Telekom Fachkongress Magenta Security 2016

13:45 Uhr

How to Instantly Gather Mobile Threat Intelligence for Your Digital Business Shridhar Mittal

Srini Murty

CEO

GM Telecom

By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud bypassing enterprise security controls. By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk.

Gartner, Special Report: Cybersecurity at the Speed of Digital Business, Paul E. Proctor, Ray Wagner, August 30, 2016

Have we adopted a position concerning the acceptable risk posture of mobile devices, and can we enforce it? Do we know if threats are being perpetrated on our employees’ mobile devices today? Have we performed an assessment of all potential risks associated with our mobile apps?

Global Threat Analysis Report

Over 3800 Critical* threats in 7 days • 63% of threats were network based

Threat Distribution

• 36% were App based App Based 36%

App Based Device Based

Network Based 63%

Network Based Device Based 1%

# of Threats 1% 1% 2% 36%

35%

23% 0%

2%

• >1000 devices involved across 86 unique networks Top 4 Threats • Suspicious Apps (36%) • Fake SSLs (35%) • SSL Strip (23%) • ARP/ICMP MITM (4%) # of Devices

ARP MITM Fake SSL certificate MITM ICMP Redirect MITM Rogue Access Point

Grand Total Traffic Tampering System Tampering Suspicious Android App SSL Strip Rogue Access Point ICMP Redirect MITM Fake SSL certificate MITM ARP MITM

1066 15 13 514 114 6 18

362 24

go.zimperium.com/analysts

950+M Devices affected 850M Still Vulnerable

Monthly Security Updates

iOS 7 – Sept, 2013 System Tampering Elevation of Privilege < iOS 9.3.5

400 350 300 250 Android iOS

200 150 100 50 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

Mike Burgess CISO, Telstra A mobile & cloud first approach is fast being adopted by many companies including Telstra and unfortunately like all good things there is a potential down side with the criminals also adopting this trend… We are confident Zimperium will continue to successfully detect attacks against our mobile users.

14:30 Uhr

Maximaler Schutz der „Second economy“ mit einer offenen Sicherheitsarchitektur Christian Heinrichs Director Pre-Sales Central Europe

​Maximaler Schutz durch eine offene Sicherheitsarchitektur Christian Heinrichs Director Presales Central Europe

.

Intel Corporation

There are 316 new threats every minute, or more than 5 every second.

Source: McAfee Labs, Q3 2016 Intel Corporation

.

McAfee Labs 2017 Threats Predictions

Ransomware 2016 – The year of ransomware

Total ransomware has grown 80% in 2016. .

Intel Corporation

39

McAfee Labs 2017 Threats Predictions

Cloud Threats, Regulations, and Vendor Responses Trust in the cloud will increase, leading to more sensitive data and processing in the cloud, leading to more interest in attacking the cloud.

1.

The Economist Intelligence Unit, 2016. Trust in Cloud Technology and Business Performance

2.

Forrester, September, 2016. The Public Cloud Services Market Will Grow Rapidly To $236 Billion In 2020

3.

Akamai′s [state of the internet] / security Q2 2016 report

.

Intel Corporation

40

Protecting Trust in the 2nd Economy Protect the Digital Architecture of the Second Economy with an Open Security Architecture Our conventional money economy now depends on vulnerable digital systems that constitute a “second economy”. This technological and social realm—where currencies of trust, time, and treasure are traded—is assailed by criminal aggressors seeking profit, principle, or province. Today’s hyper-connected always-on world is built on trust, once trust is lost it’s not easy recaptured. This race is a must win for those who endeavor to lead and thrive in an evershifting environment. The effectiveness of security solutions is increasingly measured by the business outcomes they enable.

Why are your security tools not part of a security architecture and leverage the intelligence of all components? .

Intel Corporation

​Challenges Facing Today’s Security Industry & Customers .

Intel Corporation

Fundamental Shifts in Our Digital World An increasingly complex digital expanse

Dispersed Users

Device & Data Proliferation

Mobile | Remote | Corporate

- Billions of Devices - Zettabytes of Data - Internet of Things

Cloud

‘Other People’s Computers’

Bring Your Own ‘Whatever’

BYOD Shadow IT Consumerization

Organizations must innovate, operate, and grow with confidence .

Intel Corporation

43

Reaching Critical Mass Security teams are overwhelmed by manually intensive solutions Collect | Normalize | Enrich | Correlate

43% of software

Data Sources logs | network | object | endpoint|

!

investments are not delivering promised value, equating to

!

