Check Point EXECUTIVE SUMMARY

Transcription

1 Check Point MOBILE THREAT PREVENTION data flow and handling EXECUTIVE SUMMARY This document details the handling of data within the Check Point Mobile Threat Prevention solution, including data elements to which the solution has access and the handling of each element within solution components. The Solution architecture allows customers to meet rigid compliance, data protection, and privacy requirements and regulations. It uses a variety of patent-pending algorithms and detection techniques to identify mobile device risks, and triggers appropriate defense responses that protect business and personal data. The Check Point Mobile Threat Prevention solution ( the Solution ) includes the following components: Check Point Mobile Threat Prevention Behavioral Risk Engine ( the Engine ) Check Point Mobile Threat Prevention Gateway ( the Gateway ) Check Point Mobile Threat Prevention Management Dashboard ( the Dashboard ) Check Point Protect app ( the App ) for ios and Android The Solution and its components protect mobile devices from advanced mobile malware, spyware, viruses, Trojan horses, targeted attacks, and other malicious technologies that may gather information from a device. Device threat detection requires the App to monitor behavior on the device. The App may also collect, store, and process metadata about device use, configurations, and log details. The Solution requires the user s address, in most cases their work address assigned by their Enterprise organization, to register a device. Upon the creation of a user device within the organization s Dashboard, a unique identifier (Check Point device_id) is created and used as the pseudonymized 1 method of identifying a user s device within the Solution. The Personal Information is only stored in the organization s Dashboard, where the linkage to the Check Point device_id and user s address (and possibly name and phone number, if provided) is made. 1 See GDPR definition in Section 6.3 1

2 TABLE OF CONTENTS 1 SOLUTION ARCHITECTURE Components DATA COLLECTION AND STORAGE User Information Use of User Information Information The Solution Collects from Apps Installed on a Device Information The Solution Collects from The Dashboard Where The Data Is Stored Check Point Protect App Check Point Mobile Threat Prevention Gateway Check Point Mobile Threat Prevention Management Dashboard Check Point Mobile Threat Prevention Behavioral Risk Engine How The Data Flows Within The Solution What Happens When a Device Is Removed From The System INFRASTRUCTURE SECURITY AUTHORIZED EMPLOYEE ACCESS (THE ORGANIZATION S ADMINISTRATORS) Controlling Mobile Threat Prevention Administrator Access to Employee Data Information Visible to The Organization s Administrators Via The Dashboard Device Not at Risk Device at Risk BYOD Privacy Mode Events and Alerts Tab Device Risk Tab App Analysis Tab User and Device Management Solution Architecture with UDM Where and How Data is Stored in a UDM Deployment EU DATA PROTECTION LAWS Solution Component Locations APPENDICES Appendix A Android Check Point Protect App Permissions Appendix B Advanced Threat Detection Capabilities Appendix C Definitions Under GDPR (Article 4) Appendix D EU Member States (at the time of this publication) Appendix E EEA Member Countries (at the time of this publication) Appendix F Safe Jurisdiction List (at the time of this publication) Appendix G References/Resources

3 1 SOLUTION ARCHITECTURE Check Point Mobile Threat Prevention Cloud DB EMM/ MDM Company A Mobile Threat Prevention Gateway Dashboard DB Behavioral Risk Engine (BRE) 1.1 components Component Check Point Protect App Behavioral Risk Engine Description The Check Point Protect App is a lightweight app for ios and Android that gathers data and helps analyze threats to devices in an Enterprise environment. It monitors operating systems and information about apps and network connections and provides data to the Solution which it uses to identify suspicious or malicious behavior. To protect user privacy, the App never collects or examines content or files. Instead, it examines critical risk indicators found in the anonymized data it collects. The App performs some analysis on the device while resource-intensive analysis is performed in the cloud. This approach minimizes impact on device performance and battery life without changing the end-user experience. No Personal Information is processed by or stored in the App. The cloud-based Check Point Mobile Threat Prevention Behavioral Risk Engine uses data it receives from the App about network, configuration, and operating system integrity data, and information about installed apps to perform in-depth mobile threat analysis. The Engine uses this data to detect and analyze suspicious activity, and produces a risk score based on the threat type and severity. The risk score determines if and what automatic mitigation action is needed to keep a device and its data protected. No Personal Information is processed by or stored in the Engine. 2 Personal Information is any information that can individually identify a person. Anonymous information connected or linked with any Personal Information shall be deemed as Personal Information so long as such a connection or linkage exists. Within the Solution, the user s name, address, address, and phone number, and linkage by way of unique identifier (Check Point device_id) to an IP address, unique device identifier (UDID/IMEI), etc. are considered to be Personal Information. See Section 2.1 for additional details. 3

