Mobile Security - 2015 Wrap-up and 2016 Predictions

Title of Presentation DD/MM/YYYY© 2015 Skycure Inc. - Confidential 1Yair Amit, Co-founder, CTO, Skycure December 2015

Mobile Security: 2015 Wrap-up and 2016 Predictions

Title of Presentation DD/MM/YYYY© 2015 Skycure Inc. - Confidential 2

Meet Your Speaker

Yair AmitCo-founder and CTO

Skycure


Quick Housekeeping• Q&A panel is available if you have any questions• There will be time for Q&A at the end• We are recording this webinar for future viewing• All attendees will receive a copy of slides/recording

Join the discussion #MobileThreatDefense


Agenda1. Highlights of 20152. 2016 Predictions3. Mobile Security Plan4. Q&A

Title of Presentation DD/MM/YYYY© 2015 Skycure Inc. - Confidential 5© 2015 Skycure Inc. - Confidential

Highlights of 2015


Modern Mobile Attacks


Physical Security

Loss

Theft

Unauthorized Access


Network Security

Wi-Fi/ Cellular

Off-the-shelf

hacking gear

24x7 Exposure


SSL Decryption – A Growing Concern

92%of users click on “Continue”

compromising their Exchange identity (username and password)


”

Plain HTTP

Does it really happen today?


SwiftKey Vulnerability600 million Android (Samsung) devices vulnerable

PRE-INSTALLED KEYBOARD

UNENCRYPTED UPDATES MITM SYSTEM

ACCESS


“No iOS Zone”Skycure Research

iOS crashes

“No iOS Zone” exploited againiPhone crashes again

Device restarts

and againand again

and again


Malware

External Stores

Repackaged Apps

New infection vectors


XcodeGhost

• Lures developers into using a malicious development environment• Malicious apps were approved by Apple and made it to the AppStore


YiSpecter

• Impacts both jailbroken and non-jailbroken devices• First major iOS malware that uses Apple’s private APIs


Vulnerabilities

OS & AppLevel

Patching Challenges

Never Ending Story


Known iOS Vulnerabilities - Apr. 15’ Est.

2007 2008 2009 2010 2011 2012 2013 2014 20150

20

40

60

80

100

120

140

160

180

Number of CVEs Trajectory (Apr 15')

Source: Skycure analysis based of CVEdetails.com


Known iOS Vulnerabilities - Final

Source: Skycure analysis based of CVEdetails.com

2007 2008 2009 2010 2011 2012 2013 2014 20150

50

100

150

200

250

300

350

400

Number of CVEs


Mobile Security Threat Reports




https://www.skycure.com/resource/skycure-on-nbcs-the-today-show/




2016 Predictions


Android malware will continue to evolve

2011

Google Play is riddled with

malware

2015

Google Play is riddled with

malware

3rd party stores are riddled with

malware

Google introduces technologies such as

“Bouncer” and “Verify Apps”

What next?


Malware Scanners Effectiveness

Watch us a

t RSA

USA 2016

(March

3rd , 2

016)


Multi-Factor Authentication will be Further Embraced by Users

• Stealing a password will continue to become less effective• Greater reliance on mobile devices• Result – attackers focus their hacking campaigns on mobile devices


Hackers will Leverage Mobile to Attack Enterprises

• Utilization of a growing arsenal of attacking tools• Mobile as an easy springboard to corporate resources• Focus on exploiting human and software vulnerabilities via network and

application-level attack vectors


Healthcare adoption of mobility will continue to grow70% of Doctors would use mobility to manage patient data: A growth from ~8% just 2 years ago


10+ Billion Connected Devices in 3 Years

• Wearables to monitor more health data• Healthcare data is worth a lot• Hackers to focus on unsecured healthcare apps/devices


Mobile payments will gain more traction• Mobile payment volume in the US will grow to

$818 Billion by 2019.• Starbucks: 8 million mobile transactions per week.

21% of total sales.• 2% of transactions at top 5 retailers are through

Apple Pay.


Mobile Security Plan


Old Endpoint Vs. New Endpoint

IPS

IDS

FIREWALL

USBSECURITY

DLPDATA

ENCRYPTION

WIRELESS SECURITY

APPLICATION CONTROL

AV ?


4 Tips for CIOs

PredictIdentify high-risk situations in advance using crowd wisdom

DetectFind mobile threatsbefore they reach your organization

PreventStop threats automatically using existing policies

AdaptLearn from the new threats to adapt your security policy


You need “Waze”• Protect against known, unknown and

ZERO-day attacks

Malware: How do you predict next-gen malware attacks?

Exploit: How do you know if the exploit was not tailor-made for your organization?

Network: How do you know if the network you connect to is real or fake?

Predict


Predict


Comprehensive Detection Detect

Applications• Policy Violations• Malware

Vulnerabilities• iOS & Android• CVSS – Open Standard

Device• Lost• Stolen• Imporper Configuration

Networks• Suspicious• Malicious


Automated Remediation• No CIO or IT needs yet

another console to look at• Use your EXISTING tools

and policies- SIEM- EMM/MDM- VPN- Email servers

Predict


Adapt1. Learn from the new threats2. Identify top attacked people/departments3. Educate them4. Do cyber-security drills

Adapt


Skycure Mobile Threat Defense

• Seamless experience• 24x7 detection and protection• Device, app, and network analysis• Multi platform – Android and iOS

Employee

• Flexible deployment• Policy creation and enforcement• Reporting and compliance• Enterprise integrations

IT Team

Mobile Threat Intelligence

• Millions of tests per month• Millions of networks and apps analyzed

• Zero-day threat protection• Predictive Security

AttackVector


c

Real-TimeThreatIntelligence1 Million+ Global Threats Identifiedhttps://maps.skycure.com

c





Summary• The problem of mobile security is real and is already here• An ideal solution should offer layered security:

- Physical compromise- Network attacks- Malware infections- Vulnerabilities

• Enterprises are moving towards risk-based mobility

• Skycure is leading the charter

ATTACKVECTOR


Next Steps

Request a FREE 30 Day Trial!

[email protected], Phone: 1-800-650-4821

https://www.skycure.com/trial

https://blog.skycure.com

@SkycureSecurity, @yairamit

https://www.linkedin.com/company/skycure

https://www.skycure.com/



https://blog.skycure.com/



https://twitter.com/SkycureSecurity

https://twitter.com/yairamit



