Mobile Device Management (MDM)

Mobile Device Management
(MDM)
Robert Predgo (LHRIC)
Jeff Sciueche (McAfee)

2011 Gartner Quadrant

Trends
• Consumerization of IT
• Student‐owned devices on the
district network
• Device diversity
it
• iOS, Android, Windows, etc.
• App explosion
• Beyond email and web
• Mobile threat emergence
• Android an early favorite

Hypergrowth in Mobile Devices
Computing Cycles in Perspective
1,000,000
(from Morgan Stanley)
ces/Users (M
MM in Log Sc
cale)
Devi
100,000
10,000
1,000
100
Minicomputer
10
Mobile
Internet
Desktop
Internet
10B+
Units??
PC 1B+ Units/
Users
100M
Units
10M Units
Mainframe
1
1M Units
1960 1980 2000 2020
““The desktop internet ramp was just a warm‐up act for
what we’re seeing happen on the mobile internet.” The
pace of mobile innovation is “unprecedented, I think,
in world history.”
”
Mary Meeker, Morgan Stanley – April 2010

But Enabling Mobility Brings Risk
Web 2.0, Apps 2.0, Mobility 2.0
There is a policy
disconnect between IT
and end users
HR
More than half of all
users don’t lock their
devices
IT
IT
Sales
Mobile devices
predicted to be new
malware frontier
Finance
Almost 1 in 5
devices are lost
each year

Mobile Threat Outlook
Hackers have set their sights on mobile
Mobile app & content download flood has captured hacker
interest in mobile technology
Mobile platforms are vulnerable
The fragility of mobile device security is proven, and
exploitation of vulnerabilities is accelerating
No vendor or mobile OS is immune
Malicious activity follows platform viability – consumers and
businesses everywhere are targets – Android, iOS, J2ME,
BlackBerry and the mobile web are known vehicles
Threatening strategic assets
Customer data, location data, billing interface, network, and
brand are expected to be the most targeted & affected
assets
Android’s inbuilt
trusted source
protection is
easily disabled

The Dirty Dozen*
1. Samsung Galaxy Mini 2. HTC Desire
3. Sony Ericsson Xperia X10 4. Sanyo Zio
5. HTC Wildfire 6. Samsung Epic 4G
7. LG Optimus S 8. Samsung Galaxy S
9. Motorola Droid X 10. LG Optimus One
11. Motorola Droid 2 12. HTC Evo 4G
13. Older iPhones (honorable mention)
• Phones are outdated out of the box
• Manufactures are slow to upgrade
• Data traversing these devices are at risk
• Poor application i security
• BYOD, how do you patch a device that is not yours?
*Source: www.net-security.org November 21, 2011
December 21, 2011 68

Recent Malware Examples
DrdDream
• 1 st major Trojan
embedded in app
• 50+ apps removed
from Android Market
• Steals information and
waits for instructions
from C&C server
Zeus
• Targeting banks using
mTAN authentication
• Used against major
Spanish institution
09Droid
• Not malware but fake
banking apps sold at
$1.49
• Linking to bank’s own
web site
• Signed app for BB,
WM, Symbian S60 • Apps targeted 35
banks of all sizes

Mobile Malware on the Rise
• Android attacks have increased 238% since Dec 2010
• Symbian is the most attacked mobile platform in terms of total malware
samples, though Android is experiencing the largest number of new attacks
• No iOS targeted attacks were found in the wild in Q2
Total Mobile Malware Samples
Mobile Malware Target Platforms
1400
1200
1000
800
600
400
200
BlackBerry
VBS
MSIL
Python
Android
Java ME
Symbian
0
1Q '09 2Q '09 3Q '09 4Q '09 1Q '10 2Q '10 3Q '10 4Q '10 1Q '11 2Q '11
Source: McAfee Labs Aug 2011

The Cloud
• iCloud
• What assurances does the organization have that files deleted on one device is
deleted d from other devices, and from iCloud itself
• Organization need to Understanding how your data is used/stored
• Dropbox/box.net
• Android – Mybackup Pro and several others in Marketplace

Mobile Security Requirements
Protect Mobile Devices
Protect Mobile Data
Protect Mobile Apps

Mobile Security Solutions
Protect Mobile Devices
• Device management (MDM)
• Anti-malware
• Web protection
• Understand the devices
Protect Mobile Data
• Data protection (locate, lock, wipe, delete)
• Jailbroken and Rooted device exclusion
• Encryption
• Bluetooth
Protect Mobile Apps
pp
• Enterprise App Store
• Secure App Store Model

Mobile Security Direction
Next: Anti‐Malware Implementation
EMM
EMM
DMZ
Anti-Malware Data Loss Prevention Application Security
Enterprise Mobility and Anti-Malware
Protect mobile devices and networks against viruses, spyware, botnets, and even Advanced
Persistent Threats. Roll out anti-malware solution and DAT updates to devices and other endpoints
alike centrally and in a policy-based way. Prove compliance with district and regulatory policy.

Mobile Security Integration
Direction
Next: Secure Container and DLP
EMM
EMM
DMZ
Anti-Malware
Data Loss Prevention
Application Security
Enterprise Mobility and Data Loss Prevention
Safeguard leakage of your district data with a secure container, at the host or mobile device, and at
the network level. Start with a secure container to prevent data loss from email, and ultimately extend
granular data leakage prevention policies to mobile devices as you do other endpoints.

Mobile Security Integration
Direction
Next: Secure Applications
Scan
Provide
secure access
Certify
Aggregate
Monitor
Anti-Malware Data Loss Prevention Application Security
Enterprise Mobility and the Application Security Lifecycle
Start by scanning and certifying mobile apps for vulnerabilities or malware, monitoring their behavior
and developing reputations for them, and providing secure access to them via network access
control.

Are we ready?
• Is Apple Enterprise
ready?
• Is Android too open
of a platform?
• BYOD vs District
owned?
• There are more
players coming…….
December 21, 2011 77

Q & A
Thank You
Robert Predgo
Rpredgo@lhric.org
Jeff Sciueche
Jeff_Sciueche@McAfee.com