$100B of

!

Threat Intelligence organizational | community | global

Security Consoles

! !

!

enterprise IT spend

vendor x | vendor y | vendor z Gartner

.

Intel Corporation

44

Cybersecurity's Labor Shortage Epidemic Not enough gray-matter for a manual solution

62% of organizations are currently understaffed*

Majority of positions take

3-6 months to fill, and 10% are never filled*

* State of Cybersecurity: Implications for 2015 - ISACA ** The 2015 (ISC)2 Global Information Workforce Study - Extrapolation Intel Corporation

2Million shortfall of qualified professionals by 2020**

.

45

Architecture? Standards? The Typical Enterprise Security “Architecture” is Unsustainable ROAMING USER

MANAGEMENT AND ANALYTICS Mgmt

SIEM

TRADITIONAL DATA CENTER Firewall

Email

IPS

Firewall

PRIVATE CLOUD BRANCH OFFICE

Firewall

PUBLIC CLOUD IPS

CAMPUS OFFICE

NETWORK Web

Firewall

SAAS SERVICES IPS

46

McAfee Labs 2017 Threats Predictions

Physical and cyber industries Physical and cyber security industries join forces Physical security

Cyber security

.

Intel Corporation

McAfee Labs 2017 Threats Predictions

Physical and cyber industries Physical and cyber security industries join forces 2017 predictions • We will see the physical and cyber security industries work collectively to create more comprehensive and cohesive security solutions: 1. The physical and cyber security industries will join forces and harden security products from digital threats. 2. Consumers will become upset about cyber attacks on physical devices that undermine their security, safety, and privacy. They will demand a cohesive security experience or look to other vendors and suppliers. 3. Cyber security solution providers will service and support physical security vendors by offering new software, platforms, and architectures for integration. 4. Physical security conferences will expand to include cyber security topics, experts, and vendors. .

Intel Corporation

McAfee Labs 2017 Threats Predictions

Threat intelligence sharing Threat intelligence sharing makes great strides

2015 – Cybersecurity Information Sharing Act

2016 – ISAO Standards Organization

2017 – Threat intelligence sharing platforms

2017 – ISAO communities

.

Intel Corporation

49

Threat Intelligence Exchange (TIE) Adapt and Immunize—From Encounter to Containment in Milliseconds

Adaptive security improves anti-malware protection

McAfee Global Threat Intelligence

McAfee ATD Sandbox

McAfee TIE Server

• Better analysis of the grey • Crowd-source reputations from your own environment • Manage risk tolerance across departments / system types

Actionable intelligence

3rd Party Feeds YES

NO

• Early awareness of first occurrence flags attacks as they begin • Know who may be / was compromised when certificate or file reputation changes

Data Exchange Layer

McAfee ePO

McAfee ESM SIEM

Endpoint

Endpoint .

Intel Corporation

50

Threat Intelligence Exchange (TIE) Adapt and Immunize—From Encounter to Containment in Milliseconds IPS McAfee Global Threat Intelligence

McAfee TIE Server

Web Gateway

McAfee ATD Sandbox

3rd Party Feeds

Data Exchange Layer

McAfee ePO

McAfee ESM SIEM

Endpoint

Endpoint .

Intel Corporation

51

Instant Protection Across the Enterprise Gateways block access based on endpoint convictions IPS McAfee Global Threat Intelligence

McAfee TIE Server

Web Gateway

McAfee ATD Sandbox

3rd Party Feeds

Proactively and efficiently protect your organization as soon as a threat is revealed

Data Exchange Layer

McAfee ePO

McAfee ESM SIEM

Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products

Endpoint

Endpoint .

Intel Corporation

52

Data Exchange Layer - DXL Share Threat Intelligence across the entire Security Architecture

.

Intel Corporation

53

DXL History Why DXL? •

Silos of disparate technologies, vendors, and in-house applications complicate operations



Point-to-point integrations are time consuming to build and difficult to maintain



Integrations depend on vendor effort



Traditional polling and scheduled data publishing models add time to each transaction.



Apps can’t get the context they need and take action as quickly as is necessary for efficient operations.

API-BASED INTEGRATIONS

COLLABORATIVE ECOSYSTEM

vs. .

Intel Corporation

54

DXL is…

OPEN DXL is a bi-directional, open communication platform connecting your security solutions into a single ecosystem.

INTEGRATED DXL provides a standardized communication layer for all products, regardless of their underlying proprietary architecture.

SIMPLE DXL dramatically simplifies integrations with a one-time setup, while encouraging open vendor participation.

