Coronet Cyber Security Award Write Up

2016 Global Mobile SecurityTechnology Innovation Award

2016

GLOBAL MOBILE SECURITYTECHNOLOGY INNOVATION AWARD

2016

BEST PRACTICES RESEARCH

© Frost & Sullivan 2016 1 “We Accelerate Growth”

Contents Background and Company Performance ........................................................................ 2

Industry Challenges .............................................................................................. 2

Technology Attributes and Future Business Value ..................................................... 3

Conclusion........................................................................................................... 4

Significance of Technology Innovation .......................................................................... 6

Understanding Technology Innovation .......................................................................... 6

Key Benchmarking Criteria .................................................................................... 7

Best Practice Award Analysis for Coronet ....................................................................... 7

Decision Support Scorecard ................................................................................... 7

Technology Attributes ........................................................................................... 8

Future Business Value ........................................................................................... 8

Decision Support Matrix ........................................................................................ 9

The Intersection between 360-Degree Research and Best Practices Awards ..................... 10

Research Methodology ........................................................................................ 10

Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ................................................................................................................. 11

About Frost & Sullivan .............................................................................................. 12



Background and Company Performance

Industry Challenges Cyber threats are becoming increasingly more sophisticated and more damaging. Advanced Persistent Threats (APT), botnets, zero-day attacks, and countless malware variants continue to cause significant personal and monetary damage.

The war against cyber miscreants continues to evolve with the changing complexion of digital communications. Most notable, mobile computing devices such as tablets and smartphones enable a high degree of connectivity and productivity that employees now expect in their jobs. In supporting “anywhere and anytime” connectivity, mobile device usage, in turn, results in a wider range of cyber risks than statically-connected corporate desktop computers and servers. In effect, wireless connectivity enables distinctly mobile conduits for mobile malware and creates a unique mobile attack vector.

One of the new threats emerging on mobile is “commjacking.” In commjacking, a cyber miscreant creates a malicious wireless access point, be it Wi-Fi, cellular, or conceptually Bluetooth. The access point presents itself as legitimate, but it is actually malicious, allowing an attacker to intercept transmissions to and from the device, manipulate data or the device itself, and bypass traditional defenses to gain access to enterprise resources.

Clearly, targeted attacks are one objective for commjackers. Definable physical proximity enables commjackers to target a specific person or set of individuals. For example, commjacking at a medical research facility provides commjackers with an avenue to extract medical research proprietary intellectual property without having to actually know the target. Proximity defines the target.

Another objective is “war driving,” that is, intercepting anyone in an insecure, wirelessly connected location such as hotel guest access, retail outlet Wi-Fi hotspots, airline lounges, financial districts, etc. War driving is similar to a watering hole attack in which bogus access points are established in physical locations where high-value targets tend to congregate.

The threat of commjacking is not new. Historically, expensive gear and specialized skills were necessary in yesterday’s commjacking. Circumstances have changed. With the advent of open source software and the commercial availability of cheap, readily available hardware, cyber miscreants now have access to sophisticated technology for pennies on the dollar, or specifically yesterday’s multi-million dollar equipment is $30 to $150 today. Additionally, yesterday’s bulky equipment has been replaced with easily portable gear, making physical proximity easier to achieve.

But recently, commjacking took a turn. Instead of using dedicated equipment, attackers evolved to remotely take control of existing access points, which typically have minimal to no security. With this evolution, the commjacking threat has elevated to a scalable, world-wide phenomenon.

Clearly, a new threat vector requires a new approach to security. Coronet is an innovative company that is offering solution to commjacking.



Technology Attributes and Future Business Value To combat commjacking, Coronet created a solution that determines in real time which access points (Wi-Fi or cellular) are legitimate, unsafe, or malicious. In practice, the Coronet solution automatically stops an attack before it starts by: (1) evading the attacker, (2) blocking the “conduit” or communication channel of commjackers, or (3) enforcing risk-based access to enterprise resources.

Coronet’s solution is based on three pillars:

• Monitoring the global wireless landscape through intelligence gathering,

• Conducting analysis on real-time threats to improve risk detection, and

• Enforcing risk-based wireless security policy.

