SlideShare uma empresa Scribd logo

CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security

CloudIDSummit
CloudIDSummit

Michael Sutton, Vice President of Security Research, Zscaler Nothing will more dramatically alter the enterprise security landscape than mobile devices, especially those that are employee owned (BYOD). While mobile devices can greatly improve employee productivity, they don't play nice with legacy enterprise security controls. Are you stuck choosing between the lesser of two evils—lowering security by permitting mobile access or maintaining the status quo by banishing mobile access altogether? Despite the many hurdles that today's mobile OS's pose for enterprise security, with the right policies and technologies, it’s possible to ensure that mobile employees are just as secure as those sitting at their desks.

TecnologiaNotícias e política
1 de 26
Baixar para ler offline
Secure.  Everywhere.   ©2013  Zscaler,  Inc.  All  rights  reserved.   Secure.  Everywhere.   ©2012  Zscaler,  Inc.  All  rights  reserved.   Don't  Let  Mobile  be  the  Achilles  Heel   for  Your  Enterprise  Security   Michael  SuGon   VP,  Security  Research   July  12,  2013  
Secure.  Everywhere.   whois   §  Zscaler   –  VP,  Security  Research   –  SaaS  based  soluLon  for  end  user  web  security   –  ThreatLabZ  –  security  research  arm  of  the  company   §  Background   –  Founding  Member  –  Cloud  Security  Alliance   –  SPI  Dynamics  –  acquired  by  HP   –  iDefense  –  acquired  by  VeriSign   §  Research   –  Web  security   –  Client-­‐side  vulnerabiliLes   –  Book  –  Fuzzing:  Brute  Force  Vulnerability  Discovery  
Secure.  Everywhere.   Three  Mega  Trends  in  IT   This  turns  tradi,onal  security  &  networking  upside  down   Businesses   adopt  Mobile     Cloud  goes   mainstream     Social   meets   Enterprise  
Secure.  Everywhere.   (In)visibility   §  HQ   –  Consolidate  data  from  disparate   systems  (IDS,  IPS,  Firewall,  AV,  etc.)   –  Internal/external  view   §  Regional  offices   –  Consolidate  data  to  obtain   comprehensive  threatscape   §  AcquisiLon   –  IncompaLble  technologies   §  Remote  Employees   –  Poor  user  experience  (forced  VPN)  vs   weak  security  (split  tunnel)   §  Cloud   –  Losing  control  of  data   ©2012  Zscaler,  Inc.  All  rights  reserved.   HQ   Regional  Office   AcquisiGon   Remote   Employees   Cloud  
Secure.  Everywhere.   Threat  MiGgaGon   ©2012  Zscaler,  Inc.  All  rights  reserved.   Appliances   Man  Hours   Threat  Complexity   Resource  Complexity   APTs                             Black/ White   LisGng                                            AnGvirus                                            IDS   IPS                                            Behavioral   Analysis                   Targeted   AGacks  
Secure.  Everywhere.   Global  Threat  MiGgaGon   ©2012  Zscaler,  Inc.  All  rights  reserved.   Appliances   Man  Hours   Threat  Complexity   Resource  Complexity   APTs                             BW   List                                          AV                                          IDS   IPS                                          BA                 Targeted   AGacks                             BW   List                                           BW   List                                           BW   List                                           BW   List                                           BW   List                                           BW   List                                          AV                                          AV                                          AV                                          AV                                          AV                                          AV                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          BA                                          BA                                          BA                                          BA                                          BA                                          BA                
Secure.  Everywhere.   Why  enterprise  security  is  failing  to  keep  pace   ©2012  Zscaler,  Inc.  All  rights  reserved.   Security  Threats   Con,nually  evolving   a9acks  defeat  security   –  Dynamic  aRacks   Malware  only  delivered   when  effecLve   –  LegiGmate  Resources   Popular  sites/results   deliver  aGacks   –  Targeted  ARacks   Well  funded,  skilled   aGackers  leverage   custom  aGacks  to   exfiltrate  sensiLve  data   and  ocen  go   undetected  for  months   –  Mobile   Custom  aGacks  target   always-­‐on,  mobile   devices   Endpoint  Security   Host  based  security  (An,-­‐ virus,  HIPS,  etc.)   –  Threats   AV  struggles  with   dynamic,  web  based   threats   –  Signatures   StaLc  signatures  to   keep  pace  with  the   volume  of  aGacks  seen   in  the  wild   –  Support   Different  soluLons   from  different  vendors   –  Mobile   Degrades  device   performance  and  is   not  an  opLon  on  iOS   devices   Gateway  Security   Appliance  based  Secure   Web  Gateway  solu,ons   –  URL  filtering   StaLc  blacklists   cannot  protect   against  threats  on   legiLmate  sites     –  Visibility   Batch  reporLng  from   individual  appliances   –  Support   Enterprise  remains   responsible  for   patching  and  maint.   –  Mobile   Appliances  cannot   see  traffic  for  remote   employees   Security  Needs   How  do  we  close  the  gap?   –  In-­‐line,  real-­‐Gme   Block/allow  decision   based  on  actual  content   –  Full  content  inspecGon   Complete  bi-­‐direcLonal   inspecLon  of  all  traffic   –  Encrypted  traffic   Malware  cannot  hide  in   SSL  encrypted  channels   –  Dynamic  reputaGon   Real-­‐Lme  reputaLon   scoring   –  Big  data   ConLnual  cloud  mining   –  Any  device/locaGon   Consistent  policy   enforcement   Security  Gap  Current  Enterprise  Security  
