ADVANCED ATTACKS AGAINST MOBILE/IOT DEVICES

Size: px
Start display at page:

Download "ADVANCED ATTACKS AGAINST MOBILE/IOT DEVICES"

Transcription

1 CONTEXT- AWARE SECURIT Y THROUGH RAIN RFID

2 ADVANCED ATTACKS AGAINST MOBILE/IOT DEVICES H A R D W A R E S O F T W A R E W I R E L E S S / N E T W O R K S Cold-Boot Attacks Chip-Extraction Side-Channel Attacks BIOS/UEFI Exploits App Vulnerability Scanning Reverse Engineering Privilege Escalation Attacks Advance Persistent Threats Man-in-the-Middle Attacks Over-the-Air Fuzzing Signature Tracking & Analytics Protocol Analysis 2

3 CHALLENGES FACING CURRENT MOBILE SECURITY APPROACHES + MOST MOBILE PLATFORMS ARE DEVELOPED FOR COMMERCIAL USE AND INCREASINGLY PROPRIETARY - Companies like Apple and Samsung are developing more and more isolated hardware and software that requires organizations to stay within their ecosystem resulting in single vulnerabilities inflicting system wide weaknesses. + MANY HIGHLY SECURE PLATFORMS FALL BEHIND AND ARE DIFFICULT TO UPGRADE - While some custom solutions offer high levels of security, they are difficult to update to new hardware and operating systems. Customized OS builds are difficult to maintain and require rebuilds when major changes are released. + MOST ORGANIZATIONS THINK TABLET = SMARTPHONE, INSTEAD OF TABLET = PC FOR SECURIT Y - My organizations still lower their security posture for tablets due to misunderstanding hardware capabilities. Tablets are now capable of being high performance machines with the same (or better) hardware than laptops. + MOST ORGANIZATIONS SECURIT Y PROFESSIONALS THINK DEFENSIVELY, NOT OFFENSIVELY - Many mobile security professionals focus on network and app-level security threats, often failing to understand most advanced offensive attackers focus on hardware, firmware, and OS-level vulnerabilities to defeat higher-level defenses. 3

4 DUE TO VULNERABILITIES, STRICT IT POLICIES ARE NEEDED EXAMPLE POLICIES FOR MOBILE/IOT SECURIT Y + Devices must be powered off when outside of organizationally controlled buildings + Devices can only connect to approved wireless networks + Device must have network and data-at-rest encryption + Data must be capable of being wiped remotely + Bluetooth, NFC, and other wireless communication capabilities must be disabled + Cameras, microphones, and other hardware must be disabled 4

5 THE ROLE OF CONTEXT IN ORGANIZATIONAL POLICIES + Contextual elements such as location play a critical role in organizational security policies for IT assets + Two major constraints exist with enforcing policies on IT assets: - Most rules/responses require manual user action - Contextual triggers are only available when the device is powered-on, post-boot, and user is authenticated ORGANIZATIONAL POLICIES PERSON/ACTOR/ASSET CONTEXTUAL TRIGGER RULE/RESPONSE 5

6 CONTEXT-AWARE SECURITY TRIGGERS R F I D WI-FI G P S B L U E T O O T H CONTEXTUAL TRIGGERS LOCATION/PROXIMIT Y DEVICE POWER STATE PERIPHERAL CONNECTIONS NET WORK ACCESS/AUTHENTICATION CORRELATED SECURIT Y RESPONSE BASED ON POLICY RULES USER PROXIMIT Y USER CREDENTIALS 6

7 Location-Specific Policy DISTRICT: DEFEND SOLVES TRADITIONAL MOBILE WEAKNESSES I m p i n j R F I D Ta g App/Files Operating System Vir tual Machine MOBILE DEVICE POLICY CONTROL Control access to VMs, HW features, networks, OS, applications, and data based on client s location policies Hyper visor I n t e l v P r o MOBILE DEVICE PROTECTION Enforce disk encryption, disable power controls, alert IT when devices leave authorized areas, and wipe data 7

