The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
BYOD and Your Business
1. Enabling Inside-Out Network Security
BYOD and Your Business
Learn about the BYOD trend, the risks associated with this trend,
and how to successfully adopt BYOD while securing your network.
2. Agenda
Enabling Inside-Out Network Security
• The rise of BYOD
• Security risks associated with BYOD
• A BYOD strategy
• NetClarity’s Internal Security Solution
3. The Rise of BYOD
Enabling Inside-Out Network Security
• Gartner projects a 9-40% savings using
employee PCs
• 1 in 10 use personal computers for
primary work device today
• 50% use personal computers for work at
some time
• 43% of companies have a written policy,
with specific rules
4. BYOD: A fast-growing Dilemma
Enabling Inside-Out Network Security
The challenge: seamless and secure management of ALL device
Personal AND Professional Wired AND Wireless ANY operating system
By 2016 at least 50% of enterprise email users will rely primarily on a browser,
tablet or mobile client instead of a desktop client. – Gartner
- AND -
Today, 80% of attacks occur inside the network - SANS
5. The “Security” dilemma of BYOD
Enabling Inside-Out Network Security
1. People
2. Processes
3. Policy
4. Technology
5
6. Breach Statistics
Enabling Inside-Out Network Security
174 million compromised records last year
…and their firewall didn’t stop them!
Verizon 2012 Data Breach Investigations Report
8. BYOD: How is security breached?
Enabling Inside-Out Network Security
1. Accidentally download
malware onto your device.
2. Bring that device into work
and bypass the firewall.
3. A Trojan gets onto the
network.
4. Data gets transferred to a
hacker without you even
knowing it!
Data
9. What’s the real internal security problem?
Enabling Inside-Out Network Security
All Networks and IP Devices have Holes that
are known as:
Common Vulnerabilities and
Exposures (CVE)
https://nvd.nist.gov/
10. BYOD Risk: New Malware Outbreaks…
Enabling Inside-Out Network Security
Your favorite anti-virus program catches no more than 70-90% of
malware!
What’s running on everyone’s personal device? Who knows?
11. BYOD Risk: New Malware Outbreaks…
Enabling Inside-Out Network Security
“Here's a video of my Droid cell phone that was hacked
after I loaded the new "Mobile Skype" program. It's as if
the phone has been possessed. Had to get a new cell.”
http://www.youtube.com/watch?v=mpZgw5Db2ok
“Noticed this crazy messaging happening on my iPad2
earlier this evening.
You can see that there are messages being sent (blue
background) and the keypad is not being used at the
time. Secondly, I don't have a Romanian number or
contact. Thirdly, I don't speak Romanian.
Weird I tells ye! and it's still messaging back and forth as
I type here.”
http://www.youtube.com/watch?v=wa9H-8Q1FeA
12. BYOD Risk: CVEs (iPhone sample…)
Enabling Inside-Out Network Security
The current value of credit cards on the black market – Look, you can even buy in bulk!
See: http://nvd.nist.gov
13. BYOD Risk: Lost or Stolen?
Enabling Inside-Out Network Security
“More than
a third of
consumers
have had
cell phones
lost or
stolen”
14. BYOD Risks: Control and Compliance
Enabling Inside-Out Network Security
Behind every firewall, you need to manage BYOD.
The businesses in each of these vertical markets
are all very different, but they are all faced with
similar challenges:
• Ensuring Business Continuity.
• Controlling Network Access.
• Ensuring Regulatory Compliance.
16. Multi-faceted Internal Security
Enabling Inside-Out Network Security
IPS/IDS
Firewall
End Point
Protection
Asset Management
and Access Control. Internal Security
Vulnerability
management,
compliance reporting
and Auditing
Zero-Day Defense
17. Internal UTM: Critical technology
Enabling Inside-Out Network Security
Remember, while firewalls protect
networks from the outside-in, over
80% of successful attacks come
from the inside.
There is a major need for internal
UTM to secure networks from the
inside-out.
18. Inside-Out Network Security™ Appliances
Enabling Inside-Out Network Security
Scalable from 25 devices to thousands
• Immediately control access by any
and all types of devices – if you don’t
want them on the network, they don’t
get on the network.
• Identify network holes (CVE®s) on the
inside of your network and guide
proactive remediation process
• Defend against malware through
automated detection and blocking
22. How NetClarity stops a breach
Enabling Inside-Out Network Security
1. Accidentally download malware onto your
device.
2. Bring that device into work and bypass
the firewall.
3. A Trojan gets onto the network.
4. NetClarity quarantines the device that
has a Trojan installs
5. NetClarity stops the hacker from
receiving the data he was hoping to
obtain!