Secure.  Everywhere.   How  iOS  is  Forcing  Enterprises  to  Rethink  Security   Yesterday   Tomorrow   Malware   Host  based  AV   Background  apps/ services  prohibited   Network   Controlled  while  on-­‐ premises   3G  connecLvity  bypasses   network  controls   Traffic   Most  HTTP(S)  traffic   browser  based   Most  HTTP(S)  traffic  app   driven   Data  leakage   Appliance  based  DLP   Device  regularly  off-­‐ premises   Ownership   Corporate  owned  asset   Personal  asset  
Secure.  Everywhere.   Is  this  the  Year?   To  date,  mobile  devices  such  as  smartphones  and  tablets  have   been  preGy  safe  from  malware.  This  era  may  well  have  come   to  end.   The  reason  mobile  devices  have  been  immune  is  arguably   because  in  many  ways  the  opportuniLes  to  capitalize  on   weaknesses  and  flaws  in  the  relaLvely  young  operaLng  systems   of  these  new  products  have  been  scarce  in  comparison  to  the   millions  of  machines  running,  for  example,  Windows.   2013:  The  Year  Android  Users  Get  Pwned   Mark  Gibbs,  Contributor   CIO  NETWORK  |  4/24/2013  @  10:43PM  |124  views  
Secure.  Everywhere.   Is  Mobile  Malware  on  the  Rise?   Mobile   PC   Lookout  Mobile  Security  
Secure.  Everywhere.   All  Devices  Are  Not  Created  Equal   §  PCs  ocen  run  numerous  server  side  services  such  as  RDP,   RPC,  HTTP,  FTP,  etc.   §  Mobile  app  stores  provide  a  validaLon  layer   §  Mobile  fragmentaLon  (among  both  vendors  and  O/S   versions)  limits  total  exposure   §  PC  browser  plugin  framework  a  significant  malware  entry   point   §  Malicious  apps  can  be  revoked  via  official  app  stores  
Secure.  Everywhere.   Rapid  Growth   §  Rapid  adopLon  of  web   development  at  the  turn   of  the  century  ensured   that  security  was  an   acerthought…   §  …history  is  repeaLng  itself  in   the  mobile  space   §  Many  apps  are  outsourced  to   3rd  parLes  and  not  properly   tested  for  vulnerabiliLes  and   data  leakage  
Secure.  Everywhere.   Mobile  Challenges   §  Ownership   –  BYOD,  cloud  and  social  are  forcing  CISOs  to  lose  control  of  the  devices   and  data  that  they  are  tasked  with  managing   §  Visibility   –  Enterprises  have  significant  blind  spots  and  are  no  longer  able  to   understand  total  risk  and  exposure   »  Remote  users  bypass  appliances   »  ReporLng  not  consolidated   §   Hyper-­‐growth   –  Lack  of  security  tools  and  skills  to  fully  understand  security/privacy   –  Blind  trust  of  App  Store  gatekeepers   §  TradiLonal  endpoint  security  is  dead   –  Host  based  –  Resource  constraints  and  restricLve  O/S  ecosystem   –  Appliance  Based  –  Can’t  protect  what  it  can’t  see  
Secure.  Everywhere.   Mobile  IdenGty   Passwords   Pers.  Ident.  Info.   Device  ID  (IMEI)   No  SSL   Contacts   …   Privacy   XSS   Command  injecLon   Insecure  permissions   Data  thec   Race  condiLon   …   Security   Games   Social  Networking   Entertainment   …   ProducGvity   Person   Device   ApplicaGon  
Secure.  Everywhere.   ZAP  –  Zscaler  ApplicaGon  Analyzer   hGp://zap.zscaler.com    
Secure.  Everywhere.   ZAP  Process   1 IdenLfy  official  app  URL  from  iTunes/Google  Play,  enter  into  ZAP   4 Enter  ZAP  proxy  seqngs  in  iOS/Android  device  (2  minute  Lmeout)   5 Start  ZAP  proxy,  launch  app  and  use  all  funcLonality  (2  minute  Lmeout)   6 Stop  proxy,  download  MiTM  file  (opLonal)  and  analyze  traffic   1 4 Mobile  Device   ZAP   App  Vendor   AdverGsers   3rd  ParGes   5 6 3 Enter  fake  personally  idenLfiable  informaLon  (PII)  (opLonal)   3 2 Install  mitmproxy  SSL  cerLficate  (opLonal)   2
Secure.  Everywhere.   Device  Info  Leakage  –  UDID   App  Name:  Hangman  ⓇⓈⓈ   Version:  2.2.6  (July  20,  2012)   Category:  Games   RaGngs:  22,356   Plaform:  iOS   [+]http://ads.mopub.com/m/open? v=8&udid=sha:C6D279823C0BBEDC6E1751CEF09B2BD673FBBD41&id=366248637 [+]https://ws.tapjoyads.com/connect? mobile_network_code=&country_code=US&device_type=iPod %20touch&app_id=02aa9e96-7734-47b9- a199-187e294ca557&os_version=5.1.1&library_version=8.1.6&language_code=en&lad =0×tamp=1346830292&platform=iOS&allows_voip=yes&carrier_country_code=&mobile_ country_code=&mac_address=00c610c03723&display_multiplier=1.000000&udid=c5a53 500780d25743c08f079184903a2d246baad&app_version=1.20&carrier_name=&verifier=3 7d48f9d34a996dfcda2fd5bb8ee21229afa6f4bfd26d3b2f4edbcd70af81411 [-]https://www.chartboost.com/api/install.json Method: POST Host: www.chartboost.com User-Agent: HangmanFree/1.20 CFNetwork/548.1.4 Darwin/11.0.0 Request Body: sdk=2.5.11&os=5.1.1&uuid=c5a53500780d25743c08f079184903a2d246baad&app=4ed3202 6cb6015bd11000000&ui=0&signature=ecf69ddb296fe193d8963e8a12795707&country=US& bundle=1.20&language=en&model=iPod%20touch&