On the device, threat detection occurs independently by mapping the topography of the wireless network behavior through proprietary technology Coronet calls “echoing.” By applying behavioral algorithms to actively monitor, in real-time, the wireless networks in the vicinity of the device and the device itself, Coronet can detect the presence of commjackers. This monitoring layer is aided by the intelligence gathered by every device; adding a collaborative and transparent crowd-sourcing facet to the solution.

Product Impact

The foundation of the solution is a lightweight software agent that runs on the device, be it a notebook, smartphone, tablet, IoT, or other device with wireless connectivity such as cars and drones. The solution does not require specialized hardware or operating system (OS) level modifications and runs on any iOS, MacOS, Windows, or Android device. An SDK is available for other OS.

The client leverages behavioral analytics to detect, in real time, malicious or potentially malicious access points (Wi-Fi or Cellular) that are present in the vicinity of the device. Once a threat is detected, the pre-defined security policy is executed either by disconnecting the device, alerting the user, or alerting the response teams within the enterprise. It is important to note that malicious access point detection is not limited to purpose-built malicious devices but also encompasses once legitimate access points that have been compromised or misconfigured.

Essentially, a malicious network generates a sequence of ‘fingerprints’ on the wireless access network environment. These fingerprints do not require extensive measures; a limited set of device measurements is sufficient for high-assurance accuracy. From these measurements, the Coronet client reconstructs a wireless and network “map” to distinguish the legitimate versus malicious access points.

Visionary Innovation

Coronet takes the solution one step further. Using the intelligence collected from the endpoints, Coronet alerts network professionals of global and geographic-specific threats.

As a device with a Coronet client moves, it dynamically detects and analyzes access points that are in range. The scale of analysis is massive as mobile devices encounter thousands,



tens of thousands or even hundreds of thousands of access points a day. A small number of devices can collect an incredible amount of data on legitimate and malicious wireless access points. And, a larger number of devices creates exponentially larger amounts of data that is processed in real time by Coronet’s cloud platform. Coronet is projecting 150 million devices will be equipped with a Coronet client by the end of 2017.

Information regarding the channel, technology, authenticity, and geographic location is transmitted to Coronet and placed in database, while ensuring that the capture any personally identifiable information does not occur. This information augments a customer’s “Enterprise Dashboard” to allow security and network professionals to not only define key field behaviors, roles, and responses but also identify the current threat levels, by geography, device, or role, and then visualizing this intelligence on a real-time threat map. For example, malicious access points on a university campus, manufacturing facility or even office space can be identified and prioritized for remediation.

Technological Sophistication

Clearly, analytics is the engine that makes Coronet go. The platform was developed by veterans of the security sector, Israeli defense industry and academia and is powered by an offline learning machine that uses the collected data from the devices, publicly available data, and data from threat intelligence engineers to develop and refine the algorithms. The analytics are not only sophisticated to thwart currently attacks types but continue to learn, thus protecting against new types of attacks.

Industry Impact

The Coronet solution creates a net-new method that protects enterprises from data breach via commjacking, and helps to secure devices while being completely compatible with existing solutions. The solution does this by applying complementary security at a different point in the network layers. Current solutions are typically applied at Open Systems Interconnection model (OSI model) Layers 4 - 7, comprising Transport, Session, Presentation, and Application. The Coronet solution is applied at Layers 1 – 3, comprising physical, data link and network as well as Layers 4 - 7. The result is a “top to bottom,” defense in depth with an additive tier of security.

Theoretically, competitive solutions provide similar functionality by building a portfolio of vetted Wi-Fi access points, rather than detect illegitimate ones. This white list approach, however, has the shortcoming of not compensating for access points that were legitimate at the time of the whitelisting but were subsequently compromised. Coronet provides persistent detection and protection in real time.