Data
23. The BYOD NACwall Appliance Awards
Enabling Inside-Out Network Security
“NetClarity Picks Up Where Firewalls,
Anti-virus, Intrusion Detection Systems
and Intrusion Prevention Systems
Leave Off”
– John Gallant, President, Network World
“The only Next Gen. NAC solution to be “The Most
integrated with RSA enVision® for Innovative NAC
enterprise-wide internal risk management” Vendor in the World”
– Network Products Guide, Hot
– Apurva More, RSA Secured Program Manager Companies, 2009, 2010, 2011
24. Next Generation NAC, Manages BYOD!
Enabling Inside-Out Network Security
“When evaluating NAC solutions, look for vendors
that understand the consumerization trend and
support, or have plans to support, policies for
managing the non-Microsoft endpoints
that will inevitably attempt to connect to your
network….
• Convenient to install
• Universal in application
• All devices, OS,
wired/wireless Gartner NAC Report, 12/2010
25. In Summary: Managing BYOD
Enabling Inside-Out Network Security
1. Personal devices are pervasive but the
BYOD trend isn’t going anywhere.
2. They add a new level of risk
management to the organization.
3. There are technologies to mitigate the
risk, like NetClarity’s NACwalls!
Cost savingsConvenienceAlready in serviceCost savingsIncreased employee satisfactionIncreased employee productivityCost savings
80% of attacks occur inside a network – behind the firewallMost BYOD devices will be wireless – but must be managed in tandem with wired.A myriad of:devices (phones, tablets, laptops), operating systems (Linux, IP-phone, Windows, iOS, Android), threats (malware, vulnerabilities)inside the network
When do we know if a BYOD is on our network?How do we stop Rogue or Untrusted BYOD access?Is all BYOD Traffic Encrypted Well Enough to Ensure Compliance with PCI-DSS, HIPAA/HITECH, FERPA, GLBA or SOX-404?Are BYODs Harboring Personally Identifiable Information (PII)?Can we Require Whole Device Data Encryption to Protect this very Sensitive/High Risk Data?What if a BYOD gets lost or stolen? Can we (IT Staff) force a remote ‘wipe’ or ‘kill code’ on an employee owned device with corporate data on it?How do we Sync? How do we Backup BYOD?Is there any Good Firewall or Anti-virus/Anti-malware for BYOD?How do we Enforce Policies on BYOD employee-owned equipment?
Firewalls do NOTPrevent malware from infecting a deviceStop the spread of malware within your networkPrevent high risk data, PII, etc from leaving your network
Keyloggers and the use of stolen credentialsBackdoors and command controlTamperingPretextingPhishingBrute forceSQL injectionFor the most part, firewalls are one-way streets. Once the attacker is on the inside, they are presumed trusted, and can connect outward just as easily as a person surfing the web or checking email.
What if the Former Employee was using Personally Owned Mobile Devices?What is your IT Security/Human Resources combined Checklist you go through when an Employee Leaves (voluntarily or involuntarily)?Does the Plan include Mobile Devices and their Company-related Data stored on the device? (Or are You Ready to Crack a Potentially Encrypted Backup you may have Retained?)
In school settings:Students bring devices at their own riskThis means that if they bring a device, they are responsible for keeping it safe and secureThey should not leave their device in a classroom, even if the teacher allows itThe students are responsible for the appropriate use of their personal computing devicesIn government and business settings:Employees bring devices at the organizations’ riskThis means that if you bring a device, The IT STAFF is responsible for ensuring it does not increase risk by way of DATA LEAKAGE, DATA THEFT, HACKING and MALWARE OUTBREAKS
Bottom line: GET THE DEVICE OWNER TO ASSUME SOME LEVEL OF RESPONSIBILITYTechnology affords you time, security
“Consumerization is an unstoppable trend, and most organizations need to demonstrate flexibility and allow employees to use their personal devices for work. But, they also need to establish limits and not permit every device, every operating system and every configuration. Although approaches such as server-based computing and virtualization will also be used to deal with consumerization, NAC provides the flexibility that enterprises need in a BYOD environment, while providing the controls that enable network and security managers to retain control over the network.”
Keyloggers and the use of stolen credentialsBackdoors and command controlTamperingPretextingPhishingBrute forceSQL injectionFor the most part, firewalls are one-way streets. Once the attacker is on the inside, they are presumed trusted, and can connect outward just as easily as a person surfing the web or checking email.
Convinient to install, and universal in application.NetClarity is the vendor that targets SMBs and can manage all endpoints. Its family of NACwall appliances use an agentless (no additional software on the PCs) approach to baseline the health of the endpoints. NACwalls are deployed out of band in LANs, so they install easily and are not in the line of traffic…”