FAST With this increased speed, agility, and scalability you strengthen the foundation for threat detection and response across the IT landscape.

Security Information Application Framework

.

Intel Corporation

55

DXL is Going Open – Get started now! Crawl, Walk, Run! The Data Exchange Layer (DXL) application framework was designed to be open

Intel Security Focus 2014

• • • •

SIA Partner Q2 2015

Customers Focus 2016 beta SDK

Competitors 1H 2017 final SDK

November 2016 - Open DXL SDK and Community on github.com/opendxl Released royalty free under an Apache 2.0 license All code, wrappers and scripts from FOCUS demo published Tell your vendors to integrate (or do it yourself) – the power is now in your hands  .

Intel Corporation

Phase 1: Intel Security McAfee Products DXL was initially used solely by McAfee products (“Security Connected”). • McAfee Endpoint Security (ENS) • McAfee Threat Intelligence Exchange (TIE) • McAfee Active Response (MAR) • McAfee Enterprise Security Manager (SIEM) • McAfee ePolicy Orchestrator (ePO) • McAfee Advanced Threat Defense (ATD Sandbox) • McAfee Web Gateway (MWG) • McAfee Application Control (Whitelisting) • McAfee Network Security Platform (IPS) • McAfee SiteAdvisor (SAE)

• McAfee Data Loss Prevention (DLP) Intel Corporation

Plus •

Intel Internet of Things (IoT) .

57

Phase 2: SIA Partners SIA Partners

Connected Today

In Testing or Development Today

In Design

NEW POC FOCUS 2016

POC FOCUS 2016

NEW

Current as of 10/24/2016 Intel Corporation

.

Phase 3: DXL SDK Beta SDK and Open Source Python client enable your own DXL integrations Customer SDK

Consume Messages Publish Messages New Services



Available Topics: IOC, File Reputation, New Asset Discovery, Threat Event, Vulnerabilities…



Your Own Topics: Trigger events, threat events, orchestration workflows/scripts, user information….



Wrap existing APIs for in-house developed, IT, and competitor apps and expose them to DXL, leverage consistent authentication Entirely new native services (BYO TIE!)

• •

Orchestrate Apps



Sequence single, multiple, or simultaneous actions based on events (scans, remediation, data collection) Integrate with in-house developed, IT, and competitor apps

.

Intel Corporation

59

​Integrated Security To ​Combat Next Generation Threats .

Intel Corporation

McAfee Endpoint Security Platform A framework to share intelligence on the endpoint

Endpoint Security Client Security Management McAfee ePO Agent Threat Prevention

Firewall

Client UI Web Control

TIE

Cloud Endpoint Connector Dynamic App Containment

Real Protect

Future Modules

Common Components Kernel Mode Drivers

.

Intel Corporation

61

McAfee Threat Intelligence Exchange

Instant protection across the enterprise – Integration with Check Point, Aruba, Rapid7 Gateways block access based on endpoint convictions Check Point Firewall McAfee Global Threat Intelligence

3rd Party Feeds

McAfee TIE Server

McAfee IPS

McAfee Web Gateway

McAfee ATD Sandbox

Proactively and efficiently protect your organization as soon as a threat is revealed

Future Data Sources ..

McAfee ePO Intel Corporation

Aruba ClearPass

McAfee ESM SIEM

Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products

Data Exchange Layer

McAfee Active Response EDR

Rapid7 Nexpose

McAfee Client Threat Intelligence Module

IoT .

62

DXL Integration with Check Point, Aruba and Rapid7 Live Demo @ FOCUS 2016

• Check Point detects suspicious traffic • McAfee Active Response query • TIE reputation changed to malicious • McAfee Endpoint Security cleans endpoints • McAfee ePO Tag set for endpoint • Rapid7 scan initiated • Tag endpoints in Aruba to block network access All this. In seconds! With less than 260 lines of code! .

Intel Corporation

63

Intel Security: Integrated Platform Threat Intelligence Exchange

Endpoint Security

McAfee Web Gateway

Network Security Platform

Data Protection

McAfee ePO

Protect

McAfee Enterprise Security Manager (SIEM) McAfee Threat Intelligence Exchange/Data Exchange Layer

McAfee Advanced Threat Defense

McAfee Active Response

McAfee Enterprise Security Manager (SIEM)

McAfee ePO

McAfee Active Response

McAfee ePO

Correct

Detect

McAfee Advanced Threat Defense

3rd Party Solutions

SIA Partners

McAfee Threat Intelligence Exchange/Data Exchange Layer

Custom Integrations

.

