Telekom Fachkongress Magenta Security 2016
13:45 Uhr
How to Instantly Gather Mobile Threat Intelligence for Your Digital Business Shridhar Mittal
Srini Murty
CEO
GM Telecom
By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud bypassing enterprise security controls. By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk.
Gartner, Special Report: Cybersecurity at the Speed of Digital Business, Paul E. Proctor, Ray Wagner, August 30, 2016
Have we adopted a position concerning the acceptable risk posture of mobile devices, and can we enforce it? Do we know if threats are being perpetrated on our employees’ mobile devices today? Have we performed an assessment of all potential risks associated with our mobile apps?
Global Threat Analysis Report
Over 3800 Critical* threats in 7 days • 63% of threats were network based
Threat Distribution
• 36% were App based App Based 36%
App Based Device Based
Network Based 63%
Network Based Device Based 1%
# of Threats 1% 1% 2% 36%
35%
23% 0%
2%
• >1000 devices involved across 86 unique networks Top 4 Threats • Suspicious Apps (36%) • Fake SSLs (35%) • SSL Strip (23%) • ARP/ICMP MITM (4%) # of Devices
ARP MITM Fake SSL certificate MITM ICMP Redirect MITM Rogue Access Point
Grand Total Traffic Tampering System Tampering Suspicious Android App SSL Strip Rogue Access Point ICMP Redirect MITM Fake SSL certificate MITM ARP MITM
1066 15 13 514 114 6 18
362 24
go.zimperium.com/analysts
950+M Devices affected 850M Still Vulnerable
Monthly Security Updates
iOS 7 – Sept, 2013 System Tampering Elevation of Privilege < iOS 9.3.5
400 350 300 250 Android iOS
200 150 100 50 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Mike Burgess CISO, Telstra A mobile & cloud first approach is fast being adopted by many companies including Telstra and unfortunately like all good things there is a potential down side with the criminals also adopting this trend… We are confident Zimperium will continue to successfully detect attacks against our mobile users.
14:30 Uhr
Maximaler Schutz der „Second economy“ mit einer offenen Sicherheitsarchitektur Christian Heinrichs Director Pre-Sales Central Europe
Maximaler Schutz durch eine offene Sicherheitsarchitektur Christian Heinrichs Director Presales Central Europe
.
Intel Corporation
There are 316 new threats every minute, or more than 5 every second.
Source: McAfee Labs, Q3 2016 Intel Corporation
.
McAfee Labs 2017 Threats Predictions
Ransomware 2016 – The year of ransomware
Total ransomware has grown 80% in 2016. .
Intel Corporation
39
McAfee Labs 2017 Threats Predictions
Cloud Threats, Regulations, and Vendor Responses Trust in the cloud will increase, leading to more sensitive data and processing in the cloud, leading to more interest in attacking the cloud.
1.
The Economist Intelligence Unit, 2016. Trust in Cloud Technology and Business Performance
2.
Forrester, September, 2016. The Public Cloud Services Market Will Grow Rapidly To $236 Billion In 2020
3.
Akamai′s [state of the internet] / security Q2 2016 report
.
Intel Corporation
40
Protecting Trust in the 2nd Economy Protect the Digital Architecture of the Second Economy with an Open Security Architecture Our conventional money economy now depends on vulnerable digital systems that constitute a “second economy”. This technological and social realm—where currencies of trust, time, and treasure are traded—is assailed by criminal aggressors seeking profit, principle, or province. Today’s hyper-connected always-on world is built on trust, once trust is lost it’s not easy recaptured. This race is a must win for those who endeavor to lead and thrive in an evershifting environment. The effectiveness of security solutions is increasingly measured by the business outcomes they enable.
Why are your security tools not part of a security architecture and leverage the intelligence of all components? .
Intel Corporation
Challenges Facing Today’s Security Industry & Customers .
Intel Corporation
Fundamental Shifts in Our Digital World An increasingly complex digital expanse
Dispersed Users
Device & Data Proliferation
Mobile | Remote | Corporate
- Billions of Devices - Zettabytes of Data - Internet of Things
Cloud
‘Other People’s Computers’
Bring Your Own ‘Whatever’
BYOD Shadow IT Consumerization
Organizations must innovate, operate, and grow with confidence .
Intel Corporation
43
Reaching Critical Mass Security teams are overwhelmed by manually intensive solutions Collect | Normalize | Enrich | Correlate
43% of software
Data Sources logs | network | object | endpoint|
!
investments are not delivering promised value, equating to
!