Secure.  Everywhere.   Weak  AuthenGcaGon  –  Password  Hash   App  Name:  Twitxr   Version:  0.13  (September  5,  2012)   Category:  Social  Networking   RaGngs:  484   Plaform:  iOS   [-]http://www.twitxr.com/api/rest/registerNewUser? username=unzscaler&password=42ef56a0090b7b29ab5ee54fc57dc156 &email=apps@zscaler.com Method: GET Host: www.twitxr.com User-Agent: Twitxr/1.3 CFNetwork/548.1.4 Darwin/11.0.0 Server Response: EwNay , 6PvJ [+]http://www.twitxr.com/api/rest/checkUserData [+]http://m.twitxr.com/? user=unzscaler&md5pass=42ef56a0090b7b29ab5ee54fc57dc156 [+]http://m.twitxr.com/unzscaler/with_friends [+]http://m.twitxr.com/unzscaler/with_friends/ [+]http://m.twitxr.com/style_mobile_v1.0.css Michael$ md5 -s Zscal3r! MD5 ("Zscal3r!") = 42ef56a0090b7b29ab5ee54fc57dc156
Secure.  Everywhere.   Weak  AuthenGcaGon  –  Clear  Text  Password   App  Name:  Evenful   Version:  1.0.4  (Oct  27,  2011)   Category:  Social  Networking   RaGngs:  9,415   Plaform:  iOS   [+]http://eventful.com/json/apps/klaxon/start?stsess=(null) [-]http://eventful.com/json/apps/klaxon/users/validate Method: POST Host: eventful.com User-Agent: Eventful/1.0.4 CFNetwork/548.1.4 Darwin/11.0.0 Request Body: password1=Zscal3r! &yob=1980&password2=Zscal3r! &location_id=&gender=M&email=apps %40zscaler.com&opt_partners=1&location_type=&username=unzsc aler Server Response: {"errors":null,"is_default_eventful_site":"1","home_url":"h ttp://eventful.com/sanjose/events"} [+]http://eventful.com/json/apps/klaxon/locations/search? location=38.951549,-77.333655&stsess=(null) [+]http://eventful.com/json/apps/klaxon/users/join [+]http://eventful.com/json/apps/klaxon/users/edit
Secure.  Everywhere.   Weak  AuthenGcaGon  –  Shared  Libraries   App  Names:  Zip  Cloud,  JustCloud,  MyPCBackup,  Novatech  Cloud   Version:  1.1.2  (September  22,  2012)   Category:  ProducGvity   Vendor:  JDI  Backup  Ltd   Plaform:  iOS   [+]http://data.flurry.com/aas.do [-]http://flow.backupgrid.net/account/create Method: POST Host: flow.backupgrid.net User-Agent: ZipCloud 1.0.2 (iPod touch; iPhone OS 5.1.1; en_US) Request Body: credentials={"app_time":"100","app":"jdi_ios","app_version":"1.0.2","se cret":"","token":""} &payload={"name":"Fnzscaler","password":"Zscal3r!","verify":"1cac4c9b84 b77738cb1ede06054ed664","email":"apps@zscaler.com","partner_id":"2"} &version=1.0.0 Server Response: ;;v# , r , '+4f , %eG} [+]http://flow.backupgrid.net/auth/request [+]http://flow.backupgrid.net/account/devices [+]http://flow.backupgrid.net/device/licence [+]http://flow.backupgrid.net/device/roots
Secure.  Everywhere.   Mobile  ApplicaGon  Privacy   0.00%   10.00%   20.00%   30.00%   40.00%   50.00%   60.00%   70.00%   60.78%   54.99%   44.04%   42.49%   31.19%   9.52%   3.50%   3.33%   2.75%   1.72%   Android  ApplicaGon  Permissions   0%   10%   20%   30%   40%   50%   60%   70%   80%   79.08%   61.61%   59.69%   41.65%   35.51%   25.72%   13.82%   9.40%   iOS  ApplicaGon  Behaviors   Device  Info.   3rd  ParLes   AuthenLcaLon  
Secure.  Everywhere.   Securing  Mobile   How  enterprises  must   adapt  in  a  mobile  world  
Secure.  Everywhere.   How  Mobility  turns  Enterprise  Security  Upside  Down   §  Devices,  applicaLons  &   Data  at  Corp  HQ  or  DC   –  Owned  and  controlled  by  the   enterprise   §  Traffic  backhaul   –  Branch  offices  -­‐  MPLS   –  Road  warriors  –  VPN   §  Protect  users  with   appliances   –  On-­‐prem  gateway  proxies   (URL,  AV,  DLP)  enforce   policies  for  users  accessing   Internet   Regional  Gateway   Branch   HQ   Home  /  Hotspot   On  the  Road/Mobile   No  policy  or  protecGon   VPN  Backhaul   Branch   MPLS   Backhaul   Ltd.  protec,on  and  visibility  for  the  mobile  workforce   Yesterday   §  Mobility   –  Users  go  direct   –  Data,  networks  and   devices  no  longer   owned/controlled  by   the  enterprise   Today  
Secure.  Everywhere.   Zscaler  Secure  Cloud  Gateway     ©2012  Zscaler,  Inc.  All  rights  reserved.    Zscaler  was  the  only  one  that  truly  delivered  an  ultra-­‐low  latency  experience   along  with  excep,onal  protec,on  from  threats.  And  best  of  all,  it  works   exactly  as  adver6sed.”             “ Mobile  &  Distributed     Workforce   Business   ApplicaGons   Home  or     Hotspot   Mobile  Apps   HQ   Cloud  Apps   Regional       Office   Email  Services   Securely  Enable  Direct  to  Internet   Nothing  good  leaks  out,  nothing  bad  comes  in   Enforce  Business  Policy   NO  HARDWARE    |    NO  SOFTWARE   Web  2.0  and  Social  On-­‐the-­‐go  
Secure.  Everywhere.   Consider  Three  Users…   §  We  must  seek  security  solu,ons  that  ensure  consistent  policy,   protec,on  and  visibility,  regardless  of  device  or  loca,on.   §  Cloud  provides  the  opportunity  to  level  the  playing  field.   Office   Coffee  Shop   Airport   Device   PC   Laptop   Tablet/smartphone   ProtecLon   IDS,  IPS,  FW,  SWG,   DLP,  etc.   Host  based  AV  and   firewall   Nothing   Visibility   LocaLon  based   reporLng   Nothing  
Secure.  Everywhere.   ©2013  Zscaler,  Inc.  All  rights  reserved.   Secure.  Everywhere.   ©2012  Zscaler,  Inc.  All  rights  reserved.   zscaler.com   threatlabz.com     Michael  SuRon   VP,  Security  Research  

