Securing Mobile Devices for BYOD Environments

Securing Mobile Devices for BYOD Environments

Nate Kaminski [email protected]

Joe Yeager [email protected]

Agenda

Introduction Mobile Device Fast Facts The BYOD Problem “Solutions” to BYOD Lancope Solution to BYOD Conclusion

2

Presenter

Presentation Notes

Introduce who Nate is - Standing in for the original presenter – sick Cover the agenda briefly TRANSITION: Before we get into this though, let me first explain a bit about the Lancope solution

What is BYOD?

3

Presenter

Presentation Notes

How BYOD started – “cool” phones TRANSITION: Onto the first survey question…

According to IDC estimates, mobile devices will outship PC’s in 2012 by more than 2 to 1 and mobile device spending will exceed PC spending, growing 4 times as fast. 1

Aberdeen estimates nearly 75 percent of companies currently allow employee-owned smartphones and/or tablets to be used at work. 2

Garter finds that 90 percent of organizations will support corporate applications on personal devices by 2014. 3

Mobile Device are Here to Stay

2:1 90

% 75%

4X Shipping Spending

Work Use Corp Apps

1: http://events.idc-cema.com/dwn/SF_52232_top_10_preditions_2012.pdf 2: http://www.itworld.com/mobile-wireless/151839/75-enterprises-have-byod-policies-53-support-ipads 3: http://www.gartner.com/it/page.jsp?id=1480514

4

Presenter

Presentation Notes

smart phones are growing on the consumer side employees want to these devices in the workplace Employees want to use these devices to access corporate applications, beyond just what something like a guest wireless network offers TRANSITION: More fast facts for you…

http://events.idc-cema.com/dwn/SF_52232_top_10_preditions_2012.pdf

http://www.itworld.com/mobile-wireless/151839/75-enterprises-have-byod-policies-53-support-ipads

http://www.gartner.com/it/page.jsp?id=1480514

Organizations should embrace BYOD

According to the Cisco Connected World Technology Report, 1

– 40% of college students would accept a lower-paying job that had flexible IT

– 70% of young workers ignore IT rules

ISACA has found through surveys that – Almost half of young professionals use their

own personal device at work. 2 – Over half of all IT leaders in the U.S. say that

employee-owned mobile devices pose a greater risk to the enterprise than mobile devices supplied by the company. 3

1: http://www.cisco.com/en/US/netsol/ns1120/index.html 2: http://www.isaca.org/Pages/Survey-Online-Shopping-Risks-2011.aspx 3: http://www.isaca.org/Pages/Survey-Risk-Reward-Barometer.aspx

5

Presenter

Presentation Notes

Call out the Cisco report as really good Choosing employers based on BYOD policies Even if you have policies that state otherwise, young workers will ignore them ISACA Survey founds that half of young pros use their devices at work Half of IT leaders think BYOD poses greater risk than corporate mobile devices TRANSITION: But what’s really the problem here?

http://www.cisco.com/en/US/netsol/ns1120/index.html

http://www.isaca.org/Pages/Survey-Online-Shopping-Risks-2011.aspx

http://www.isaca.org/Pages/Survey-Risk-Reward-Barometer.aspx

The “BYOD Problem”

Most organizations have… Scarce knowledge of what the device, operating system, or patch

level is Limited control over policy for what resources device can and

cannot access Incomplete information about whose device it is Lack of visibility into what the device is doing on the internal

network and how confidential data is moving around Little understanding of the impact of the device on the network 6

Presenter

Presentation Notes

Why is BYOD a problem? Cover points in slide TRANSITION: now, let’s talk about the solutions proposed by the security industry

BYOD: Proposed Solutions by the Security Industry

Say No to BYOD BYOD is here whether you embrace it or not

Install agents on the devices You have limited control over the employee’s device

Convert the device to a corporate one

Don’t forget the Your Own part of BYOD

Install more network probes Not a cost-effective nor scalable solution

BYOD REQUIRES A DIFFERENT APPROACH

Presenter

Presentation Notes

No to BYOD is not a solution Agents may work in certain situations, but cannot be an overall strategy. Limitations of the devices themselves along with challenges around validating the software is installed Wiping the device or changing its configuration / features is not something your employees will be happy with. It’s their device. They paid for it with their own money. Applying perimeter-based technologies and taking a “Great Wall” approaches to the inside of the network is not a cost effective nor scalable solution TRANSITION: BYOD requires a different approach. You need to think about the solution differently.

Network Security Monitoring Using the Network

8

Internet Atlanta

San Jose

New York

ASR-1000

Cat6k

UCS with Nexus 1000v

ASA Cat6k

3925 ISR

3560-X

3750-X Stack(s)

Cat4k Datacenter

WAN

DMZ

Access

8

Presenter

Presentation Notes

Now you’re probably asking yourself – ok Nate, now what. You’ve convinced me we’re all doomed and there’s no hope. Lay it on me. To solve The BYOD Problem, you need to look at what you have at your disposal. The Network. You have a network. These devices need to access the network. Now, this is a simplified view of your network, but it has all of the major components. TRANSITION: Well what if I told you that within the network itself lied the answer.

Cisco Infrastructure Provides the Intelligence...

9

Internet Atlanta

San Jose

New York

ASR-1000

Cat6k


ASA Cat6k

3925 ISR

3560-X

3750-X Stack(s)

Cat4k Datacenter

WAN

DMZ

Access

NetFlow NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow NetFlow

9

Presenter

Presentation Notes

And that solution is something called NetFlow.– jFlow, cFlow, AppFlow, sFlow, IPFIX, etc… All you have to know about NetFlow is that it’s an account of every single conversation happening on the network TRANSITION: As your BYOD devices connect to the network, they create netflow records.