8 DISTRICT: DEFEND LOCATION-BASED SECURITY (EXAMPLE) District 1: Hallway & Open Conference Rooms District 2: Typical User Work Spaces Start Test User Device Powered On WiFi/NIC Disabled Launch VM (Thick) Access to Basic Apps District 3: Sensitive Information Access Point District 0: Lobby & Exterior 8

9 DISTRICT: DEFEND LOCATION-BASED SECURITY (EXAMPLE) District 1: Hallway & Open Conference Rooms District 2: Typical User Work Spaces Start 8 Test User! NGT Search Alerts Data Finder WiFi/NIC Enabled Connect to Network Enable Full App Suite Access to Personal Files District 3: Sensitive Information Access Point District 0: Lobby & Exterior 9

10 DISTRICT: DEFEND LOCATION-BASED SECURITY (EXAMPLE) District 1: Hallway & Open Conference Rooms District 2: Typical User Work Spaces Start 8 Test User! NGT Search Alerts Data Finder WiFi Disabled/NIC Enabled Enable Full App Suite Launch VM (Thin) Access Secure Files District 3: Sensitive Information Access Point District 0: Lobby & Exterior 10

11 DISTRICT: DEFEND LOCATION-BASED SECURITY (EXAMPLE) District 1: Hallway & Open Conference Rooms District 2: Typical User Work Spaces Device Powered Off Full Encryption Disable Power On District 3: Sensitive Information Access Point District 0: Lobby & Exterior 11

12 SECURE LOCATION DATA VIA RAIN RFID + Location-based security provides the ability to automatically enforce organizational policies based on a mobile device s physical location OVERCOMING MISCONCEPTIONS + Why Passive RFID? - Does not actively transmit - Does not penetrate well through walls - Out-of-band and does not comingle with sensitive data - Allows for policy updates and tracking even when device is powered off RFID is unsecure for transferring sensitive data No sensitive data is being transmitted over RFID All data is management data and has signature/encryption RFID is susceptible to cloning or denial of service Passive RFID does not function well through walls Random number and nonce prevents replay 12

13 SIGNIFICANCE TO RAIN COMMUNITY AN ORGANIZATION S MOST VALUEABLE ASSET IS INFORMATION DRIVE ORGANIZATIONAL ADOPTION + Many organizations will not spend money on RFID infrastructure for dumb assets + Connected devices have access to sensitive information and networks higher security budget ESTABLISH NEW MARKETS + Global adoption of mobile devices has exceeded that of traditional desktops + Indoor, office environments (low ceilings) are untapped, yet in need of reliable asset management solutions EXPAND VENDOR ADOPTION + Booz Allen has worked to integrate RAIN RFID tags into two of the world s largest mobile hardware vendors + Promote informed devices that utilize data from RFID tags 13

14 NEAR AND LONG-TERM FOCUS NEAR-TERM PRIORITIES + Expand customer base beyond government into healthcare, oil & gas, and finance + Support partners in deploying RAIN RFID-embedded secure server technology (e.g., Intel AIR) + Deploy District: Detect asset analytics and management tool LONG-TERM PRIORITIES + Work with partners on smartphone solutions + Continue working with laptop and tablet OEMs to embed RAIN RFID tags into additional product lines 14

15 BOOZ ALLEN S DISTRICT: DETECT ANALYTICS & MGMT TOOL 15

16 OPPORTUNITIES IN RAIN RFID-RELATED TECHNOLOGY + Accurate real-time positioning in sub-10ft (3m) ceiling height + Low-cost (<$1,000), small footprint doorway reader capable of directional detection and independent writes for each direction + On-tag protections against advanced replay and cloning attacks + Embedded tags with I 2 C communications 16

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

Integrated Access Management Solutions. Access Televentures

Integrated Access Management Solutions. Access Televentures Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1

More information

Symantec Endpoint Protection Family Feature Comparison

Symantec Endpoint Protection Family Feature Comparison Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per

More information

Changing face of endpoint security

Changing face of endpoint security Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L

More information

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network? Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security

More information

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

High-performance. Enterprise Scale. Global Mobility.

