Mobile Device Management (MDM)
Mobile Device Management (MDM)
Mobile Device Management (MDM)
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Mobile</strong> <strong>Device</strong> <strong>Management</strong><br />
(<strong>MDM</strong>)<br />
Robert Predgo (LHRIC)<br />
Jeff Sciueche (McAfee)
2011 Gartner Quadrant
Trends<br />
• Consumerization of IT<br />
• Student‐owned devices on the<br />
district network<br />
• <strong>Device</strong> diversity<br />
it<br />
• iOS, Android, Windows, etc.<br />
• App explosion<br />
• Beyond email and web<br />
• <strong>Mobile</strong> threat emergence<br />
• Android an early favorite
Hypergrowth in <strong>Mobile</strong> <strong>Device</strong>s<br />
Computing Cycles in Perspective<br />
1,000,000<br />
(from Morgan Stanley)<br />
ces/Users (M<br />
MM in Log Sc<br />
cale)<br />
Devi<br />
100,000<br />
10,000<br />
1,000<br />
100<br />
Minicomputer<br />
10<br />
<strong>Mobile</strong><br />
Internet<br />
Desktop<br />
Internet<br />
10B+<br />
Units??<br />
PC 1B+ Units/<br />
Users<br />
100M<br />
Units<br />
10M Units<br />
Mainframe<br />
1<br />
1M Units<br />
1960 1980 2000 2020<br />
““The desktop internet ramp was just a warm‐up act for<br />
what we’re seeing happen on the mobile internet.” The<br />
pace of mobile innovation is “unprecedented, I think,<br />
in world history.”<br />
”<br />
Mary Meeker, Morgan Stanley – April 2010
But Enabling Mobility Brings Risk<br />
Web 2.0, Apps 2.0, Mobility 2.0<br />
There is a policy<br />
disconnect between IT<br />
and end users<br />
HR<br />
More than half of all<br />
users don’t lock their<br />
devices<br />
IT<br />
IT<br />
Sales<br />
<strong>Mobile</strong> devices<br />
predicted to be new<br />
malware frontier<br />
Finance<br />
Almost 1 in 5<br />
devices are lost<br />
each year
<strong>Mobile</strong> Threat Outlook<br />
Hackers have set their sights on mobile<br />
<strong>Mobile</strong> app & content download flood has captured hacker<br />
interest in mobile technology<br />
<strong>Mobile</strong> platforms are vulnerable<br />
The fragility of mobile device security is proven, and<br />
exploitation of vulnerabilities is accelerating<br />
No vendor or mobile OS is immune<br />
Malicious activity follows platform viability – consumers and<br />
businesses everywhere are targets – Android, iOS, J2ME,<br />
BlackBerry and the mobile web are known vehicles<br />
Threatening strategic assets<br />
Customer data, location data, billing interface, network, and<br />
brand are expected to be the most targeted & affected<br />
assets<br />
Android’s inbuilt<br />
trusted source<br />
protection is<br />
easily disabled
The Dirty Dozen*<br />
1. Samsung Galaxy Mini 2. HTC Desire<br />
3. Sony Ericsson Xperia X10 4. Sanyo Zio<br />
5. HTC Wildfire 6. Samsung Epic 4G<br />
7. LG Optimus S 8. Samsung Galaxy S<br />
9. Motorola Droid X 10. LG Optimus One<br />
11. Motorola Droid 2 12. HTC Evo 4G<br />
13. Older iPhones (honorable mention)<br />
• Phones are outdated out of the box<br />
• Manufactures are slow to upgrade<br />
• Data traversing these devices are at risk<br />
• Poor application i security<br />
• BYOD, how do you patch a device that is not yours?<br />
*Source: www.net-security.org November 21, 2011<br />
December 21, 2011 68
Recent Malware Examples<br />
DrdDream<br />
• 1 st major Trojan<br />
embedded in app<br />
• 50+ apps removed<br />
from Android Market<br />
• Steals information and<br />
waits for instructions<br />
from C&C server<br />
Zeus<br />
• Targeting banks using<br />
mTAN authentication<br />
• Used against major<br />
Spanish institution<br />
09Droid<br />
• Not malware but fake<br />
banking apps sold at<br />
$1.49<br />
• Linking to bank’s own<br />
web site<br />