Internal Visibility from Edge to Access...

Internet Atlanta

San Jose

New York

ASR-1000

Cat6k


ASA Cat6k

3925 ISR

3560-X

3750-X Stack(s)

Cat4k Datacenter

WAN

DMZ

Access

Lancope NetFlow Collector

Presenter

Presentation Notes

NetFlow gives you visibility and context into everything happening on the network, from the edge to the core, without any probes being deployed. TRANSITION: These netflow records are sent back to a collector, like StealthWatch. That’s where the magic happens.

StealthWatch – A Complete, Integrated Family of Products

Behavior-based flow monitoring

Contextual awareness – Identity

– Device – Application – Virtual

The Concern IndexTM

Relational Flow MappingTM

Point of ViewTM

Advanced Querying & Reporting

11

Management Reporting

Custom Dashboards

Relational Flow Maps

Security Monitoring

Forensics Anomaly Detection

Compliance Mitigation

Network Performance Monitoring

Trouble- shooting

Service Delivery

WAN Optimization

Capacity Planning

APPLICATION AWARENESS

IDENTITY AWARENESS

VIRTUAL AWARENESS

Behavioral Analysis

Flow Collection

StealthWatch

DEVICE AWARENESS

Presenter

Presentation Notes

StealthWatch pitch Explain how we have higher education customers that have been using StealthWatch for a long time to monitor their BYOD environments – and actually StealthWatch started out of a university 12 years ago TRANSITION: Now let’s talk about how our customers utilize StealthWatch to monitor their BYOD infrastructure for security

StealthWatch Answers The Tough Questions

12

Who

What

Where

When

How

owns the device

the device is doing

the device is on the network

the device is impacting the network

the device was on the network

StealthWatch can show you…

Presenter

Presentation Notes

With StealthWatch, you can get the WHO, WHAT, WHEN, WHERE and HOW Solving all of the major questions BYOD raises

StealthWatch Monitors BYOD Environments

Monitors the entire internal network by passively collecting data from existing infrastructure and does not use agents, install software, or in any way modify the employee’s device.

StealthWatch monitors and records everything that every user on any device running any operating system is doing on the network and how the network is affected by the user’s actions.

Utilizing patented behavioral analysis techniques, StealthWatch determines whether any device is acting suspiciously, is accessing privileged resources outside of its policy.

13

Presenter

Presentation Notes

Reiterate points and slide

Behavior-based Analysis

14

Critical Servers Tablet computers Mobile phones Marketing

Presenter

Presentation Notes

No signatures in the product Needle in the haystack

Company with StealthWatch

Company with Legacy Monitoring

Tools

To Enable Early Interjection BEFORE Crisis Im

pact

to th

e Bu

sines

s ( $

)

Time

credit card data compromised *

attack identified *

vulnerability closed

* CRISIS REGION

* attack thwarted * early

warning

* attack identified * vulnerability

closed

attack onset

*

StealthWatch Reduces MTTK

Presenter

Presentation Notes

SW gives you 2-days head start Long tail

Network activity is correlated with user and device information along with physical location on the network And you can also start with the user or device you are looking for and look at its network activity

StealthWatch: The Solution for BYOD Environments

Presenter

Presentation Notes

Now let’s get into a case study of SW in action, solving a real BYOD problem at a customer’s network Spike in network traffic Alarm goes off Bob Smith’s iPhone Drill down -- It’s NetFlix traffic


And can drill down to the exact flow:

17

Presenter

Presentation Notes

SW can then tell you further details about the host And even full URL details of what movie / show they were watching And how it impacted the network When


18

Including which devices in the network it crossed:

Presenter

Presentation Notes

By clicking the next tab, StealthWatch can tell you where it happened on the network – i.e. what resources where impacted And WHY – the Cisco ASA firewall permitted the traffic

Quick Recap

• BYOD is already here Embrace it

• Other solutions do not meet the needs of BYOD Prevent BYOD Install agents Change the device Install more network probes

• With StealthWatch you can gain visibility into every device on your network Using your existing infrastructure Answer the tough who, what, where, when, why, and how questions • Once you’ve enabled flow collection you can...

Gain deep traffic analysis and network visibility Detect attacks and network anomalies

19

Next Steps

Contact Lancope: Joe Yeager [email protected] Lancope [email protected] Lancope Marketing [email protected]

Visit Lancope @ Blackhat for a live demo of the StealthWatch System & pick-up your free copy of “NetFlow Security Monitoring for Dummies” book.

20

Presenter

Presentation Notes

You are going to hear a lot about BYOD at Blackhat!. Challenge vendors on their solutions, and make sure to stop by our booth and see a demo of how we can help you with BYOD along with a bunch of other problems you’re having.

mailto:[email protected]

mailto:[email protected]

Questions

Web http://www.lancope.com

Blog

http://netflowninjas.lancope.com

Twitter @netflowninjas

LinkedIn : NetFlow Ninjas http://www.linkedin.com/groups?about=&gid=2261596&trk=anet_ug_grppro

NetFlow Ninjas Challenge http://www.lancope.com/netflow-ninja-quiz

21

http://www.lancope.com



http://twitter.com/netflowninjas

http://twitter.com/netflowninjas

http://www.linkedin.com/groups?about=&gid=2261596&trk=anet_ug_grppro





http://www.lancope.com/netflow-ninja-quiz





Webinar with Forrester Research

22 ©2012 Lancope , Inc. All Rights Reserved.

Presenter

Presentation Notes

You are going to hear a lot about BYOD at RSA, I’m warning you! Challenge vendors on their solutions, and make sure to stop by our booth and see a demo of how we can help you with BYOD along with a bunch of other problems you’re having.