Recomendados

It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santos
santosomar
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4
guest66dc5f
 
Sql injection to enterprise Owned - K.K. Mookhey
Sql injection to enterprise Owned - K.K. Mookhey Sql injection to enterprise Owned - K.K. Mookhey
Sql injection to enterprise Owned - K.K. Mookhey
OWASP-Qatar Chapter
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
Software Compliance Management Overview
Software Compliance Management OverviewSoftware Compliance Management Overview
Software Compliance Management Overview
kevino80
 
BYOD - it's an identity thing
BYOD - it's an identity thingBYOD - it's an identity thing
BYOD - it's an identity thing
Paul Madsen
 
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS AttacksDSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
Andris Soroka
 

Recomendados

It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santos
santosomar
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4
guest66dc5f
 
Sql injection to enterprise Owned - K.K. Mookhey
Sql injection to enterprise Owned - K.K. Mookhey Sql injection to enterprise Owned - K.K. Mookhey
Sql injection to enterprise Owned - K.K. Mookhey
OWASP-Qatar Chapter
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
Software Compliance Management Overview
Software Compliance Management OverviewSoftware Compliance Management Overview
Software Compliance Management Overview
kevino80
 
BYOD - it's an identity thing
BYOD - it's an identity thingBYOD - it's an identity thing
BYOD - it's an identity thing
Paul Madsen
 
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS AttacksDSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
Andris Soroka
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
Ed Wong
 
Vulnerability in Security Products
Vulnerability in Security ProductsVulnerability in Security Products
Vulnerability in Security Products
DaveEdwards12
 
Python For Droid
Python For DroidPython For Droid
Python For Droid
Rich Helton
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
tmbainjr131
 
Python Final
Python FinalPython Final
Python Final
Rich Helton
 
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavMobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
Romansh Yadav
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
Denim Group
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
Symantec
 
Counterfeit Risk & New Defense Regulations
Counterfeit Risk & New Defense RegulationsCounterfeit Risk & New Defense Regulations
Counterfeit Risk & New Defense Regulations
IHS
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013
Skybox Security
 
Nephos technologies lee_biggenden_c_expo13_v2.0
Nephos technologies lee_biggenden_c_expo13_v2.0Nephos technologies lee_biggenden_c_expo13_v2.0
Nephos technologies lee_biggenden_c_expo13_v2.0
lbiggenden
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
 
InDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation FinalInDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation Final
Rob Marano
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
Irsandi Hasan
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
LicensingLive! - SafeNet
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
W Fred Seigneur
 
Tscm Risk Management Presentation June 2012
Tscm Risk Management Presentation June 2012Tscm Risk Management Presentation June 2012
Tscm Risk Management Presentation June 2012
knowtel
 
Days of Zscaler
Days of ZscalerDays of Zscaler
Days of Zscaler
Alan Dong
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Miriade Spa
 
Sell More with Paid Search & BigCommerce
Sell More with Paid Search & BigCommerceSell More with Paid Search & BigCommerce
Sell More with Paid Search & BigCommerce
Groove Commerce
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Global Online Trainings
 

Mais conteúdo relacionado

Mais procurados

Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
Ed Wong
 
Python For Droid
Python For DroidPython For Droid
Python For Droid
Rich Helton
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
Denim Group
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
Symantec
 
Counterfeit Risk & New Defense Regulations
Counterfeit Risk & New Defense RegulationsCounterfeit Risk & New Defense Regulations
Counterfeit Risk & New Defense Regulations
IHS
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013
Skybox Security
 
