Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security

Webinar: A Three-Pronged Approach to Mobile Security

• View Webinar Archive: http://go.mojave.net/webinar-3pronged-mobile-security

• Learn more about Mojave Networks: http://www.mojave.net

Information

http://go.mojave.net/webinar-3pronged-mobile-security

http://go.mojave.net/webinar-3pronged-mobile-security

http://www.mojave.net/

Primer on Mobile Security

Tyler Shields, Forrester Research

3

Making Leaders Successful Every Day

Mobile Security TrendsSecurity Requires More Than Just MDM!

Tyler ShieldsSenior Analyst, Mobile and Application SecurityJune XX, 2014

© 2014 Forrester Research, Inc. Reproduction Prohibited 6

What do your USERS want!

Anywhere Access No Roadblocks Any Device All Data


What will they DO to get it!

16%

22%

35%

42%

SHADOW IT BYOD


• What mobile device management options are there? Vendor selection?

• How do I get off of Blackberry? Should I get off of Blackberry?

• We don’t think MDM is quite enough. Which technologies do I need to secure my environment?

• How do I apply application security and management to my mobile strategy?

• What should I do to secure the content that is on my mobile devices?

What is the ENTERPRISE asking?


What SHOULD the ENTERPRISE be asking?

• What level of security do I need to offset my mobile risk?

• What combination of technologies can help me meet my business goals?

• Where is the real risk in mobile?

• How can I securely enable my users to get their jobs DONE!

© 2014 Forrester Research, Inc. Reproduction Prohibited 10 10

Support a wider variety of mobile devices and platforms (e.g., tablets, iOS, Android)

Improve or modernize our mobile app(s) to deliver more information or transaction support

Update our security technologies and processes to better support mobile interactions

Re-architect traditional or back-end apps to make it easier to interface with and support mobile front-end apps

Re-architect our middleware to better support mobile front-end applications

Expand machine-to-machine (M2M) or 'Internet of things' initiatives

Create a set of standard APIs or services that allow mobile app developers to more eas-ily access functions from transactional business applications

Expand or enhance data center infrastructure to handle increasing volume of customers' mobile interactions

22%

20%

14%

26%

26%

27%

26%

22%

48%

48%

46%

45%

45%

38%

42%

45%

24%

23%

36%

18%

19%

17%

16%

26%

Low priority High priority Critical priority

“How important is each of the following initiatives in your firm's mobility strategy for supporting your customers over the next 12

months?”

Base: 891 North American and European enterprise network and telecommunications decision-makers

Source: Forrsights Mobility Survey, Q2 2013

82%


The number of different platforms/operating systems

Rate of releases of the different operating systems/platforms

Providing device security

Securing the apps and data

Complying with regulatory requirements

Managing devices that are used for both personal and corporate apps

44%

29%

59%

64%

33%

45%

“What challenges, if any, does your firm face when managing smartphone/tablet applications and devices?”

Source: Forrsights Mobility Survey, Q2 2013

Base: 891 North American and European enterprise network and telecommunications decision-makers


Are You Overwhelmed Yet?!

• Mobile Device Management• Enterprise Mobile Management• Mobile Application Management• Mobile Security Platform• Application Wrapping SDK• Mobile Static Analysis

Competing Visions and Solutions

• Application Wrapping• Secure Network Gateways• Machine Learning• Mobile Behavioral Analysis• RBMM

Emerging Technologies


Mobile Device

Management

Containerization

Virtualization

Application Hardening

Application Wrapping

Anti-Malware

App Reputation

Mobile Authentication

Device Reputation

Mobile DLP

Mobile Endpoint Security

Static Code Analysis

Secure Mobile Content Sharing

Secure Mobile Network

Gateways

1. Application hardening2. Application wrapping

3. Containerization4. Mobile anti-malware

5. Mobile application reputation services

6. Mobile authentication solutions7. Mobile device management

8. Mobile device reputation services9. Mobile DLP

10. Mobile end point security11. Mobile static code analysis

12. Mobile virtualization13. Secure mobile content sharing

14. Secure mobile network gateways

Mobile Security

Technologies


Technologies By Layer

The Mobile Security Stack

The Future State of Mobile!


Impact of User / Admin Experience on Technology Success

Minimal B-Value Add Moderate B-Value Add Significant B-Value Add

Anti-malware Mobile Device Reputation Mobile Content Sharing

Virtualization Mobile DLP Mobile Device Management

App Hardening Mobile Application Reputation

Secure Mobile Network Gateway



Mobile Static Code Analysis

Containerization

Good Experience Moderate Experience Bad Experience Unknown


Impact of User / Admin Experience on Technology Success

Minimal B-Value Add Moderate B-Value Add Significant B-Value Add

Anti-malware Mobile Device Reputation Mobile Content Sharing

Virtualization Mobile DLP Mobile Device Management

App Hardening Mobile Application ReputationSecure Mobile Network Gateway

Containerization Mobile Authentication Application Wrapping

Mobile Static Code Analysis

Good Experience Moderate Experience Bad Experience Unknown


Device Management

2012

2012 and BEFORE

Mobile Device ManagementMobile device management (MDM) solutions use platform API hooks to

imposecontrol onto smartphones and tablets.