High-performance. Enterprise Scale. Global Mobility. WHAT S NEW NETMOTION MOBILITY 11 High-performance. Enterprise Scale. Global Mobility. Up to Twice as Fast Mobility 11 accelerates throughput and greatly enhances scalability. Enterprises can support more

More information

Bromium: Virtualization-Based Security

Bromium: Virtualization-Based Security Bromium: Virtualization-Based Security TAG-Cyber Briefing Presented by Simon Crosby CTO, Co-Founder of Bromium Bromium 2016 2 Bromium 2016 3 Real-time Detection & Analysis Malware manifest Bromium 2016

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6

More information

Whitepaper. Endpoint Strategy: Debunking Myths about Isolation

Whitepaper. Endpoint Strategy: Debunking Myths about Isolation Whitepaper Endpoint Strategy: Debunking Myths about Isolation May 2018 Endpoint Strategy: Debunking Myths about Isolation Endpoints are, and have always been, a major cyberattack vector. Attackers, aiming

More information

CYBERSECURITY RISK LOWERING CHECKLIST

CYBERSECURITY RISK LOWERING CHECKLIST CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they

More information

Mobile Devices prioritize User Experience

Mobile Devices prioritize User Experience Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile

More information

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved Product Overview Version 1.0 May 2018 Silent Circle The Problem Today s world is mobile. Employees use personal and company owned devices smartphones, laptops, tablets to access corporate data. Businesses

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Securing Your Cloud Introduction Presentation

Securing Your Cloud Introduction Presentation Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today

More information

PrecisionAccess Trusted Access Control

PrecisionAccess Trusted Access Control Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised

More information

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

GlobalPlatform Trusted Execution Environment (TEE) for Mobile GlobalPlatform Trusted Execution Environment (TEE) for Mobile Kevin Gillick Executive Director, GlobalPlatform @GlobalPlatform_ www.linkedin.com/company/globalplatform GlobalPlatform Overview GlobalPlatform

More information

Resilient Architectures

Resilient Architectures Resilient Architectures Jeffrey Picciotto 2 nd Annual Secure and Resilient Cyber Architectures Workshop Transformation of Thought CONOPS Use Cases End to End Flows Cyber Threats & Intelligence Prioritize

More information

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:

More information

INITIAL ENTERPRISE CHALLENGE:

INITIAL ENTERPRISE CHALLENGE: LEVERAGING OUR NATION S INNOVATORS INITIAL ENTERPRISE CHALLENGE: LOCATION BASED SERVICES CHALLENGE ISSUED: 06.20.2016 POC: TIM MARTIN, INNOVATION ASSESSMENT LEAD INITIAL ENTERPRISE CHALLENGE: LOCATION

More information

2017 THALES DATA THREAT REPORT

2017 THALES DATA THREAT REPORT 2017 THALES DATA THREAT REPORT Trends in Encryption and Data Security FINANCIAL SERVICES EDITION www.thales-esecurity.com 2017 THALES DATA THREAT REPORT TRENDS IN ENCRYPTION AND DATA PROTECTION U.S. U.K.

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018 How-to Guide: Tenable Nessus for BeyondTrust Last Revised: November 13, 2018 Table of Contents Welcome to Nessus for BeyondTrust 3 Integrations 4 Windows Integration 5 SSH Integration 10 API Configuration

More information

Securing Office 365 with MobileIron

Securing Office 365 with MobileIron Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,

More information

RHM Presentation. Maas 360 Mobile device management

RHM Presentation. Maas 360 Mobile device management RHM Presentation Maas 360 Mobile device management Strong adoption in the enterprise Manufacturing Financial Consumer Healthcare Public Others 2 Trusted by over 9,000 customers Recognized Industry Leadership

More information

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Improving Security in Embedded Systems Felix Baum, Product Line Manager Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.