4 Component Management Dashboard Mobile Threat Prevention Gateway Description The cloud-based web-gui Check Point Mobile Threat Prevention Management Dashboard enables administration, provisioning, and monitoring of devices and policies and is configured as a percustomer instance. The Dashboard can be integrated with an existing Mobile Device Management (MDM)/Enterprise Mobility Management (EMM) solution for automated policy enforcement on devices at risk. When using this integration, the MDM/EMM serves as a repository with which the Dashboard syncs enrolled devices and identities. Personal Information, such as a user s name, address, and phone number, is processed by and may be stored in the Dashboard. The cloud-based Check Point Mobile Threat Prevention Gateway is a multi-tenant architecture to which mobile devices are registered. The Gateway handles all Solution communications with enrolled mobile devices and with the customer s ( organization s ) Dashboard instance. No Personal Information is processed by or stored in the Gateway. 2 DATA COLLECTION AND STORAGE 2.1 User Information Anonymous information on a device that does not enable identification of an individual user may become available to Check Point when a user installs and/or uses the Check Point Protect app. The Solution collects two types of data from an enrolled device: 1. Anonymous device information. The App collects aggregated technical and device usage information such as, but not limited to: operating system versions, device configurations, internal and external hardware components and driver versions, device activity logs (for features like connectivity status to Wi-Fi/wireless networks or secured or unsecured Wi-Fi), information about apps on a device (binary file) including the app source of time/date of installation, and Check Point Protect App logs. 2. Individually identifiable information ( Personal Information ). This is information on a device that identifies, or may with reasonable effort identify an individual, or may be of a private and/or sensitive nature. The Check Point App does not actively collect any Personal Information stored on or flowing through a device. However, Check Point Solution may receive the following Personal Information: a. Personal Information provided by the organization. The organization may enter into the Solution Personal Information that may include a user s full name or organization identifier, address and telephone number. The organization may provide Check Point with this information which may be used to manage and/or implement the Solution. b. Personal Information the App collects automatically. As part of the communication between the App and servers hosting Solution components, user devices automatically provide the Solution with an IP address, Check Point proprietary VPN connection credentials (as detailed below), unique device identifier (UDID/ IMEI), and Check Point device_id. c. Personal Information a user provides voluntarily. App users may provide Check Point with certain information using report text box in the App, such as personal details while reporting an issue or debugging information of an issue. 4

