Presentation from Dan Hoffman (Juniper's Chief Mobile Security Evangelist) from the B-Sides mini-conference at RSA 2012 in San Francisco.
You can view the video of this presentation here: http://www.brighttalk.com/channel/7651
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Serious Threat or FUD Machine? The Mobile Security Debate
1. SERIOUS THREAT OR FUD MACHINE? THE MOBILE SECURITY DEBATE Daniel V. Hoffman CISSP, CHFI, CEH
2. MOBILE THREATS FEAR, UNCERTAINTY, DOUBT … AND CHARLATANS! “ IF you work for a company selling virus protection for android, rim or IOS, you should be ashamed of yourself.” “ If you read a report from a vendor that tries to sell you something based on protecting android, rim or ios from viruses, they are also likely as not to be scammers and charlatans.”
3.
4.
5. MOBILE SECURITY – WHAT ARE THE THREATS? Copyright 2008 SMobile Systems Page Mobile Security Threat Environment Malware – Viruses, Worms, Trojans, Spyware Direct Attack – Attacking device interfaces, Network DoS, Malicious SMS Loss and Theft – Accessing sensitive data Data Communication Interception – Sniffing data as it is transmitted and received Exploitation and Misconduct – Online predators, pornography, inappropriate communications, data leakage
6. JUNIPER MOBILE THREAT REPORT TOTAL MOBILE MALWARE SAMPLES ACROSS ALL OPERATING SYSTEMS
17. PROTECTING AGAINST A MOBILE ATTACK LAN 1 On-device Zero Day Protection stops malware on the device 2 IDS signatures detect malicious network traffic on network 3 NAC (Network Access Control) at Juniper SAs to deny insecure devices access to network resources 4 Shared Threat knowledge enables firewall rules to block network traffic destined for spyware server. ‘ DroidDream Zero-day at the handset RAN CARRIER NETWORK SRX/IDS/IPS ENTERPRISE NETWORK NAC (Network Access Control) at Juniper SAs
18. QUESTIONS FOR THE AUDIENCE Do you have mobile security software installed on your device? Has your company suffered a mobile security incident? Does your company have an official security policy for mobile devices?