Intel Corporation

64

The Value of a Sustainable Defensive Advantage Applied integration, automation, and orchestration

Reduce Complexity

Act Rapidly

Optimize Resources

62% reduction

71% reduction

of technology sprawl*

of manual efforts*

Over 1000% increase in handling capacity*

Resolve more risk, faster and with fewer resources *Internal Benchmark testing applied to Advanced Malware cyber defense capability. Intel Corporation

.

McAfee Resources McAfee Quarterly Threats Report September 2016 www.mcafee.com/us/resources/reports/rp-quarterly-threats-sep-2016.pdf McAfee Threats Predictions Report 2017 www.mcafee.com/us/resources/reports/rp-threats-predictions-2017.pdf Threat Defense Lifecycle www.mcafee.com/us/products/simplify-threat-defense-cycle.aspx Dynamic Endpoint Threat Defense www.mcafee.com/us/solutions/neutralize-threats/dynamic-endpoint-threat-defense.aspx Threat Intelligence Exchange (TIE) & Data Exchange Layer (DXL) www.mcafee.com/us/products/threat-intelligence-exchange.aspx Open DXL www.mcafee.com/dxl https://github.com/opendxl

.

Intel Corporation

66

.

Intel Corporation

15:15 Uhr

Security Intelligence (Services) Duke Golden Strategic Accounts Manager, DACH

IT Sicherheitsevolution: Faktor - Mensch L. Duke Golden Strategic Accounts Manager, DACH 29 November 2016

Wir glauben, dass jeder - von Privatanwender bis hin zu großen Unternehmen und Regierungen - in der Lage sein sollte, das zu schützen, was wichtig ist. Ob es sich um die Privatsphäre, Familie, Finanzen, Kunden, Geschäftserfolg oder kritische Infrastruktur handelt: wir haben es uns zum Ziel gemacht, das alles zu sichern. Eugene Kaspersky, Chairman and CEO, Kaspersky Lab

Was haben alle diese Menschen gemeinsam?

71

Kaspersky Lab | The Power of Protection

1. Alle diese Sicherheitspannen sind auf menschliches Versagen zurückzuverfolgen 2. Die Sicherheitslücken kamen aus allen Ebenen der Organisation 3. Alle Fälle hätten mit erhöhtem Sicherheitsbewusstsein vollständig verhindert oder vermieden werden können 4. IT Sicherheitstheorie und Praxis sind oft nicht synchronisiert

Neue Innovationen…neue Risiken IT-Trends und die Bedrohungen, die sie mit Wir verstehen die globalen sich bringen. Herausforderung: Schutz von Privatsphäre und Daten

Internet der Dinge

Zunehmender Online-Handel Industrie 4.0

Big Data

Fusion von Cyberkriminalität und APTs

Angriffe auf die Lieferkette

Internet der Dinge

Konsumerisierung und Mobilität

Sinkende Kosten für APTs

Bedrohungen für mobile Geräte

Zielgerichtete Angriffe auf Hotelnetzwerke

„Wipers“ und Cybersabotage

Fragmentierung des Internets

Malware für Bankautomaten

ZielgerichteteAngriffe

Online-Banking Online-Banking in in Gefahr Gefahr

Phishing-Angriffeauf Finanzdaten

Cloud und Virtualisierung

Angriffe auf PoS-Terminals

Kommerzialisierung von APTs

Hacktivismus

Erhebliche Datenlecks

Cybersöldner

Bedrohungen für Smart Citys

Ransom wareRansom wareProgram meme Program

Enterprise Sicherheit: Powered by INTELLIGENCE Schutz für eine Vielzahl unterschiedlicher Enterprise-IT-Systeme, z. B. für Endpoints, Rechenzentren, Online-Services und wichtige Infrastrukturen

Endpoint Security

Virtualization Security

Mobile Security

Anti Targeted Attack Platform

DDoS Protection

Security Intelligence Services

Security Solutions for Data Centers

Fraud Prevention

Industrial CyberSecurity

Globale EXPERTISE

1/3

310.000

42

unserer Mitarbeiter sind Forschungs- und Entwicklungsspezialisten

neue schädliche Dateien werden täglich von Kaspersky Lab identifiziert

führende Sicherheitsexperten weltweit: die Besten der Besten aus ca. 20 Länder

Unser internationales Forschungs- und Analyseteam aus Sicherheitsexperten untersucht und bekämpft laufend hoch entwickelte Cyberbedrohungen.