Nephos technologies lee_biggenden_c_expo13_v2.0
Nephos technologies lee_biggenden_c_expo13_v2.0Nephos technologies lee_biggenden_c_expo13_v2.0
Nephos technologies lee_biggenden_c_expo13_v2.0
lbiggenden
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
Irsandi Hasan
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
W Fred Seigneur
 

Mais procurados (18)

Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
 
Vulnerability in Security Products
Vulnerability in Security ProductsVulnerability in Security Products
Vulnerability in Security Products
 
Python For Droid
Python For DroidPython For Droid
Python For Droid
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
 
Python Final
Python FinalPython Final
Python Final
 
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavMobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
 
Counterfeit Risk & New Defense Regulations
Counterfeit Risk & New Defense RegulationsCounterfeit Risk & New Defense Regulations
Counterfeit Risk & New Defense Regulations
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013
 
Nephos technologies lee_biggenden_c_expo13_v2.0
Nephos technologies lee_biggenden_c_expo13_v2.0Nephos technologies lee_biggenden_c_expo13_v2.0
Nephos technologies lee_biggenden_c_expo13_v2.0
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
 
InDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation FinalInDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation Final
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
 
Tscm Risk Management Presentation June 2012
Tscm Risk Management Presentation June 2012Tscm Risk Management Presentation June 2012
Tscm Risk Management Presentation June 2012
 

Destaque

Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Miriade Spa
 
JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...
JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...
JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...
Juan Cruz Nores
 

Destaque (10)

Days of Zscaler
Days of ZscalerDays of Zscaler
Days of Zscaler
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
 
Sell More with Paid Search & BigCommerce
Sell More with Paid Search & BigCommerceSell More with Paid Search & BigCommerce
Sell More with Paid Search & BigCommerce
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
Data Exploration and Analytics for the Modern Business
Data Exploration and Analytics for the Modern BusinessData Exploration and Analytics for the Modern Business
Data Exploration and Analytics for the Modern Business
 
SCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureSCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventure
 
Cloudflare
CloudflareCloudflare
Cloudflare
 
Phunware webinar future of connected health
Phunware webinar future of connected healthPhunware webinar future of connected health
Phunware webinar future of connected health
 
Apttus Quote-to-Cash Impact Study
Apttus Quote-to-Cash Impact StudyApttus Quote-to-Cash Impact Study
Apttus Quote-to-Cash Impact Study
 
JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...
JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...
JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...
 

Semelhante a CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security

F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
Jimmy Saigon
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
Apperian
 
Prabhu Resume
Prabhu ResumePrabhu Resume
Prabhu Resume
Prabhu P
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
Andris Soroka
 
New approaches to vulnerability management
New approaches to vulnerability managementNew approaches to vulnerability management
New approaches to vulnerability management
Interop
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013
DaveEdwards12
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
DaveEdwards12
 
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - FinalTsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
sandhibhide
 

Semelhante a CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security (20)

i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
 
Ibrahim aledeene
Ibrahim aledeeneIbrahim aledeene
Ibrahim aledeene
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
 
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration Testing
 
Prabhu Resume
Prabhu ResumePrabhu Resume
Prabhu Resume
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
New approaches to vulnerability management
New approaches to vulnerability managementNew approaches to vulnerability management
New approaches to vulnerability management
 
EdgeWallFlyer2016
EdgeWallFlyer2016EdgeWallFlyer2016
EdgeWallFlyer2016
 
Five IDS mistakes people make
Five IDS mistakes people makeFive IDS mistakes people make
Five IDS mistakes people make
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
 
Avast product brochure
Avast product brochureAvast product brochure
Avast product brochure
 
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - FinalTsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Debunking Common Myths of Mobile Application Development
Debunking Common Myths of Mobile Application DevelopmentDebunking Common Myths of Mobile Application Development
Debunking Common Myths of Mobile Application Development
 