This technology allows support for multiple

platforms and form factors, extends management and security policies to

bothcorporate-liable and employee-owned devices, and automates service desk

support.


Secure Network Gateway

2013

Device Management

2012

2013


2013


2013Isolated Technologies

Application wrapping and secure network gateway technologies gain

traction. Secure mobile content sharing becomes an easy plug and

play for vendor offerings. Price drops rapidly as base MDM becomes

commoditized.



2013

Device Management

2012

2014


2013


2013

Enterprise Mobile Management

2014

*

Enterprise Mobile ManagementA new offering is born. EMM is the

new buzz. Isolated technologies sold in a single platform offering.. The

same players with a slightly different game.



2013

Device Management

2012

2015 and BEYOND


2013


2013

Enterprise Mobile Management

2014

*Mobile Authentication

Risk Based Security

Risk Based Mobile Management

Risk Based Mobile ManagementUnderstanding WHO is at the device

and real risk values are as important as security of the device is itself.

2015 adds mobile authentication to the offering mix. Quantification of risk is the future trend. Applying math to risk and using calculated risk values

to enforce security controls. The future is in RBMM.


The Next Wave of Awesome – Techs That Quantify Risk

Up and Coming Technologies

VS VS VS

Mobile Application

Reputation

Mobile Device

Reputation


Risk Based Mobile

Management & Security


What It Means - Enterprises

$

Find roadmaps that go beyond point solutions

Risk tolerance versus user experience

Expect significant consolidation

Defense in Depth

Maximize security while minimizing

UX impact

Demand innovation!


Nobody Ever Got Fired For Buying…

Technology Leading Products

A Strong Product RoadmapDefense in Depth

MobileIron

A Product That Matches Your Needs

VMWare / Airwatch

Citrix

Fiberlink/IBM

Good

Stable Technology

Webinar: A Three-Pronged Approach

to Mobile Security

• Mobile Risks

• Pillars of Mobile Security• Device• Apps• Network• Analytics

• Background

• Ask our Experts: Q&A

Agenda

26

27

Understanding Mobile Risk

Why is Knowing Your Mobile Risk Important?

28

• Protecting company data

• Safeguarding other enterprise infrastructure

• Identifying compliance issues

• Creating better policies with better visibility

Quantifying Mobile Risk

29

• Employee Data Access

• Installed Apps

• User / Device Behavior

• Non-mobile Events

Understanding Mobile Risk is Imperative

Source: Verizon 2014 Data Breach Investigations Report

Number of breaches per category

31

Pillars of Mobile Security

Mobile Security

Network AnalyticsApplicationsDevice

Four Pillars of Mobile Security to Reduce Risk

• MDM

• Password policies

• Containers

Typical Device Level Security

33

Typical Application Level Security

34

• App catalog

• White / Black List

• App wrapping

Typical Network Level Security

PC’s Traditionally Protected

Mobile is Completely Unprotected

Typical Mobile Analytics Available to other Platforms

37

How Does Mojave Manage the Pillars?

HealthEvaluate apps, processes, diagnostics, and behavior to assess risk

Native ExperienceNo wrapping or containers to interfere with the native experience

PrivacyWipe corporate information and set granular employee privacy policies

PoliciesSet configurations, deliver

policies, and manage apps

Device – Security without the Hassle

38

39

Monitoring Device Health

• Over 50 data points collected daily

• Monitor for critical changes in device health

• Feeds of data for other security tools to analyze

Results1. More visibility

2. Better DLP

3. Block threats

Analysis1. Static & dynamic

2. Enterprise risk

3. Protocol identification

App Reputation

Collection1. Thousands of apps/day

2. App stores, 3rd parties, and devices

40

Gain Visibility into App Risk

41

App Data

All Data

Globally Distributed Network Optimized for Mobile

42

Gain Visibility into Data Flow

43

Network threats blocked per device

10 per month120 per year

44** Based on Mojave Networks aggregate customer usage data

• Tie mobile events to broader user profile

• Leverage existing security tools

• See activity that has never been available

Real-time Event API Completes the Loop

45

Mon

itor A

nalyze

Policy

Mojave Connect Real-time API

Common Syslog formats

Better Correlate Mobile Events with Other Enterprise Data

Real-time API’s = Faster Risk Assessment

46

Visibility Security

Effortless & Seamless

Mojave Networks Delivers

47

Control

• MDM solutions only protect from a small subset of mobile risks

• 4 pillars necessary to provide true mobile security

• Mobile risk should be combined with other threat intelligence

Summary

48

49

About Mojave Networks

Mojave Networks Background

• Founded in 2011 and based in Silicon Valley

• Lead investment from Bessemer Venture Partners & Sequoia Capital

• Veteran team from Symantec, McAfee, Lookout, Palo Alto Networks, Cenzic

• Deep security DNA with patent pending technology

• Customers in Healthcare, Finance, Transportation, Government and more

50

51

Questions & Answers