More information

ICS Security Monitoring

ICS Security Monitoring ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Procedure: Bring your own device

Procedure: Bring your own device Procedure: Bring your own device Purpose This procedure defines the obligations for all authorised users who choose to connect a personally owned device to the University s network or who use their personal

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

CompTIA A+ Certification ( ) Study Guide Table of Contents

CompTIA A+ Certification ( ) Study Guide Table of Contents CompTIA A+ Certification (220-902) Study Guide Table of Contents Course Introduction About This Course About CompTIA Certifications Module 1 / Supporting Windows 1 Module 1 / Unit 1 Windows Operating System

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

Why This Topic Is Essential For ICS/SCADA

Why This Topic Is Essential For ICS/SCADA Introduction Executive Security Consultant for Securicon 15+ years in Information Security Coauthor of Building A Security Awareness Program Social Engineering trainer Physical access enthusiast Agenda

More information

INDOOR POSITIONING ANALYTICS

INDOOR POSITIONING ANALYTICS INDOOR POSITIONING ANALYTICS 2017 GPS CHANGED OUTDOOR POSITIONING LOCATION WEATHER DISTANCE TRAFFIC AVIATION DEFENSE DRIVERLESS CARS 2017 Copyright Inpixon All Rights Reserved 2 BUT DOES NOTHING FOR INDOORS

More information

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion What You Will Learn The wireless spectrum is a new frontier for many IT organizations. Like any other networking medium,

More information

Dell EMC OpenManage Mobile. Version 3.0 User s Guide (Android)

Dell EMC OpenManage Mobile. Version 3.0 User s Guide (Android) Dell EMC OpenManage Mobile Version 3.0 User s Guide (Android) Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION

More information

benefits for customers with subscriptions in CSP

benefits for customers with subscriptions in CSP Windows 10 upgrade benefits for customers with subscriptions in CSP Windows 10 upgrade benefits for customers Resources and guidance for organizations upgrading from Windows 7 and Windows 8/8.1 with subscriptions

More information

Go mobile. Stay in control.

Go mobile. Stay in control. Go mobile. Stay in control. Enterprise Mobility + Security Jeff Alexander Sr. Technical Evangelist http://about.me/jeffa36 Mobile-first, cloud-first reality 63% 80% 0.6% Data breaches Shadow IT IT Budget

More information

RiskSense Attack Surface Validation for IoT Systems

RiskSense Attack Surface Validation for IoT Systems RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing

More information

BUFFERZONE Advanced Endpoint Security

BUFFERZONE Advanced Endpoint Security BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,

More information

HPE Intelligent Management Center

HPE Intelligent Management Center HPE Intelligent Management Center EAD Security Policy Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with the TAM

More information

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes. Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure

More information

IT Security: Managing a New Reality

IT Security: Managing a New Reality IT Security: Managing a New Reality Kevin Lonergan #IDCDirections IDC You re Only as Strong as Your Weakest Link Locks Only Work if you Know How to Use Them IDC 2 Millions Canadian Security Market Forecast:

More information

K12 Cybersecurity Roadmap

K12 Cybersecurity Roadmap K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the

More information

Cisco Secure Ops Solution

Cisco Secure Ops Solution Brochure Cisco Secure Ops Solution Cisco Secure Ops Solution supports cyber-security risk management and compliance for industrial automation environments. It is a combination of on premise technology,

More information

The Next Generation of Credential Technology

The Next Generation of Credential Technology The Next Generation of Credential Technology Seos Credential Technology from HID Global The Next Generation of Credential Technology Seos provides the ideal mix of security and flexibility for any organization.