Conclusion Mobile security tools and consistent device hygiene are good steps in preventing mobile threats. Although the security tools can have high efficacy and are a critical element in an organization’s security policy, even the best tools can be challenged as traditional mobile security services do not defend against attacks that happen at the communication channel. Enterprises have been struggling to protect the ever-growing attack surface resulting from the shift to a mobile-first organization and the fact that users are



connecting anywhere, to networks that the enterprise cannot see, evaluate the risk, or control. Coronet offers a new security technology that solves that challenge, and defends against commjacking while augmenting existing security solutions, defending devices at all layers of the OSI model (Layers 1 – 7) while other technologies defend only Layers 4 - 7.

With its strong overall performance, Coronet has earned Frost & Sullivan’s 2016 Technology Innovation Award in Mobile Security.



Significance of Technology Innovation Ultimately, growth in any organization depends upon finding new ways to excite the market, and upon maintaining a long-term commitment to innovation. At its core, technology innovation or any other type of innovation can only be sustained with leadership in three key areas: understanding demand, nurturing the brand, and differentiating from the competition.

Understanding Technology Innovation Technology innovation begins with a spark of creativity that is systematically pursued, developed, and commercialized. That spark can result from a successful partnership, a productive in-house innovation group, or the mind of a singular individual. Regardless of the source, the success of any new technology is ultimately determined by its innovativeness and its impact on the business as a whole.



Key Benchmarking Criteria

For the Technology Innovation Award, Frost & Sullivan analysts independently evaluated two key factors—Technology Attributes and Future Business Value—according to the criteria identified below.

Technology Attributes Criterion 1: Industry Impact Criterion 2: Product Impact Criterion 3: Scalability Criterion 4: Visionary Innovation

Criterion 5: Application Diversity

Future Business Value Criterion 1: Financial Performance Criterion 2: Customer Acquisition Criterion 3: Technology Licensing Criterion 4: Brand Loyalty Criterion 5: Human Capital

Best Practice Award Analysis for Coronet Decision Support Scorecard To support its evaluation of best practices across multiple business performance categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool allows our research and consulting teams to objectively analyze performance, according to the key benchmarking criteria listed in the previous section, and to assign ratings on that basis. The tool follows a 10-point scale that allows for nuances in performance evaluation; ratings guidelines are illustrated below.

RATINGS GUIDELINES

The Decision Support Scorecard is organized by Technology Attributes and Future Business Value (i.e., the overarching categories for all 10 benchmarking criteria; the definitions for each criteria are provided beneath the scorecard). The research team confirms the veracity of this weighted scorecard through sensitivity analysis, which confirms that small changes to the ratings for a specific criterion do not lead to a significant change in the overall relative rankings of the companies.



The results of this analysis are shown below. To remain unbiased and to protect the interests of all organizations reviewed, we have chosen to refer to the other key players as Competitor 2 and Competitor 3.

DECISION SUPPORT SCORECARD FOR TECHNOLOGY INNOVATION AWARD

Measurement of 1–10 (1 = poor; 10 = excellent)

Technology Innovation Technology Attributes

Future Business Value

Average Rating

Coronet 10 9 9.5

Competitor 2 10 5 7.5

Competitor 3 7 7 7.0

Technology Attributes Criterion 1: Industry Impact Requirement: Technology enables the pursuit of groundbreaking new ideas, contributing to the betterment of the entire industry

Criterion 2: Product Impact Requirement: Specific technology helps enhance features and functionality of the entire product line for the company

Criterion 3: Scalability Requirement: Technology is scalable, enabling new generations of products over time, with increasing levels of quality and functionality

Criterion 4: Visionary Innovation Requirement: Specific new technology represents true innovation based on a deep understanding of future needs and applications

Criterion 5: Application Diversity Requirement: New technology serves multiple products, multiple applications, and multiple user environments

Future Business Value Criterion 1: Financial Performance Requirement: High potential for strong financial performance in terms of revenues, operating margins and other relevant financial metrics

Criterion 2: Customer Acquisition Requirement: Specific technology enables acquisition of new customers, even as it enhances value to current customers

Criterion 3: Technology Licensing Requirement: New technology displays great potential to be licensed across many sectors and applications, thereby driving incremental revenue streams



Criterion 4: Brand Loyalty Requirement: New technology enhances the company’s brand, creating and/or nurturing brand loyalty

Criterion 5: Human Capital Requirement: Customer impact is enhanced through the leverage of specific technology, translating into positive impact on employee morale and retention

Decision Support Matrix Once all companies have been evaluated according to the Decision Support Scorecard, analysts can then position the candidates on the matrix shown below, enabling them to visualize which companies are truly breakthrough and which ones are not yet operating at best-in-class levels.