Double guard
Double guardDouble guard
Double guard
 

Mais de CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 

Mais de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security

  • 1. Secure.  Everywhere.   ©2013  Zscaler,  Inc.  All  rights  reserved.   Secure.  Everywhere.   ©2012  Zscaler,  Inc.  All  rights  reserved.   Don't  Let  Mobile  be  the  Achilles  Heel   for  Your  Enterprise  Security   Michael  SuGon   VP,  Security  Research   July  12,  2013  
  • 2. Secure.  Everywhere.   whois   §  Zscaler   –  VP,  Security  Research   –  SaaS  based  soluLon  for  end  user  web  security   –  ThreatLabZ  –  security  research  arm  of  the  company   §  Background   –  Founding  Member  –  Cloud  Security  Alliance   –  SPI  Dynamics  –  acquired  by  HP   –  iDefense  –  acquired  by  VeriSign   §  Research   –  Web  security   –  Client-­‐side  vulnerabiliLes   –  Book  –  Fuzzing:  Brute  Force  Vulnerability  Discovery  
  • 3. Secure.  Everywhere.   Three  Mega  Trends  in  IT   This  turns  tradi,onal  security  &  networking  upside  down   Businesses   adopt  Mobile     Cloud  goes   mainstream     Social   meets   Enterprise  
  • 4. Secure.  Everywhere.   (In)visibility   §  HQ   –  Consolidate  data  from  disparate   systems  (IDS,  IPS,  Firewall,  AV,  etc.)   –  Internal/external  view   §  Regional  offices   –  Consolidate  data  to  obtain   comprehensive  threatscape   §  AcquisiLon   –  IncompaLble  technologies   §  Remote  Employees   –  Poor  user  experience  (forced  VPN)  vs   weak  security  (split  tunnel)   §  Cloud   –  Losing  control  of  data   ©2012  Zscaler,  Inc.  All  rights  reserved.   HQ   Regional  Office   AcquisiGon   Remote   Employees   Cloud  
  • 5. Secure.  Everywhere.   Threat  MiGgaGon   ©2012  Zscaler,  Inc.  All  rights  reserved.   Appliances   Man  Hours   Threat  Complexity   Resource  Complexity   APTs                             Black/ White   LisGng                                            AnGvirus                                            IDS   IPS                                            Behavioral   Analysis                   Targeted   AGacks  
  • 6. Secure.  Everywhere.   Global  Threat  MiGgaGon   ©2012  Zscaler,  Inc.  All  rights  reserved.   Appliances   Man  Hours   Threat  Complexity   Resource  Complexity   APTs                             BW   List                                          AV                                          IDS   IPS                                          BA                 Targeted   AGacks                             BW   List                                           BW   List                                           BW   List                                           BW   List                                           BW   List                                           BW   List                                          AV                                          AV                                          AV                                          AV                                          AV                                          AV                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          IDS   IPS                                          BA                                          BA                                          BA                                          BA                                          BA                                          BA                
  • 7. Secure.  Everywhere.   Why  enterprise  security  is  failing  to  keep  pace   ©2012  Zscaler,  Inc.  All  rights  reserved.   Security  Threats   Con,nually  evolving   a9acks  defeat  security   –  Dynamic  aRacks   Malware  only  delivered   when  effecLve   –  LegiGmate  Resources   Popular  sites/results   deliver  aGacks   –  Targeted  ARacks   Well  funded,  skilled   aGackers  leverage   custom  aGacks  to   exfiltrate  sensiLve  data   and  ocen  go   undetected  for  months   –  Mobile   Custom  aGacks  target   always-­‐on,  mobile   devices   Endpoint  Security   Host  based  security  (An,-­‐ virus,  HIPS,  etc.)   –  Threats   AV  struggles  with   dynamic,  web  based   threats   –  Signatures   StaLc  signatures  to   keep  pace  with  the   volume  of  aGacks  seen   in  the  wild   –  Support   Different  soluLons   from  different  vendors   –  Mobile   Degrades  device   performance  and  is   not  an  opLon  on  iOS   devices   Gateway  Security   Appliance  based  Secure   Web  Gateway  solu,ons   –  URL  filtering   StaLc  blacklists   cannot  protect   against  threats  on   legiLmate  sites     –  Visibility   Batch  reporLng  from   individual  appliances   –  Support   Enterprise  remains   responsible  for   patching  and  maint.   –  Mobile   Appliances  cannot   see  traffic  for  remote   employees   Security  Needs   How  do  we  close  the  gap?   –  In-­‐line,  real-­‐Gme   Block/allow  decision   based  on  actual  content   –  Full  content  inspecGon   Complete  bi-­‐direcLonal   inspecLon  of  all  traffic   –  Encrypted  traffic   Malware  cannot  hide  in   SSL  encrypted  channels   –  Dynamic  reputaGon   Real-­‐Lme  reputaLon   scoring   –  Big  data   ConLnual  cloud  mining   –  Any  device/locaGon   Consistent  policy   enforcement   Security  Gap  Current  Enterprise  Security  