$100B of
!
Threat Intelligence organizational | community | global
Security Consoles
! !
!
enterprise IT spend
vendor x | vendor y | vendor z Gartner
.
Intel Corporation
44
Cybersecurity's Labor Shortage Epidemic Not enough gray-matter for a manual solution
62% of organizations are currently understaffed*
Majority of positions take
3-6 months to fill, and 10% are never filled*
* State of Cybersecurity: Implications for 2015 - ISACA ** The 2015 (ISC)2 Global Information Workforce Study - Extrapolation Intel Corporation
2Million shortfall of qualified professionals by 2020**
.
45
Architecture? Standards? The Typical Enterprise Security “Architecture” is Unsustainable ROAMING USER
MANAGEMENT AND ANALYTICS Mgmt
SIEM
TRADITIONAL DATA CENTER Firewall
Email
IPS
Firewall
PRIVATE CLOUD BRANCH OFFICE
Firewall
PUBLIC CLOUD IPS
CAMPUS OFFICE
NETWORK Web
Firewall
SAAS SERVICES IPS
46
McAfee Labs 2017 Threats Predictions
Physical and cyber industries Physical and cyber security industries join forces Physical security
Cyber security
.
Intel Corporation
McAfee Labs 2017 Threats Predictions
Physical and cyber industries Physical and cyber security industries join forces 2017 predictions • We will see the physical and cyber security industries work collectively to create more comprehensive and cohesive security solutions: 1. The physical and cyber security industries will join forces and harden security products from digital threats. 2. Consumers will become upset about cyber attacks on physical devices that undermine their security, safety, and privacy. They will demand a cohesive security experience or look to other vendors and suppliers. 3. Cyber security solution providers will service and support physical security vendors by offering new software, platforms, and architectures for integration. 4. Physical security conferences will expand to include cyber security topics, experts, and vendors. .
Intel Corporation
McAfee Labs 2017 Threats Predictions
Threat intelligence sharing Threat intelligence sharing makes great strides
2015 – Cybersecurity Information Sharing Act
2016 – ISAO Standards Organization
2017 – Threat intelligence sharing platforms
2017 – ISAO communities
.
Intel Corporation
49
Threat Intelligence Exchange (TIE) Adapt and Immunize—From Encounter to Containment in Milliseconds
Adaptive security improves anti-malware protection
McAfee Global Threat Intelligence
McAfee ATD Sandbox
McAfee TIE Server
• Better analysis of the grey • Crowd-source reputations from your own environment • Manage risk tolerance across departments / system types
Actionable intelligence
3rd Party Feeds YES
NO
• Early awareness of first occurrence flags attacks as they begin • Know who may be / was compromised when certificate or file reputation changes
Data Exchange Layer
McAfee ePO
McAfee ESM SIEM
Endpoint
Endpoint .
Intel Corporation
50
Threat Intelligence Exchange (TIE) Adapt and Immunize—From Encounter to Containment in Milliseconds IPS McAfee Global Threat Intelligence
McAfee TIE Server
Web Gateway
McAfee ATD Sandbox
3rd Party Feeds
Data Exchange Layer
McAfee ePO
McAfee ESM SIEM
Endpoint
Endpoint .
Intel Corporation
51
Instant Protection Across the Enterprise Gateways block access based on endpoint convictions IPS McAfee Global Threat Intelligence
McAfee TIE Server
Web Gateway
McAfee ATD Sandbox
3rd Party Feeds
Proactively and efficiently protect your organization as soon as a threat is revealed
Data Exchange Layer
McAfee ePO
McAfee ESM SIEM
Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products
Endpoint
Endpoint .
Intel Corporation
52
Data Exchange Layer - DXL Share Threat Intelligence across the entire Security Architecture
.
Intel Corporation
53
DXL History Why DXL? •
Silos of disparate technologies, vendors, and in-house applications complicate operations
•
Point-to-point integrations are time consuming to build and difficult to maintain
•
Integrations depend on vendor effort
•
Traditional polling and scheduled data publishing models add time to each transaction.
•
Apps can’t get the context they need and take action as quickly as is necessary for efficient operations.
API-BASED INTEGRATIONS
COLLABORATIVE ECOSYSTEM
vs. .
Intel Corporation
54
DXL is…
OPEN DXL is a bi-directional, open communication platform connecting your security solutions into a single ecosystem.
INTEGRATED DXL provides a standardized communication layer for all products, regardless of their underlying proprietary architecture.