More information

Mobile Security Fall 2013

Mobile Security Fall 2013 Mobile Security 14-829 Fall 2013 Patrick Tague Class #6 More WiFi Security & Privacy Issues WiFi Security Issues A Scenario Internet Open AP SSID Network X Open OpenAP AP SSID Attacker Network X LaptopLaptop

More information

SECURE OFFICE OF THE FUTURE

SECURE OFFICE OF THE FUTURE ** SECURE OFFICE OF THE FUTURE HP Today Powering 430 of the Global Fortune 500 Companies Working with 250,000+ Channel Partners 18,000+ patents 2 PCs & 1 Printer ship every second HP Business Personal

More information

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017 mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM mbed: Connecting chip to cloud Device software Device services Third-party cloud services IoT device application mbed Cloud Update IoT cloud

More information

Cybersecurity with Automated Certificate and Password Management for Surveillance

Cybersecurity with Automated Certificate and Password Management for Surveillance Cybersecurity with Automated Certificate and Password Management for Surveillance October 2017 ABSTRACT This reference architecture guide describes the reference architecture of a validated solution to

More information

align security instill confidence

align security instill confidence align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

Provisioning secure Identity for Microcontroller based IoT Devices

Provisioning secure Identity for Microcontroller based IoT Devices Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

OWA Security & Enhancements

OWA Security & Enhancements END-POINT SECURITY Messageware is a world leader in Microsoft Exchange and Outlook Web App security and productivity solutions. Our software is used by over 5 million users worldwide and has been recognized

More information

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Frequently Asked Questions WPA2 Vulnerability (KRACK) Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key

More information

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device

More information

PCI Compliance Updates

PCI Compliance Updates PCI Compliance Updates PCI Mobile Payment Acceptance Security Guidelines Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance February, 2013 - PCI Mobile

More information

Cisco ONE for Access Wireless

Cisco ONE for Access Wireless Data Sheet Cisco ONE for Access Wireless Cisco ONE Software helps customers purchase the right software capabilities to address their business needs. It helps deliver reduced complexity, simplified buying,

More information

CS 356 Operating System Security. Fall 2013

CS 356 Operating System Security. Fall 2013 CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database

More information

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015 Mobile Field Worker Security Advocate Series: Customer Conversation Guide Research by IDC, 2015 Agenda 1. Security Requirements for Mobile Field Workers 2. Key Mobile Security Challenges Companies Face

More information

Lookout's cybersecurity predictions

Lookout's cybersecurity predictions LOOKING FORWARD AND LOOKING BACK: Lookout's cybersecurity predictions by Kevin Mahaffey Every year, cybersecurity pundits cast predictions for which issues will make headlines in the year to come. We ve

More information

HP Device as a Service (DaaS)

HP Device as a Service (DaaS) HP Device as a Service (DaaS) Smart, simplified computing solutions for today s world. Proud Technology Services Industry Association (TSIA) award winner Managing and securing multi-os environments can

More information

THALES DATA THREAT REPORT

THALES DATA THREAT REPORT 2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

BUFFERZONE Advanced Endpoint Security

BUFFERZONE Advanced Endpoint Security BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,

More information

Make security part of your client systems refresh

Make security part of your client systems refresh Make security part of your client systems refresh Safeguard your information with Dell Data Security Solutions while boosting productivity and reducing costs Your organization might have many reasons for

More information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose

More information

A Guide to Closing All Potential VDI Security Gaps

A Guide to Closing All Potential VDI Security Gaps Brought to you by A Guide to Closing All Potential VDI Security Gaps IT and security leaders are embracing virtual desktop infrastructure (VDI) as a way to improve security for an increasingly diverse

More information

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan

More information

Samsung and Financial Services. Enhance the customer experience with Samsung s innovative Financial Services offerings

Samsung and Financial Services. Enhance the customer experience with Samsung s innovative Financial Services offerings Samsung and Financial Services Enhance the customer experience with Samsung s innovative Financial Services offerings Samsung Electronics Australia Pty Ltd ABN 63 002 915 648 ( Samsung ) 3 Industry trends

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Customer Architecture for Securing Workloads on Cloud Services Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme UEM2205BE Get Up to Speed on Innovations in the Mobile Ecosystem: ios, macos, Android, and Chrome OS VMworld 2017 Content: Not for publication Sascha Warno #Vmworld #UEM2205BE Disclaimer This presentation