Intelligence Services Maps

Security Intelligence Services

CYBERSECURITY TRAININGS/SCHULUNGEN

SECURITY ASSESSMENT

— Grundlagen der Cybersicherheit

— Penetrationstests

— Digitale Forensik

— Applikationssicherheit Analyse

— Malware-Analyse und Reverse Engineering

THREAT INTELLIGENCE

INVESTIGATION SERVICES

— Feeds mit Bedrohungsinformationen (Data Feeds)

— Malware-Analyse

— Botnet Tracking

— Erkennung gezielter Angriffe

— Intelligence Reporting

— Vorfallsreaktion

— Bedrohungssuche

— Digitale Forensik

Kaspersky Sicherheitstrainings: Schützen Sie Ihr Geschäft

Mitarbeiter OnlineTraining Platform

IT ExpertTrainings • Level 1 Anfänger • Core Security Fundamental • Basic IT Wissen



IT Abteilungsleiter CyberSicherheit Spiele

CxO Ebene Cybersicherheit Kulturbewertung

• •

• Level 2 Mittestufe • Digitalforensik • System Admin Pflicht

• •

• Level 3 Fortgeschritten • Advanced Digitalforensik • System Admin Forgeschritten

• •



Level 1 Anfänger Praktische Maßnahmen Fundamental -Labor Basic IT Wissen Level 2 Mittelstufe Malware-Analyse & Reverse Engineering Programmierer Pflicht Level 3 Forgeschritten Advanced Malware Analysis & Reverse Engineering

Der Intelligenzgesteuerte Ansatz um gezielte Angriffe und Advanced Persistent Threats zu bekämpfen

PREDICT

PREVENT

—Potenzielle Sicherheitslücke analysieren

—Sicherheitsrisiko minimieren

—Gegenmaßnahmen anpassen

—Training sowie Beratung um präventiven IT Sicherheitsstrategien zu verwenden und optimieren

— Wenn nicht vorhanden, SOC grunden

— Erhöhung von Sicherheitsbewusstsein

Global Threat Intelligence Powered by Kaspersky

RESPOND

DETECT

—Fallanalyse

— Fallentdeckung

—Notmaßnahmen um Schaden zu minimieren (CERT usw.)

—Quellenverfolgung — Kernanalyse

MSA Fahren Sie los

Ende zu Ende Maintenance Services Agreement

MSA Start

MSA Plus

MSA Business

MSA Enterprise

— 6 Vorfälle

— 12 Vorfälle

— 36 Vorfälle

— Unbegrenzte Anzahl an Vorfällen

— 8 Arbeitsstunden Reaktionszeit

— 6 Arbeitsstunden Reaktionszeit

— 4 Stunden Reaktionszeit

— 30 Minuten Reaktionszeit

— 8x5 priorisierte Telefonleitung

— 8x5 priorisierte Telefonleitung

— Priorisierte Telefonleitung rund um die Uhr für geschäftskritische Vorfälle

— 8x5 priorisierte Telefonleitung (rund um die Uhr für Schweregrad 1 und 2)

— Technical Account Manager

— Reaktionsschnelle Services: Health Check, vierteljährliches Reporting

— Eigener Technical Account Manager

Cyberkriminalitätsbekämpfung auf der höchsten Ebene

81

Kaspersky Industrial CyberSecurity - KICS KICS Solutions

Post-Sale Support & Services

Endpoint, Netzwerk, Embedded

Technical Support, Emergent Response, Regular Maintenance

Professionelle Dienstleistungen für Behörden Beratung, Incident Response & Forensik, Standard & Sicherheitsvoraussetzungen

Professionelle Dienstleistungen für Forschung, Beratung, System Architektur, Lieferanten Sicherheitsanalyse, gesicherte Architekture/Design 82

Professionelle Dienstleistungen für Kunden sowie Partner Trainings, Cyberintelligenz, Vorfallsreaktion & Forensik, Managed Defense, Security Gap Assessment, Penetration Testing

Kaspersky Private Security Network Zugriff auf 20+ Jahre Erfahrung per Knopfdruck

Das Collingridge-Dilemma

SicherheitsRisiko

Innovation „Jeden Tag muss ich bewusst einen viel zu hohen IT-Sicherheitsrisikofaktor akzeptieren, weil unsere IT Leute mit der Vielfalt von Business Innovationen einfach überfordert sind!“ Executive Vice President, Internationale Logistikfirma Kaspersky Lab | The Power of Protection 84