SIMPLE DXL dramatically simplifies integrations with a one-time setup, while encouraging open vendor participation.
FAST With this increased speed, agility, and scalability you strengthen the foundation for threat detection and response across the IT landscape.
Security Information Application Framework
.
Intel Corporation
55
DXL is Going Open – Get started now! Crawl, Walk, Run! The Data Exchange Layer (DXL) application framework was designed to be open
Intel Security Focus 2014
• • • •
SIA Partner Q2 2015
Customers Focus 2016 beta SDK
Competitors 1H 2017 final SDK
November 2016 - Open DXL SDK and Community on github.com/opendxl Released royalty free under an Apache 2.0 license All code, wrappers and scripts from FOCUS demo published Tell your vendors to integrate (or do it yourself) – the power is now in your hands .
Intel Corporation
Phase 1: Intel Security McAfee Products DXL was initially used solely by McAfee products (“Security Connected”). • McAfee Endpoint Security (ENS) • McAfee Threat Intelligence Exchange (TIE) • McAfee Active Response (MAR) • McAfee Enterprise Security Manager (SIEM) • McAfee ePolicy Orchestrator (ePO) • McAfee Advanced Threat Defense (ATD Sandbox) • McAfee Web Gateway (MWG) • McAfee Application Control (Whitelisting) • McAfee Network Security Platform (IPS) • McAfee SiteAdvisor (SAE)
• McAfee Data Loss Prevention (DLP) Intel Corporation
Plus •
Intel Internet of Things (IoT) .
57
Phase 2: SIA Partners SIA Partners
Connected Today
In Testing or Development Today
In Design
NEW POC FOCUS 2016
POC FOCUS 2016
NEW
Current as of 10/24/2016 Intel Corporation
.
Phase 3: DXL SDK Beta SDK and Open Source Python client enable your own DXL integrations Customer SDK
Consume Messages Publish Messages New Services
•
Available Topics: IOC, File Reputation, New Asset Discovery, Threat Event, Vulnerabilities…
•
Your Own Topics: Trigger events, threat events, orchestration workflows/scripts, user information….
•
Wrap existing APIs for in-house developed, IT, and competitor apps and expose them to DXL, leverage consistent authentication Entirely new native services (BYO TIE!)
• •
Orchestrate Apps
•
Sequence single, multiple, or simultaneous actions based on events (scans, remediation, data collection) Integrate with in-house developed, IT, and competitor apps
.
Intel Corporation
59
Integrated Security To Combat Next Generation Threats .
Intel Corporation
McAfee Endpoint Security Platform A framework to share intelligence on the endpoint
Endpoint Security Client Security Management McAfee ePO Agent Threat Prevention
Firewall
Client UI Web Control
TIE
Cloud Endpoint Connector Dynamic App Containment
Real Protect
Future Modules
Common Components Kernel Mode Drivers
.
Intel Corporation
61
McAfee Threat Intelligence Exchange
Instant protection across the enterprise – Integration with Check Point, Aruba, Rapid7 Gateways block access based on endpoint convictions Check Point Firewall McAfee Global Threat Intelligence
3rd Party Feeds
McAfee TIE Server
McAfee IPS
McAfee Web Gateway
McAfee ATD Sandbox
Proactively and efficiently protect your organization as soon as a threat is revealed
Future Data Sources ..
McAfee ePO Intel Corporation
Aruba ClearPass
McAfee ESM SIEM
Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products
Data Exchange Layer
McAfee Active Response EDR
Rapid7 Nexpose
McAfee Client Threat Intelligence Module
IoT .
62
DXL Integration with Check Point, Aruba and Rapid7 Live Demo @ FOCUS 2016
• Check Point detects suspicious traffic • McAfee Active Response query • TIE reputation changed to malicious • McAfee Endpoint Security cleans endpoints • McAfee ePO Tag set for endpoint • Rapid7 scan initiated • Tag endpoints in Aruba to block network access All this. In seconds! With less than 260 lines of code! .
Intel Corporation
63
Intel Security: Integrated Platform Threat Intelligence Exchange
Endpoint Security
McAfee Web Gateway
Network Security Platform
Data Protection
McAfee ePO
Protect
McAfee Enterprise Security Manager (SIEM) McAfee Threat Intelligence Exchange/Data Exchange Layer
McAfee Advanced Threat Defense
McAfee Active Response
McAfee Enterprise Security Manager (SIEM)
McAfee ePO
McAfee Active Response
McAfee ePO
Correct
Detect
McAfee Advanced Threat Defense
3rd Party Solutions
SIA Partners
McAfee Threat Intelligence Exchange/Data Exchange Layer
Custom Integrations
.