DECISION SUPPORT MATRIX FOR TECHNOLOGY INNOVATION AWARD

High

Low

Low High

Futu

re B

usi

nes

s V

alu

e

Technology Attributes

Coronet

Competitor 2

Competitor 3



The Intersection between 360-Degree Research and Best Practices Awards

Research Methodology Frost & Sullivan’s 360-degree research methodology represents the analytical rigor of our research process. It offers a 360-degree-view of industry challenges, trends, and issues by integrating all 7 of Frost & Sullivan's research methodologies. Too often, companies make important growth decisions based on a narrow understanding of their environment, leading to errors of both omission and commission. Successful growth strategies are founded on a thorough understanding of market, technical, economic, financial, customer, best practices, and demographic analyses. The integration of these research disciplines into the 360-degree research methodology provides an evaluation platform for benchmarking industry players and for identifying those performing at best-in-class levels.

360-DEGREE RESEARCH: SEEING ORDER IN THE CHAOS



Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices Frost & Sullivan Awards follow a 10-step process to evaluate award candidates and assess their fit with select best practice criteria. The reputation and integrity of the Awards are based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

1 Monitor, target, and screen

Identify award recipient candidates from around the globe

• Conduct in-depth industry research

• Identify emerging sectors • Scan multiple geographies

Pipeline of candidates who potentially meet all best-practice criteria

2 Perform 360-degree research

Perform comprehensive, 360-degree research on all candidates in the pipeline

• Interview thought leaders and industry practitioners

• Assess candidates’ fit with best-practice criteria

• Rank all candidates

Matrix positioning all candidates’ performance relative to one another

3

Invite thought leadership in best practices

Perform in-depth examination of all candidates

• Confirm best-practice criteria • Examine eligibility of all

candidates • Identify any information gaps

Detailed profiles of all ranked candidates

4 Initiate research director review

Conduct an unbiased evaluation of all candidate profiles

• Brainstorm ranking options • Invite multiple perspectives

on candidates’ performance • Update candidate profiles

Final prioritization of all eligible candidates and companion best-practice positioning paper

5 Assemble panel of industry experts

Present findings to an expert panel of industry thought leaders

• Share findings • Strengthen cases for

candidate eligibility • Prioritize candidates

Refined list of prioritized award candidates

6 Conduct global industry review

Build consensus on award candidates’ eligibility

• Hold global team meeting to review all candidates

• Pressure-test fit with criteria • Confirm inclusion of all

eligible candidates

Final list of eligible award candidates, representing success stories worldwide

7 Perform quality check

Develop official award consideration materials

• Perform final performance benchmarking activities

• Write nominations • Perform quality review

High-quality, accurate, and creative presentation of nominees’ successes

8 Reconnect with panel of industry experts

Finalize the selection of the best-practice award recipient

• Review analysis with panel • Build consensus • Select winner

Decision on which company performs best against all best-practice criteria

9 Communicate recognition

Inform award recipient of award recognition

• Present award to the CEO • Inspire the organization for

continued success • Celebrate the recipient’s

performance

Announcement of award and plan for how recipient can use the award to enhance the brand

10 Take strategic action

Upon licensing, company may share award news with stakeholders and customers

• Coordinate media outreach • Design a marketing plan • Assess award’s role in future

strategic planning

Widespread awareness of recipient’s award status among investors, media personnel, and employees



About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best in class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best practice models to drive the generation, evaluation and implementation of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from 31 offices on six continents. To join our Growth Partnership, please visit http://www.frost.com.

http://www.frost.com/