Globale Präsenz

200

Länder

34

Regionale Standorte

Nordamerika

Europa

Asien

Österreich Dänemark Frankreich Deutschland Israel Italien Niederlande Poland Portugal Rumänien Rußland (HQ) Spanien Schweiz UK Ukraine

China Indien Hong Kong Japan Kasachstan Malaysia Südkorea Singapur Turkei UAE

Kanada Mexiko USA

Südamerika Brasilien

Afrika Südafrika

85

Geography / Map

Australien

Fragen? L. Duke Golden Strategic Accounts Manager, DACH Kaspersky Lab GmbH Pariser Platz 4a 10117 Berlin

https://de.linkedin.com/in/dukegolden https://www.xing.com/profile/Duke_Golden [email protected] M: +49 (0)151 544 393 09

Telekom Fachkongress Magenta Security 2016

BREAkOUT SESSIONS

TAG 2

Telekom Fachkongress Magenta Security 2016

11:40 Uhr

CYBER DEFENSE: AUF VERLORENEM POSTEN? Dirk Loss Product Owner

12:25 Uhr

Mobile Protect Pro Shridhar Mittal

Srini Murty

CEO

GM Telecom

By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud bypassing enterprise security controls.

By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk.

Gartner, Special Report: Cybersecurity at the Speed of Digital Business, Paul E. Proctor, Ray Wagner, August 30, 2016

Mobility: what is the threat?

Enterprise Mobility: Device OS attacks

400 350 300 250 Android iOS

200 150 100 50 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

950+M Devices affected

850M Still Vulnerable Monthly Security Updates

iOS 7 – Sept, 2013 System Tampering Elevation of Privilege < iOS 9.3.5

MOBILE PROTECT Pro Mobile working, worldwide – without risk

 always online

 Wi-Fi at hotel, airport, cafe, fare  access to company data, server, backbone  charging devices and stations

MOBILE PROTECT Pro app-based protection for mobile devices

MOBILE PROTECT Pro app-based Protection for Mobile devices zCONSOLE

zIPS App

IT-Integrations-Service Optional

Function:

Function:

Function:

 Monitoring overaall company threats  Management security profile

 Protect individual devices  Information for countermeasures

 Connection to MDM/EMM  Definition specific security profiles

Mobile Protect PRO protects your Smartphone 360° Network Attack Detection

powered by

Root-/Jailbreak-Detection

zConsole Policies

with MDM/EMM

Reporting and forensics

MobileIron, AirWatch

App Scanning

Anomaly Detection e.g. OS / Kernel Exploitation, Profile/Configuration Modification

zConsole: reporting and policies central management platform provides policy and risk management 

 combination with SIEM possible  comprehensive reporting and compliance analysis  basis for forensic threat prevention and analysis  configurable data privacy

powered by

Mobile Protect Pro Email and Content Security (MCM), Application Delivery, Security & Policy, Containers (MAM)

OS Management and Control (MDM)

Apps Drivers & Libraries

Systems Services

Jailbreak & Rooting Detection

Browser, Email, Attachments, SMS

Malware, Adware, mRAT Network Attacks (Recon, MITM, SSL Strip Rogue AP, Rogue Cell Tower), Physical Attacks (USB, Bluetooth, NFC), Stagefright

Kernel

Exploits, Privilege Elevation, Chained Attacks 145

example: Arp Scan WIFI message for the user Network Scan

powered by

Mobile Protect Pro: Trial Conditions  usable for Android 4.0 and iOS 8.0 or higher, worldwide usage  support through DTAG

 verified criteria for success factors, possibly workshop  trial start now

powered by

Global Threat Analysis Report

Over 3800 Critical* threats in 7 days • 63% of threats were network based

Threat Distribution

• 36% were App based App Based 36%

App Based Device Based

Network Based 63%

Network Based Device Based 1%

# of Threats 1% 1% 2% 36%

35%

23% 0%

2%

• >1000 devices involved across 86 unique networks Top 4 Threats • Suspicious Apps (36%) • Fake SSLs (35%) • SSL Strip (23%) • ARP/ICMP MITM (4%) # of Devices

ARP MITM Fake SSL certificate MITM ICMP Redirect MITM Rogue Access Point

Grand Total Traffic Tampering System Tampering Suspicious Android App SSL Strip Rogue Access Point ICMP Redirect MITM Fake SSL certificate MITM ARP MITM

1066 15 13 514 114 6 18

362 24

Telekom Fachkongress Magenta Security 2016