Intel Corporation
64
The Value of a Sustainable Defensive Advantage Applied integration, automation, and orchestration
Reduce Complexity
Act Rapidly
Optimize Resources
62% reduction
71% reduction
of technology sprawl*
of manual efforts*
Over 1000% increase in handling capacity*
Resolve more risk, faster and with fewer resources *Internal Benchmark testing applied to Advanced Malware cyber defense capability. Intel Corporation
.
McAfee Resources McAfee Quarterly Threats Report September 2016 www.mcafee.com/us/resources/reports/rp-quarterly-threats-sep-2016.pdf McAfee Threats Predictions Report 2017 www.mcafee.com/us/resources/reports/rp-threats-predictions-2017.pdf Threat Defense Lifecycle www.mcafee.com/us/products/simplify-threat-defense-cycle.aspx Dynamic Endpoint Threat Defense www.mcafee.com/us/solutions/neutralize-threats/dynamic-endpoint-threat-defense.aspx Threat Intelligence Exchange (TIE) & Data Exchange Layer (DXL) www.mcafee.com/us/products/threat-intelligence-exchange.aspx Open DXL www.mcafee.com/dxl https://github.com/opendxl
.
Intel Corporation
66
.
Intel Corporation
15:15 Uhr
Security Intelligence (Services) Duke Golden Strategic Accounts Manager, DACH
IT Sicherheitsevolution: Faktor - Mensch L. Duke Golden Strategic Accounts Manager, DACH 29 November 2016
Wir glauben, dass jeder - von Privatanwender bis hin zu großen Unternehmen und Regierungen - in der Lage sein sollte, das zu schützen, was wichtig ist. Ob es sich um die Privatsphäre, Familie, Finanzen, Kunden, Geschäftserfolg oder kritische Infrastruktur handelt: wir haben es uns zum Ziel gemacht, das alles zu sichern. Eugene Kaspersky, Chairman and CEO, Kaspersky Lab
Was haben alle diese Menschen gemeinsam?
71
Kaspersky Lab | The Power of Protection
1. Alle diese Sicherheitspannen sind auf menschliches Versagen zurückzuverfolgen 2. Die Sicherheitslücken kamen aus allen Ebenen der Organisation 3. Alle Fälle hätten mit erhöhtem Sicherheitsbewusstsein vollständig verhindert oder vermieden werden können 4. IT Sicherheitstheorie und Praxis sind oft nicht synchronisiert
Neue Innovationen…neue Risiken IT-Trends und die Bedrohungen, die sie mit Wir verstehen die globalen sich bringen. Herausforderung: Schutz von Privatsphäre und Daten
Internet der Dinge
Zunehmender Online-Handel Industrie 4.0
Big Data
Fusion von Cyberkriminalität und APTs
Angriffe auf die Lieferkette
Internet der Dinge
Konsumerisierung und Mobilität
Sinkende Kosten für APTs
Bedrohungen für mobile Geräte
Zielgerichtete Angriffe auf Hotelnetzwerke
„Wipers“ und Cybersabotage
Fragmentierung des Internets
Malware für Bankautomaten
ZielgerichteteAngriffe
Online-Banking Online-Banking in in Gefahr Gefahr
Phishing-Angriffeauf Finanzdaten
Cloud und Virtualisierung
Angriffe auf PoS-Terminals
Kommerzialisierung von APTs
Hacktivismus
Erhebliche Datenlecks
Cybersöldner
Bedrohungen für Smart Citys
Ransom wareRansom wareProgram meme Program
Enterprise Sicherheit: Powered by INTELLIGENCE Schutz für eine Vielzahl unterschiedlicher Enterprise-IT-Systeme, z. B. für Endpoints, Rechenzentren, Online-Services und wichtige Infrastrukturen
Endpoint Security
Virtualization Security
Mobile Security
Anti Targeted Attack Platform
DDoS Protection
Security Intelligence Services
Security Solutions for Data Centers
Fraud Prevention
Industrial CyberSecurity
Globale EXPERTISE
1/3
310.000
42
unserer Mitarbeiter sind Forschungs- und Entwicklungsspezialisten
neue schädliche Dateien werden täglich von Kaspersky Lab identifiziert
führende Sicherheitsexperten weltweit: die Besten der Besten aus ca. 20 Länder
Unser internationales Forschungs- und Analyseteam aus Sicherheitsexperten untersucht und bekämpft laufend hoch entwickelte Cyberbedrohungen.
