device-centric security strategies for the modern …...wandera mobile security suite se cure a cce...
TRANSCRIPT
STI JN PAUMENVP SALES & BD, WANDERA
Device-centric security strategies for the modern workplace
The mobile-enabled enterprise has arrived
57%of corporate Internet use is mobile today
▪ More apps▪ Greater cloud access ▪ Faster connectivity
Source: StatCounter
0%
20%
40%
60%
80%
100%
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Desktop Mobile & Tablet
What is device-centric security?
Access to corporate resources depends on the device and user credentials, regardless of
the employee’s network location. That means employee access is treated the same whether
the user is at a corporate office, at home or in a coffee shop.
BeyondCorp: Design to Deployment at Google
https://storage.googleapis.com/pub-tools-public-publication-data/pdf/44860.pdf
Management
Agents
Certificate
Authorities
Asset
Inventories
Exceptions
Others Access Policy
Access Control
Engine
Device Inventory
Service
Trust Inferer
Web Proxy
Interactive
Login
Network Switch
D A T A
S O U R C E S
A C C E S S
I N T E L L IG E N C EG A T E W A Y S
Bug Tracker
Code
Repository
Network VLAN
R E S O U R C E S
Visibility Control
What risk vectors to look for
Shadow IT
72%of employees use unauthorized file sharing services
Unapproved usage
1 in 7employees access adult, gambling or
extreme sites weekly
High costs
>50%of corporate data
usage is not business critical
Insecure apps
1 in 25mainstream apps
leak sensitive credentials
Sources: Gartner, IDC, CIO.com and Wandera
What attack vectors to look for
Phishing
The #1 mobile
threat
Malware
1/3 of all malware
will be mobile by
2019 (Gartner)
Cryptojacking
25% of all businesses
have devices being
cryptojacked
UEM & MTD are great device-centric technologies
“Malicious threats or
data leakage risks
elude UEM controls.”
“MTD tools, especially
on iOS, have limited
visibility on the system
and background
processes.”Device configuration
& management
Threat
defenseApp
Threats
Web
ThreatsNetwork
Threats
Real-time data
visibility & control
Visibility (&control) gap in mobile
Internet
Secure Web Gateway
Endpoint Security
Active Directory
Firewall
10% of traffic
90% of traffic
Cellular, public & home WiFi
Traditional network security investments don’t pay off for mobile
Assessing trust: device, network, user, traffic, etc. aware
Real-time analysis
T R A F F I C A W A R E
Detailed usage breakdown
N E T W O R K A W A R E
User role, device, location, etc.
C O N T E X T A W A R E
Use case: Conditional access in a zero-trust world
Any Device
E N D P O I N T A P P L I C A T I ON S E C U R E A C C E S S L A Y E R
E N A B L IN G Z E R O -T RU ST C O N N E C T I V IT Y
U E M - B A SE D
C O N D I T I ON A L A C C E S S
W A N D E RA N A T I V E
C O N D I T I ON A L A C C E S S
Signal to UEM
when device
exceeds risk
threshold
Prevent risky
devices from
accessing
corporate
applications
✘
Use case: Network state matters
Accessible from anywhere
E N T E R P R I SE C L O U D S E R V I C E S
Accessing enterprise cloud apps
U S E R O N P U B L I C W I - F I
Inspecting all session traffic
M A N - I N - T H E -M I D D LE
Encrypts all traffic until threat is removed
F A I L S A F E E N C R Y P T I O N
Protect login credentials
Protect sensitive employee,
customer & partner data
Zero productivity lost
Define policy by network
state…
Use case: day phishing detection
AppAssessment
VulnerabilityAnalysis
TrafficAnalysis
WebReputation
BrandAnalysis
AnomalyDetection
• Compromise prevented• User protected• No “patient 0”
4-hours ofsuccessful phishing
16-hours ofunprotected users
Fortinet + Avira
Newly launched phishing attack: appleid-mobile.co.uk
Multi-level risk analysis
Use case: Network type matters
Use case: network trust
Case study: Altitude matters
▪ US international airline
▪ 5,000 employees
▪ $1.6bn annual revenue
O V E R V I EW
▪ New Samsung tablets
▪ Control devices in flight for max productivity
▪ Control data costs
P R O J E C T D R I V ER
78%
U N A P P R OV ED U S A G E
▪ Strict policy based on altitude -Implemented whitelist for productivity apps
▪ Locked down app usage on mobile data while roaming
▪ Maintained more liberal policy for ground WiFi
W A N D E R A C O N T R O L S
25%
R E V E N U E
O N B O A R D R E V E N U E R I S E D U E T O B O O S T E D F L I G H T S T A F F P R O D U C T I V I T Y
Use case: mobile app trust
Flexible filters to refine criteria
Wandera Mobile Security Suite
S E C U R E A C C E S S
P R E V E N T TH R E A TS
▪ Security rating
▪ Events / SIEM
▪ Usage analytics
▪ Data alerts
W E B C O N S O L E
R E A L - TI M E R E P O R TI N G
C L O U D G A T E W A Y
A P P L Y P O L I C Y
▪ Web filtering
▪ Data management
▪ Contextual policy
▪ WiFi and broadband
▪ Over the air
deployment
▪ Device management
U E M C O N N E C T
O P TI O N A L
U E M
▪ Zero-day phishing protection
▪ Privacy-preserving browsing
▪ Failsafe VPN
▪ Optional secure tunnel
▪ Vulnerability assessment
▪ App vetting
▪ Threat detection
▪ Usage reports
E N D P O I N T A P P L I C A T I ON
D E TE C T TH R E A TS
M I : R I A M
Flexible platform to address mobile fleet diversity
Standalone deployment options Real-time traffic monitoring
Diverse management strategiesUnmanaged Managed / Supervised
Single Pane of Glassfor Centralized Reporting and Policy Configuration
Secure and private cloud gateway
C L O U D G A T E WA Y
No private data decryption
Optional data anonymization
Configurable metadata storage
GDPR compliant
ISO certified
Encrypted tunnel and core
Millions of devicesBillions of daily web transactions
§Leading global enterprise footprint
Device-centric security checklist
Thank you!!!
Do you give access outside of corporate perimeter?
Have you invested in UEM & MTD?
Do you have enough visibility to assess trust levels?
Do you have enough control to prevent threats and enforce policy?
Consider a network element to enforce control