Contenu connexe Similaire à Symantec Mobile Security Webinar (20) Symantec Mobile Security Webinar1. How to Effectively Secure Hundreds
of Thousands of Mobile Devices
Brian Duckering
Enterprise Mobile
Security Specialist
Symantec
2. Copyright © 2019 Symantec Corporation 2
Agenda
Mobile IntroducesRisk To Enterprises
How to EffectivelyImplement MobileSecurity
Symantec Recommends…
1
2
3
3. Copyright © 2019 Symantec Corporation 3
Mobile Devices Represent One of the
Largest Security Gaps in Any Enterprise
C O NNECT ED 24/ 7 TARG E T ED
SE C O ND FAC TOR
LAC K O F C AUT ION
O UT O F D AT E RISK Y AP P S
• 55% o f ema i l i s fi rst o p ened o n mo b i l e d evi ces
• 57% o f gl o b a l w eb t ra ffic o ri gi nated fro m mo b i l e d evi ces
• 64% o f G o o gl e sea rch cl i ck s o ri gi nat ed fro m mo b i l e d evi ces
• Mo b i l e u sers a re 3X mo re l i kel y t o su b mit l o gi n i n fo t o p h i sh ing si t es t h a n d esktop u sers
4. Copyright © 2019 Symantec Corporation 4
Mobile Breaches Lead To
Corporate Breaches
A careless mobile user can put your company in the news
SMS
Phishing
Device
compromise
Stolen
credentials
Third-party
access
(mission
critical apps)
Major
corporate
breach
… and the original mobile attack won’t get the blame.
5. Copyright © 2019 Symantec Corporation 5
Build A Mobile Security Program
...Not Just Deploy A Tool
Build the long-term strategy
Get executive support
Define policies and procedures
Find the right technology
6. Copyright © 2019 Symantec Corporation 6
Considerations To Gain Support
And Increase User Acceptance Rates
Help users
understand
why
Designate
internal
champions
What this
means to
users
Help legal and
compliance
teams
understand
7. Copyright © 2019 Symantec Corporation 7
Secure Managed And
Unmanaged Devices
Deploy through
phased rollout or
targetedgroup
Understand
managed
vs unmanaged
Educate the userbase
through notifications
Only secure devices
are connecting
to applications
8. Copyright © 2019 Symantec Corporation 8
Behavior Inspection
Define corporate policies for managed devices
Define a process to handle the incoming events
Enable mobile application whitelisting policy
Feedback to users around insecure / unwanted applications
9. Copyright © 2019 Symantec Corporation 9
Real-time Prevention And Detection
Build toward the goal of enforcement,
not just detection
Integrate with existing tools
to make use of the data
Create key performance indicators and
other metrics to measure success
10. Copyright © 2019 Symantec Corporation 10
The Right Resources
Operate the solution
with the right skillsets
depending on your
organization’s objectives
Integrate the tool
into the existing
security incident
response processes
Train the team
to understand their
limits depending on
geography
11. Copyright © 2019 Symantec Corporation 11
• Phishing
• Risky websites
• Malicious insider
Social engineering
attacks can be very
convincing
• Man in the Middle
• TLS downgrade
• Fake corp Wi-Fi
40% of devices
exposed every
quarter*
• Pegasus
• Data leakage
• HospitalGown
Malicious
Unwanted
Vulnerable
• Malicious Profiles
• App-in-the-Middle
• Bluetooth Attacks
Can also be
persistent (“iOS
Trustjacking”)
Mobile Threats
NETWORK
APPS
DEVICE
Sideload
MOBILEATTACKVECTORS
USER
AT RISK
Information
Stored on and
accessed from
the device
Credentials
Corporate,
app and cloud
Activities
Audio,video,GPS,
communications,
etc.
Mobile
App Stores
12. Copyright © 2019 Symantec Corporation 12
Symantec Endpoint Protection
Mobile Overview
Symantec holds over 170 patents in mobile security alone.
Public App
Proactive detection and defense
• Simple deployment &
maintenance
• Ensured privacy
• Minimal footprint
Cloud Server
Console, Secondary analysis,
Artificial Intelligence
• Risk/compliance visibility
• Advanced security
• Automation & integration
• Risk benchmarking
Threat Intelligence
Largest Civilian Threat Database
• Integrated Global
Intelligence Network
• 1000 Cyber Warriors
Most Cyber DefenseIntegrations
• Web filtering • SEP
• CASB • EMM/MDM
• DLP • SIEM
• 175 M Endpoints
• 8 B Daily Security Requests
13. Copyright © 2019 Symantec Corporation 13
Sample of Protected Customers
Large Managed Healthcare Company
460 Instances of credentials/data
protectedonhigh risk networks
701 Total malware infections detected &
protected against
23.97 High risk vulnerabilities detected &
protected against per-device
6-month time period
Major EMEA Utility Company
41 Fully compromiseddevices
333 High risk malware detectedandprotected
against
559 High risk incidents detectedandprotected
against
4-month time period
Large Beverage Distributor
31,789 Vulnerabilities addressed
141,100 High & medium network threats detected&
protectedagainst
1264 High & medium severity malware detected&
protectedagainst
10-month time period
Top 5 Bank
508,305 High & medium network threats detected&
protectedagainst
3791 High and medium risk malware detectedand
protectedagainst
4889 High risk incidents detectedandprotected
against
6-month time period
14. Copyright © 2019 Symantec Corporation 14
Symantec Endpoint Security Family
SEP Family Provides the Most Complete Endpoint Security in the Industry
Traditional Endpoints:
SEP and EDR
• Single agentfor multi-layered protectionand
Endpoint Detection & Response (EDR)
• High efficacy with low false positives
• Detect,investigate,and remediate suspicious
activities acrossall endpoints
• Scalable and flexible architecture
Mobile Endpoints:
SEP Mobile – Mobile Threat Defense
• ProtectBYOD and corporatemanagedmobile
devices
• Predictive technology with high efficacy
• Productiveand unobtrusive to enable seamless
mobile experience
• Scalable and effortless deployment
15. Copyright © 2019 Symantec Corporation 15
Holistic, Layered
Mobile Security
On-Device
Protection
Unparalleled
Mobile Research
(9 high severity
discoveries)
Public App
Crowd-sourced
Threat
Intelligence
“SEP Mobile provides advancedon-
device protectionand enforcement
techniques withnodependency on EMM
integration— criticalfor covering all
customers'endpoints.”
- IDC MarketScape:WorldwideMobile
ThreatManagementSoftware2018-2019
Vendor Assessment
Competitor 1
Competitor 2
“[SEP Mobile]has identifiednumerous
malware instances inthe past,whenother
solutions simply did not detect anythreats
on the device.”
Full capabilities on both iOS & Android with or
without EMM/MDM
SEP Mobile Market Leadership
16. Copyright © 2019 Symantec Corporation 16
Free Assessment and Demo
Risk analysis of apps installed
in your organization
• Objective – Evaluate your risk
exposure due to mobile apps
• Automated – Send EMM logs
and receive a detailed report
• Report Includes
• Unwanted apps
• Risky apps
• Compliance violations
• Malware
Onsite Mobile Threat Day
We demonstrate risk
exposure and protection
• Objective – Full review about
mobile attack surface
• Attendees – Your leadership in mobile
security
• Agenda
• Hacking Demos
• Actionable Threat Intelligence
• Assess current situation
• Discuss how to improve ROI using
existing solutions and policies
App Threat Assessment