Intelligence Services Maps
Security Intelligence Services
CYBERSECURITY TRAININGS/SCHULUNGEN
SECURITY ASSESSMENT
— Grundlagen der Cybersicherheit
— Penetrationstests
— Digitale Forensik
— Applikationssicherheit Analyse
— Malware-Analyse und Reverse Engineering
THREAT INTELLIGENCE
INVESTIGATION SERVICES
— Feeds mit Bedrohungsinformationen (Data Feeds)
— Malware-Analyse
— Botnet Tracking
— Erkennung gezielter Angriffe
— Intelligence Reporting
— Vorfallsreaktion
— Bedrohungssuche
— Digitale Forensik
Kaspersky Sicherheitstrainings: Schützen Sie Ihr Geschäft
Mitarbeiter OnlineTraining Platform
IT ExpertTrainings • Level 1 Anfänger • Core Security Fundamental • Basic IT Wissen
•
IT Abteilungsleiter CyberSicherheit Spiele
CxO Ebene Cybersicherheit Kulturbewertung
• •
• Level 2 Mittestufe • Digitalforensik • System Admin Pflicht
• •
• Level 3 Fortgeschritten • Advanced Digitalforensik • System Admin Forgeschritten
• •
•
Level 1 Anfänger Praktische Maßnahmen Fundamental -Labor Basic IT Wissen Level 2 Mittelstufe Malware-Analyse & Reverse Engineering Programmierer Pflicht Level 3 Forgeschritten Advanced Malware Analysis & Reverse Engineering
Der Intelligenzgesteuerte Ansatz um gezielte Angriffe und Advanced Persistent Threats zu bekämpfen
PREDICT
PREVENT
—Potenzielle Sicherheitslücke analysieren
—Sicherheitsrisiko minimieren
—Gegenmaßnahmen anpassen
—Training sowie Beratung um präventiven IT Sicherheitsstrategien zu verwenden und optimieren
— Wenn nicht vorhanden, SOC grunden
— Erhöhung von Sicherheitsbewusstsein
Global Threat Intelligence Powered by Kaspersky
RESPOND
DETECT
—Fallanalyse
— Fallentdeckung
—Notmaßnahmen um Schaden zu minimieren (CERT usw.)
—Quellenverfolgung — Kernanalyse
MSA Fahren Sie los
Ende zu Ende Maintenance Services Agreement
MSA Start
MSA Plus
MSA Business
MSA Enterprise
— 6 Vorfälle
— 12 Vorfälle
— 36 Vorfälle
— Unbegrenzte Anzahl an Vorfällen
— 8 Arbeitsstunden Reaktionszeit
— 6 Arbeitsstunden Reaktionszeit
— 4 Stunden Reaktionszeit
— 30 Minuten Reaktionszeit
— 8x5 priorisierte Telefonleitung
— 8x5 priorisierte Telefonleitung
— Priorisierte Telefonleitung rund um die Uhr für geschäftskritische Vorfälle
— 8x5 priorisierte Telefonleitung (rund um die Uhr für Schweregrad 1 und 2)
— Technical Account Manager
— Reaktionsschnelle Services: Health Check, vierteljährliches Reporting
— Eigener Technical Account Manager
Cyberkriminalitätsbekämpfung auf der höchsten Ebene
81
Kaspersky Industrial CyberSecurity - KICS KICS Solutions
Post-Sale Support & Services
Endpoint, Netzwerk, Embedded
Technical Support, Emergent Response, Regular Maintenance
Professionelle Dienstleistungen für Behörden Beratung, Incident Response & Forensik, Standard & Sicherheitsvoraussetzungen
Professionelle Dienstleistungen für Forschung, Beratung, System Architektur, Lieferanten Sicherheitsanalyse, gesicherte Architekture/Design 82
Professionelle Dienstleistungen für Kunden sowie Partner Trainings, Cyberintelligenz, Vorfallsreaktion & Forensik, Managed Defense, Security Gap Assessment, Penetration Testing
Kaspersky Private Security Network Zugriff auf 20+ Jahre Erfahrung per Knopfdruck
Das Collingridge-Dilemma
SicherheitsRisiko
Innovation „Jeden Tag muss ich bewusst einen viel zu hohen IT-Sicherheitsrisikofaktor akzeptieren, weil unsere IT Leute mit der Vielfalt von Business Innovationen einfach überfordert sind!“ Executive Vice President, Internationale Logistikfirma Kaspersky Lab | The Power of Protection 84
Globale Präsenz
200
Länder
34
Regionale Standorte
Nordamerika
Europa
Asien
Österreich Dänemark Frankreich Deutschland Israel Italien Niederlande Poland Portugal Rumänien Rußland (HQ) Spanien Schweiz UK Ukraine
China Indien Hong Kong Japan Kasachstan Malaysia Südkorea Singapur Turkei UAE
Kanada Mexiko USA
Südamerika Brasilien
Afrika Südafrika
85
Geography / Map
Australien
Fragen? L. Duke Golden Strategic Accounts Manager, DACH Kaspersky Lab GmbH Pariser Platz 4a 10117 Berlin
https://de.linkedin.com/in/dukegolden https://www.xing.com/profile/Duke_Golden
[email protected] M: +49 (0)151 544 393 09
Telekom Fachkongress Magenta Security 2016
BREAkOUT SESSIONS
TAG 2
Telekom Fachkongress Magenta Security 2016
11:40 Uhr
CYBER DEFENSE: AUF VERLORENEM POSTEN? Dirk Loss Product Owner
12:25 Uhr
Mobile Protect Pro Shridhar Mittal
Srini Murty
CEO
GM Telecom
By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud bypassing enterprise security controls.