• Signed app for BB,<br />
WM, Symbian S60 • Apps targeted 35<br />
banks of all sizes
<strong>Mobile</strong> Malware on the Rise<br />
• Android attacks have increased 238% since Dec 2010<br />
• Symbian is the most attacked mobile platform in terms of total malware<br />
samples, though Android is experiencing the largest number of new attacks<br />
• No iOS targeted attacks were found in the wild in Q2<br />
Total <strong>Mobile</strong> Malware Samples<br />
<strong>Mobile</strong> Malware Target Platforms<br />
1400<br />
1200<br />
1000<br />
800<br />
600<br />
400<br />
200<br />
BlackBerry<br />
VBS<br />
MSIL<br />
Python<br />
Android<br />
Java ME<br />
Symbian<br />
0<br />
1Q '09 2Q '09 3Q '09 4Q '09 1Q '10 2Q '10 3Q '10 4Q '10 1Q '11 2Q '11<br />
Source: McAfee Labs Aug 2011
The Cloud<br />
• iCloud<br />
• What assurances does the organization have that files deleted on one device is<br />
deleted d from other devices, and from iCloud itself<br />
• Organization need to Understanding how your data is used/stored<br />
• Dropbox/box.net<br />
• Android – Mybackup Pro and several others in Marketplace
<strong>Mobile</strong> Security Requirements<br />
Protect <strong>Mobile</strong> <strong>Device</strong>s<br />
Protect <strong>Mobile</strong> Data<br />
Protect <strong>Mobile</strong> Apps
<strong>Mobile</strong> Security Solutions<br />
Protect <strong>Mobile</strong> <strong>Device</strong>s<br />
• <strong>Device</strong> management (<strong>MDM</strong>)<br />
• Anti-malware<br />
• Web protection<br />
• Understand the devices<br />
Protect <strong>Mobile</strong> Data<br />
• Data protection (locate, lock, wipe, delete)<br />
• Jailbroken and Rooted device exclusion<br />
• Encryption<br />
• Bluetooth<br />
Protect <strong>Mobile</strong> Apps<br />
pp<br />
• Enterprise App Store<br />
• Secure App Store Model
<strong>Mobile</strong> Security Direction<br />
Next: Anti‐Malware Implementation<br />
EMM<br />
EMM<br />
DMZ<br />
Anti-Malware Data Loss Prevention Application Security<br />
Enterprise Mobility and Anti-Malware<br />
Protect mobile devices and networks against viruses, spyware, botnets, and even Advanced<br />
Persistent Threats. Roll out anti-malware solution and DAT updates to devices and other endpoints<br />
alike centrally and in a policy-based way. Prove compliance with district and regulatory policy.
<strong>Mobile</strong> Security Integration<br />
Direction<br />
Next: Secure Container and DLP<br />
EMM<br />
EMM<br />
DMZ<br />
Anti-Malware<br />
Data Loss Prevention<br />
Application Security<br />
Enterprise Mobility and Data Loss Prevention<br />
Safeguard leakage of your district data with a secure container, at the host or mobile device, and at<br />
the network level. Start with a secure container to prevent data loss from email, and ultimately extend<br />
granular data leakage prevention policies to mobile devices as you do other endpoints.
<strong>Mobile</strong> Security Integration<br />
Direction<br />
Next: Secure Applications<br />
Scan<br />
Provide<br />
secure access<br />
Certify<br />
Aggregate<br />
Monitor<br />
Anti-Malware Data Loss Prevention Application Security<br />
Enterprise Mobility and the Application Security Lifecycle<br />
Start by scanning and certifying mobile apps for vulnerabilities or malware, monitoring their behavior<br />
and developing reputations for them, and providing secure access to them via network access<br />
control.
Are we ready?<br />
• Is Apple Enterprise<br />
ready?<br />
• Is Android too open<br />
of a platform?<br />
• BYOD vs District<br />
owned?<br />
• There are more<br />
players coming…….<br />
December 21, 2011 77
Q & A<br />
Thank You<br />
Robert Predgo<br />
Rpredgo@lhric.org<br />
Jeff Sciueche<br />
Jeff_Sciueche@McAfee.com