MCAFEE CONFIDENTIAL
MVISION Mobile ADVANCEDPowered by industry leading mobile threat protection technology
Danger Zone
Multi-EMM Integration
Phishing Attack Detection
App Privacy and Security Risk Reporting
Customized App Compliance Policies
On Device Remediation
EMM Remediation
Fully Customizable User Notifications
MCAFEE CONFIDENTIAL
Questions?
McAfee, the McAfee logo and [insert <other relevant McAfee Names>] are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries.
Other names and brands may be claimed as the property of others.
Copyright © 2019 McAfee, LLC.