By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk.
Gartner, Special Report: Cybersecurity at the Speed of Digital Business, Paul E. Proctor, Ray Wagner, August 30, 2016
Mobility: what is the threat?
Enterprise Mobility: Device OS attacks
400 350 300 250 Android iOS
200 150 100 50 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
950+M Devices affected
850M Still Vulnerable Monthly Security Updates
iOS 7 – Sept, 2013 System Tampering Elevation of Privilege < iOS 9.3.5
MOBILE PROTECT Pro Mobile working, worldwide – without risk
always online
Wi-Fi at hotel, airport, cafe, fare access to company data, server, backbone charging devices and stations
MOBILE PROTECT Pro app-based protection for mobile devices
MOBILE PROTECT Pro app-based Protection for Mobile devices zCONSOLE
zIPS App
IT-Integrations-Service Optional
Function:
Function:
Function:
Monitoring overaall company threats Management security profile
Protect individual devices Information for countermeasures
Connection to MDM/EMM Definition specific security profiles
Mobile Protect PRO protects your Smartphone 360° Network Attack Detection
powered by
Root-/Jailbreak-Detection
zConsole Policies
with MDM/EMM
Reporting and forensics
MobileIron, AirWatch
App Scanning
Anomaly Detection e.g. OS / Kernel Exploitation, Profile/Configuration Modification
zConsole: reporting and policies central management platform provides policy and risk management
combination with SIEM possible comprehensive reporting and compliance analysis basis for forensic threat prevention and analysis configurable data privacy
powered by
Mobile Protect Pro Email and Content Security (MCM), Application Delivery, Security & Policy, Containers (MAM)
OS Management and Control (MDM)
Apps Drivers & Libraries
Systems Services
Jailbreak & Rooting Detection
Browser, Email, Attachments, SMS
Malware, Adware, mRAT Network Attacks (Recon, MITM, SSL Strip Rogue AP, Rogue Cell Tower), Physical Attacks (USB, Bluetooth, NFC), Stagefright
Kernel
Exploits, Privilege Elevation, Chained Attacks 145
example: Arp Scan WIFI message for the user Network Scan
powered by
Mobile Protect Pro: Trial Conditions usable for Android 4.0 and iOS 8.0 or higher, worldwide usage support through DTAG
verified criteria for success factors, possibly workshop trial start now
powered by
Global Threat Analysis Report
Over 3800 Critical* threats in 7 days • 63% of threats were network based
Threat Distribution
• 36% were App based App Based 36%
App Based Device Based
Network Based 63%
Network Based Device Based 1%
# of Threats 1% 1% 2% 36%
35%
23% 0%
2%
• >1000 devices involved across 86 unique networks Top 4 Threats • Suspicious Apps (36%) • Fake SSLs (35%) • SSL Strip (23%) • ARP/ICMP MITM (4%) # of Devices
ARP MITM Fake SSL certificate MITM ICMP Redirect MITM Rogue Access Point
Grand Total Traffic Tampering System Tampering Suspicious Android App SSL Strip Rogue Access Point ICMP Redirect MITM Fake SSL certificate MITM ARP MITM
1066 15 13 514 114 6 18
362 24
Telekom Fachkongress Magenta Security 2016