  • 8. Secure.  Everywhere.   How  iOS  is  Forcing  Enterprises  to  Rethink  Security   Yesterday   Tomorrow   Malware   Host  based  AV   Background  apps/ services  prohibited   Network   Controlled  while  on-­‐ premises   3G  connecLvity  bypasses   network  controls   Traffic   Most  HTTP(S)  traffic   browser  based   Most  HTTP(S)  traffic  app   driven   Data  leakage   Appliance  based  DLP   Device  regularly  off-­‐ premises   Ownership   Corporate  owned  asset   Personal  asset  
  • 9. Secure.  Everywhere.   Is  this  the  Year?   To  date,  mobile  devices  such  as  smartphones  and  tablets  have   been  preGy  safe  from  malware.  This  era  may  well  have  come   to  end.   The  reason  mobile  devices  have  been  immune  is  arguably   because  in  many  ways  the  opportuniLes  to  capitalize  on   weaknesses  and  flaws  in  the  relaLvely  young  operaLng  systems   of  these  new  products  have  been  scarce  in  comparison  to  the   millions  of  machines  running,  for  example,  Windows.   2013:  The  Year  Android  Users  Get  Pwned   Mark  Gibbs,  Contributor   CIO  NETWORK  |  4/24/2013  @  10:43PM  |124  views  
  • 10. Secure.  Everywhere.   Is  Mobile  Malware  on  the  Rise?   Mobile   PC   Lookout  Mobile  Security  
  • 11. Secure.  Everywhere.   All  Devices  Are  Not  Created  Equal   §  PCs  ocen  run  numerous  server  side  services  such  as  RDP,   RPC,  HTTP,  FTP,  etc.   §  Mobile  app  stores  provide  a  validaLon  layer   §  Mobile  fragmentaLon  (among  both  vendors  and  O/S   versions)  limits  total  exposure   §  PC  browser  plugin  framework  a  significant  malware  entry   point   §  Malicious  apps  can  be  revoked  via  official  app  stores  
  • 12. Secure.  Everywhere.   Rapid  Growth   §  Rapid  adopLon  of  web   development  at  the  turn   of  the  century  ensured   that  security  was  an   acerthought…   §  …history  is  repeaLng  itself  in   the  mobile  space   §  Many  apps  are  outsourced  to   3rd  parLes  and  not  properly   tested  for  vulnerabiliLes  and   data  leakage  
  • 13. Secure.  Everywhere.   Mobile  Challenges   §  Ownership   –  BYOD,  cloud  and  social  are  forcing  CISOs  to  lose  control  of  the  devices   and  data  that  they  are  tasked  with  managing   §  Visibility   –  Enterprises  have  significant  blind  spots  and  are  no  longer  able  to   understand  total  risk  and  exposure   »  Remote  users  bypass  appliances   »  ReporLng  not  consolidated   §   Hyper-­‐growth   –  Lack  of  security  tools  and  skills  to  fully  understand  security/privacy   –  Blind  trust  of  App  Store  gatekeepers   §  TradiLonal  endpoint  security  is  dead   –  Host  based  –  Resource  constraints  and  restricLve  O/S  ecosystem   –  Appliance  Based  –  Can’t  protect  what  it  can’t  see  
  • 14. Secure.  Everywhere.   Mobile  IdenGty   Passwords   Pers.  Ident.  Info.   Device  ID  (IMEI)   No  SSL   Contacts   …   Privacy   XSS   Command  injecLon   Insecure  permissions   Data  thec   Race  condiLon   …   Security   Games   Social  Networking   Entertainment   …   ProducGvity   Person   Device   ApplicaGon  
  • 15. Secure.  Everywhere.   ZAP  –  Zscaler  ApplicaGon  Analyzer   hGp://zap.zscaler.com    
  • 16. Secure.  Everywhere.   ZAP  Process   1 IdenLfy  official  app  URL  from  iTunes/Google  Play,  enter  into  ZAP   4 Enter  ZAP  proxy  seqngs  in  iOS/Android  device  (2  minute  Lmeout)   5 Start  ZAP  proxy,  launch  app  and  use  all  funcLonality  (2  minute  Lmeout)   6 Stop  proxy,  download  MiTM  file  (opLonal)  and  analyze  traffic   1 4 Mobile  Device   ZAP   App  Vendor   AdverGsers   3rd  ParGes   5 6 3 Enter  fake  personally  idenLfiable  informaLon  (PII)  (opLonal)   3 2 Install  mitmproxy  SSL  cerLficate  (opLonal)   2
  • 17. Secure.  Everywhere.   Device  Info  Leakage  –  UDID   App  Name:  Hangman  ⓇⓈⓈ   Version:  2.2.6  (July  20,  2012)   Category:  Games   RaGngs:  22,356   Plaform:  iOS   [+]http://ads.mopub.com/m/open? v=8&udid=sha:C6D279823C0BBEDC6E1751CEF09B2BD673FBBD41&id=366248637 [+]https://ws.tapjoyads.com/connect? mobile_network_code=&country_code=US&device_type=iPod %20touch&app_id=02aa9e96-7734-47b9- a199-187e294ca557&os_version=5.1.1&library_version=8.1.6&language_code=en&lad =0×tamp=1346830292&platform=iOS&allows_voip=yes&carrier_country_code=&mobile_ country_code=&mac_address=00c610c03723&display_multiplier=1.000000&udid=c5a53 500780d25743c08f079184903a2d246baad&app_version=1.20&carrier_name=&verifier=3 7d48f9d34a996dfcda2fd5bb8ee21229afa6f4bfd26d3b2f4edbcd70af81411 [-]https://www.chartboost.com/api/install.json Method: POST Host: www.chartboost.com User-Agent: HangmanFree/1.20 CFNetwork/548.1.4 Darwin/11.0.0 Request Body: sdk=2.5.11&os=5.1.1&uuid=c5a53500780d25743c08f079184903a2d246baad&app=4ed3202 6cb6015bd11000000&ui=0&signature=ecf69ddb296fe193d8963e8a12795707&country=US& bundle=1.20&language=en&model=iPod%20touch&