More information

Cisco Connected Factory Accelerator Bundles

Cisco Connected Factory Accelerator Bundles Data Sheet Cisco Connected Factory Accelerator Bundles Many manufacturers are pursuing the immense business benefits available from digitizing and connecting their factories. Major gains in overall equipment

More information

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER

More information

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline

More information

MaaS360 Secure Productivity Suite

MaaS360 Secure Productivity Suite MaaS360 Secure Productivity Suite Frequently Asked Questions (FAQs) What is MaaS360 Secure Productivity Suite? MaaS360 Secure Productivity Suite integrates a set of comprehensive mobile security and productivity

More information

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107) Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience

More information

MOBILE NETWORK ACCESS CONTROL

MOBILE NETWORK ACCESS CONTROL MOBILE NETWORK ACCESS CONTROL Extending Corporate Security Policies to Mobile Devices www.netmotionwireless.com Executive Summary Network Access Control (NAC) systems protect corporate assets from threats

More information

Think Like an Attacker

Think Like an Attacker Think Like an Attacker The Core Security Attack Intelligence Platform Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An

More information

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement

More information

Endpoint Security - what-if analysis 1

Endpoint Security - what-if analysis 1 Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File

More information

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question

More information

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

SONICWALL SECURITY HEALTH CHECK PSO 2017

SONICWALL SECURITY HEALTH CHECK PSO 2017 SONICWALL SECURITY HEALTH CHECK PSO 2017 Get help in fully utilizing your investment to protect your network Overview SonicWALL Security Health Check provides a customer with a comprehensive review of

More information

PLATFORM CONVERGENCE JOURNEY

PLATFORM CONVERGENCE JOURNEY Windows 10 Client PLATFORM CONVERGENCE JOURNEY Converged OS kernel Converged app model Windows 10 DEPLOYMENT CHOICES Wipe-and-Load In-Place Provisioning Traditional process Capture data and settings

More information

Managing BYOD Networks

Managing BYOD Networks Managing BYOD Networks SPS-2013 Raghu Iyer raghu.iyer@nevisnetworks.com 1 What is BYOD Bring Your Own Device Are you allowing a Rogue? SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 2 Why BYOD Increased

More information

What is Eavedropping?

What is Eavedropping? WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks

More information

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to

More information

AAD - ASSET AND ANOMALY DETECTION DATASHEET

AAD - ASSET AND ANOMALY DETECTION DATASHEET 21 October 2018 AAD - ASSET AND ANOMALY DETECTION DATASHEET Meaningful Insights with Zero System Impact Classification: [Protected] 2018 Check Point Software Technologies Ltd. All rights reserved. This

More information

TestOut PC Pro - English 6.0.x COURSE OUTLINE. Modified

TestOut PC Pro - English 6.0.x COURSE OUTLINE. Modified TestOut PC Pro - English 6.0.x COURSE OUTLINE Modified 2019-01-02 TestOut PC Pro Outline - English 6.0.x Videos: 142 (17:10:32) Demonstrations: 144 (17:38:44) Simulations: 117 Fact Sheets: 189 Exams: 132

More information

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: COMPUTERS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE UP Despite pouring

More information

Cisco ONE for Access Wireless

Cisco ONE for Access Wireless Data Sheet Cisco ONE for Access Wireless Cisco ONE Software overview Cisco ONE Software helps customers purchase the right software capabilities to address their business needs. It helps deliver reduced

More information

StageNow Eilbron Meghdies

StageNow Eilbron Meghdies StageNow Eilbron Meghdies Product Manager Agenda Introduction How it works Features Q & A WIIFM What s in it for me? Grow your business Accelerate the adoption of your Application Save Money StageNow saved

More information

Security Solutions. Overview. Business Needs

Security Solutions. Overview. Business Needs Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.

More information

SONICWALL SECURITY HEALTH CHECK SERVICE

SONICWALL SECURITY HEALTH CHECK SERVICE SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service

More information