Download as PDF, PPTX
More Related Content
Mobile Security & Analytics: What Works and What Doesn't
- 1. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 1 Hadi Nahari, Chief Security Architect, NVIDIA Varun Kohli, Vice President, Skycure September, 2015 MOBILE SECURITY & ANALYTICS: WHAT WORKS & WHAT DOESN'T
- 2. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 2 Meet$Your$Speakers$ Hadi$Nahari$ Chief$Security$Architect,$$ Mobile$and$So<ware$Pla?orms$ NVIDIA$ Varun$Kohli$ VP$of$MarkeEng$ Skycure$
- 3. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 3 Quick$Housekeeping$ • Q&A$panel$is$available$if$you$have$any$quesEons$ • There$will$be$Eme$for$Q&A$at$the$end$$ • We$are$recording$this$webinar$for$future$viewing$ • All$aMendees$will$receive$a$copy$of$slides/recording$ Join$the$discussion$using$#mobilethreatdefense$hashtag$on$TwiMer$$
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14. Mo2va2on' • More'connected'devices'!'more'value'!'added'risk' • Security'posture'hasn’t'magically'just'improved' – In'many'cases'in'fact'it'has'regressed' • Heterogeneous'security'paradigms' – Device_end'data'is'processed'out'of'band' – Dubious'infrastructure'security'posture' 12'COPYRIGHT'2015,'Hadi'Nahari'
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44. Pre'IoT/Big'Data' 42' service provider (SP) hi,I’m Eva! (eva, password123*) is there a match? (eva, password123) ! match: issue a token ! no match: deny access (if match, respond:) “hi Eva! here’s your token:” … observations (eva, password123) × COPYRIGHT'2015,'Hadi'Nahari'
- 45. IoT'/'Big'Data'Era' 43' service provider 123456 password 12345678 qwerty abc123 (on avg.only five passwords per 40 online accounts per user) Where to store token(s)??? COPYRIGHT'2015,'Hadi'Nahari'
- 46.
- 47. Ac2ons' • IDENTIFY'the'security%assets'in'your'system' – Anything'that'would'be'of'any'value'to'hackers'' • DEVISE'aaacks' – Think'like'a'hacker' – Think'of'ways'to'obtain'illegal'access'to'security'assets' • PRIORITIZE$ – Assign'levels'(e.g.'1_5)'to'aaacks'and'assets' – High_priority'asset'suscep2ble'to'easy'aaack'gets'higher'priority' • PROTECT$ – Think'of'making'hackers’'life'difficult' – Consult'with'security'professionals' • ITERATE$ – Hackers'learn'(and'they’re'good'at'it.)'Security'is'always'work_in_progress' 45'COPYRIGHT'2015,'Hadi'Nahari'
- 48. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 16 Ac#ons'(Cont.)' 1. IDENTIFY the security assets in your system – Anything that would be of any value to hackers 2. DEVISE attacks – Think like a hacker – Think of ways to obtain illegal access to security assets 3. PRIORITIZE – Assign levels (e.g.1-5) to attacks and assets – High-priority asset susceptible to easy attack gets higher priority 4. PROTECT – Think of making hackers’ life difficult – Consult with security professionals 5. ITERATE – Hackers learn (and they’re good at it.) Security is always work-in- progress
- 49. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 17 1.'Iden#fy' • Assets + Attacks • How many mobile device in your org experienced a threat in the last month? - What types of threats? - Where did they come from? - Who was attacked the most? - What was the impact?
- 50. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 18 2.'Devise'A7acks' • Have you been breached? 92% of users click on “Continue” compromising their Exchange identity (username and password) Continue 92% Cancel 8% Source:'Skycure'Threat'Intelligence'
- 51. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 19 3.'Priori#ze'
- 52. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 20 4.'Protect'F>'Proac#vely'Protect' “Waze” of Mobile Security • “How do you know if the network you connect to is real or fake?” • “What about the app you just downloaded? Free? Repackaged? Malicious?
- 53. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 21 5.'Iterate'
- 54. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 22 Skycure'–'Solu#on'Overview' • Policy creation and enforcement • Reporting and compliance • Flexible deployment • Enterprise integrations • 24x7 detection and protection • Network, device and app analysis • Seamless experience • Multi platform – iOS & Android Employee IT Team Mobile Threat Intelligence • Millions of tests per month • 500K+ networks and apps analyzed • Zero-day threats • Predictive Security
- 55. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 23 h7ps://maps.skycure.com' RealFTime'Threat'Intelligence' 100K+'Global'Threats'Iden#fied'in'2014'
- 56. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 24 Public'Apps'&'Cloud'Service'
- 57. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 25 Summary' • Mobile/IOT is a low hanging fruit for attackers • Mobile security threat landscape - Physical, Network, Malware, Vulnerabilities • Recommendations - Focus on visibility as a baseline to security - Be proactive. Reactive is often too little too late - Security solutions for personal and business needs
- 58. Title of PresentationDD/MM/YYYY© 2015 Skycure Ltd. 26 Next'Steps' Request a FREE 30 Day Trial! sales@skycure.com, Phone: 1-800-650-4821 https://www.skycure.com/trial https://blog.skycure.com @hadinahari, @SkycureSecurity, @vk_is https://www.linkedin.com/company/skycure