  • 18. Secure.  Everywhere.   Weak  AuthenGcaGon  –  Password  Hash   App  Name:  Twitxr   Version:  0.13  (September  5,  2012)   Category:  Social  Networking   RaGngs:  484   Plaform:  iOS   [-]http://www.twitxr.com/api/rest/registerNewUser? username=unzscaler&password=42ef56a0090b7b29ab5ee54fc57dc156 &email=apps@zscaler.com Method: GET Host: www.twitxr.com User-Agent: Twitxr/1.3 CFNetwork/548.1.4 Darwin/11.0.0 Server Response: EwNay , 6PvJ [+]http://www.twitxr.com/api/rest/checkUserData [+]http://m.twitxr.com/? user=unzscaler&md5pass=42ef56a0090b7b29ab5ee54fc57dc156 [+]http://m.twitxr.com/unzscaler/with_friends [+]http://m.twitxr.com/unzscaler/with_friends/ [+]http://m.twitxr.com/style_mobile_v1.0.css Michael$ md5 -s Zscal3r! MD5 ("Zscal3r!") = 42ef56a0090b7b29ab5ee54fc57dc156
  • 19. Secure.  Everywhere.   Weak  AuthenGcaGon  –  Clear  Text  Password   App  Name:  Evenful   Version:  1.0.4  (Oct  27,  2011)   Category:  Social  Networking   RaGngs:  9,415   Plaform:  iOS   [+]http://eventful.com/json/apps/klaxon/start?stsess=(null) [-]http://eventful.com/json/apps/klaxon/users/validate Method: POST Host: eventful.com User-Agent: Eventful/1.0.4 CFNetwork/548.1.4 Darwin/11.0.0 Request Body: password1=Zscal3r! &yob=1980&password2=Zscal3r! &location_id=&gender=M&email=apps %40zscaler.com&opt_partners=1&location_type=&username=unzsc aler Server Response: {"errors":null,"is_default_eventful_site":"1","home_url":"h ttp://eventful.com/sanjose/events"} [+]http://eventful.com/json/apps/klaxon/locations/search? location=38.951549,-77.333655&stsess=(null) [+]http://eventful.com/json/apps/klaxon/users/join [+]http://eventful.com/json/apps/klaxon/users/edit
  • 20. Secure.  Everywhere.   Weak  AuthenGcaGon  –  Shared  Libraries   App  Names:  Zip  Cloud,  JustCloud,  MyPCBackup,  Novatech  Cloud   Version:  1.1.2  (September  22,  2012)   Category:  ProducGvity   Vendor:  JDI  Backup  Ltd   Plaform:  iOS   [+]http://data.flurry.com/aas.do [-]http://flow.backupgrid.net/account/create Method: POST Host: flow.backupgrid.net User-Agent: ZipCloud 1.0.2 (iPod touch; iPhone OS 5.1.1; en_US) Request Body: credentials={"app_time":"100","app":"jdi_ios","app_version":"1.0.2","se cret":"","token":""} &payload={"name":"Fnzscaler","password":"Zscal3r!","verify":"1cac4c9b84 b77738cb1ede06054ed664","email":"apps@zscaler.com","partner_id":"2"} &version=1.0.0 Server Response: ;;v# , r , '+4f , %eG} [+]http://flow.backupgrid.net/auth/request [+]http://flow.backupgrid.net/account/devices [+]http://flow.backupgrid.net/device/licence [+]http://flow.backupgrid.net/device/roots
  • 21. Secure.  Everywhere.   Mobile  ApplicaGon  Privacy   0.00%   10.00%   20.00%   30.00%   40.00%   50.00%   60.00%   70.00%   60.78%   54.99%   44.04%   42.49%   31.19%   9.52%   3.50%   3.33%   2.75%   1.72%   Android  ApplicaGon  Permissions   0%   10%   20%   30%   40%   50%   60%   70%   80%   79.08%   61.61%   59.69%   41.65%   35.51%   25.72%   13.82%   9.40%   iOS  ApplicaGon  Behaviors   Device  Info.   3rd  ParLes   AuthenLcaLon  
  • 22. Secure.  Everywhere.   Securing  Mobile   How  enterprises  must   adapt  in  a  mobile  world  
  • 23. Secure.  Everywhere.   How  Mobility  turns  Enterprise  Security  Upside  Down   §  Devices,  applicaLons  &   Data  at  Corp  HQ  or  DC   –  Owned  and  controlled  by  the   enterprise   §  Traffic  backhaul   –  Branch  offices  -­‐  MPLS   –  Road  warriors  –  VPN   §  Protect  users  with   appliances   –  On-­‐prem  gateway  proxies   (URL,  AV,  DLP)  enforce   policies  for  users  accessing   Internet   Regional  Gateway   Branch   HQ   Home  /  Hotspot   On  the  Road/Mobile   No  policy  or  protecGon   VPN  Backhaul   Branch   MPLS   Backhaul   Ltd.  protec,on  and  visibility  for  the  mobile  workforce   Yesterday   §  Mobility   –  Users  go  direct   –  Data,  networks  and   devices  no  longer   owned/controlled  by   the  enterprise   Today  
  • 24. Secure.  Everywhere.   Zscaler  Secure  Cloud  Gateway     ©2012  Zscaler,  Inc.  All  rights  reserved.    Zscaler  was  the  only  one  that  truly  delivered  an  ultra-­‐low  latency  experience   along  with  excep,onal  protec,on  from  threats.  And  best  of  all,  it  works   exactly  as  adver6sed.”             “ Mobile  &  Distributed     Workforce   Business   ApplicaGons   Home  or     Hotspot   Mobile  Apps   HQ   Cloud  Apps   Regional       Office   Email  Services   Securely  Enable  Direct  to  Internet   Nothing  good  leaks  out,  nothing  bad  comes  in   Enforce  Business  Policy   NO  HARDWARE    |    NO  SOFTWARE   Web  2.0  and  Social  On-­‐the-­‐go  
  • 25. Secure.  Everywhere.   Consider  Three  Users…   §  We  must  seek  security  solu,ons  that  ensure  consistent  policy,   protec,on  and  visibility,  regardless  of  device  or  loca,on.   §  Cloud  provides  the  opportunity  to  level  the  playing  field.   Office   Coffee  Shop   Airport   Device   PC   Laptop   Tablet/smartphone   ProtecLon   IDS,  IPS,  FW,  SWG,   DLP,  etc.   Host  based  AV  and   firewall   Nothing   Visibility   LocaLon  based   reporLng   Nothing  
  • 26. Secure.  Everywhere.   ©2013  Zscaler,  Inc.  All  rights  reserved.   Secure.  Everywhere.   ©2012  Zscaler,  Inc.  All  rights  reserved.   zscaler.com   threatlabz.com     Michael  SuRon   VP,  Security  Research