5 Anonymous device information connected to or linked with any Personal Information shall be deemed as Personal Information so long as such connection or linkage exists, such as how the Check Point device_id creates a linkage between the user s Personal Information and the IP address of the device connected to the Solution. Such linkage may be created in circumstances where the Solution has detected anomalies on a device through its collection of Anonymous device information. Such information is sent to the Dashboard which is managed by the organization. When a device is deleted and no longer associated with any Personal Information, the Anonymous Information loses this linkage and becomes Non-Personal Information. If specifically permitted by the organization on a case-by-case basis, Check Point may have access to this Dashboard which may also contain Personal Information such as user names, addresses, and phone numbers (e.g., where Check Point s investigation of a security incident requires the organization to contact an individual user at the organization). 2.2 Use of User Information The Solution collects Anonymous device information and Personal Information so the organization can protect information stored on mobile devices. In general, the Solution: 1. Enables the organization s designated personnel to monitor whether or not the App is currently and properly running on the device. 2. Enables the organization s designated personnel to perform real-time assessments and to protect the device against potential or residing threats, malware and any other harmful or malicious applications and processes; 3. Enables the organization s designated personnel to alert a user of such threats and to instruct the user on how to remove threats from a device. The Solution will use Personal Information in order to: 1. Send the user instructions via including a link to the application page on the applicable marketplace (app store, including but not limited to private application stores) to continue the download process; 2. Determine geo-location information from which the user s mobile device is connected to the Internet in order to know the location of the device in order to render the detection of possible Man-In-The-Middle attacks. In the App for ios, this functionality is disabled at default, but can be enabled by the user or MDM Administrator. In the App for Android, this functionality is enabled by default, but can be disabled. In either case, the geo-location is only gathered when there is an actual Man-In-The-Middle attack occurring. In addition, Check Point may collect and use Anonymous device information to: 1. Understand app usage and behaviors. 2. Create statistics and other aggregate information and analysis with respect to behavioral patterns of use of the organizational devices (i.e. type of applications installed on organizational devices, computer servers with which such applications are connected, and the extent of the data exchanged with these servers). 3. Use it for statistical, analytical and research purposes and for customization, developing and improvement of the Solution and its components. Analysis of Anonymous device information is cross-organizational, and Check Point may use this information as necessary to enable and improve the Solution and its components. 2.3 Information The Solution Collects from Apps Installed on a Device The App does not upload the content of communications or content of apps. It uploads metadata, data points, or binary files (plist file of.ipa on ios or.apk file on Android). 5

6 Generally, the Solution does not upload app binaries installed on user s device. Instead, the Solution attempts to and usually can identify the app on the external repository, such as the App Store or Google Play, by its signature (binary hash, package name and version). However, sometimes it may be necessary for the app binary to be uploaded from the device to the Solution for analysis, for example, if someone physically or side-load installs malware on a device and the malware does not exist on these stores. In the case of Android, it may be necessary to upload the app (.apk file) to the Solution from a user s device. However, no personal data is uploaded in order to avoid compromising the privacy of a user s personal data. 2.4 Information The Solution Collects from The Dashboard As part of the device enrollment action, by either MDM integration or manual entry, a user s address (required), name (optional), and phone number (optional) can be entered to associate a device with a user. The Dashboard is the only location in the Solution where Personal Information is used, viewed, and/or stored. 2.5 Where The Data Is Stored The data elements/types accessed, uploaded, viewable, and/or stored are listed below per Solution component Check Point Protect App The App accesses and/or uploads the following data elements to the Solution. No Personal Information is processed by or stored in this component. (For a more detailed breakdown between Android and ios, please see Appendix B.) Data Type Description Access? Upload Detail to The Solution? Device Properties Operation system version, hardware component and driver versions Yes Yes Connectivity Status (WiFi, Network) Device connectivity type where type could be GPRS, SecuredWifi or NonSecuredWifi. Communication Metadata Sockets state: IP addresses, ports, state, protocol, data length Yes No Device Configuration The App monitors configuration changes on the device. It also performs analysis for weaknesses in device operating systems, like Yes Yes vulnerable versions of Open SSL. Running Process List List of running processes by reading /proc folder Yes No Running Process Traffic List of running processes by reading /proc folder Sent/Received Statistics Yes No Installed Apps List List of all installed apps including app name, version, app_id, package_name, app_location, the size of app file, app fingerprint Yes Yes certificate list File List List of files located in /system and /. Yes No Device SD Card Reads SD card, but does not upload information Yes No Check Point Protect App s Interface, bytes sent, bytes received Data Usage Yes Yes Check Point s device_id Unique device identifier within the Mobile Threat Prevention cloud Yes Yes Check Point VPN Login Unique Check Point certificate for connecting to Capsule Cloud VPN Credential Yes No Certificates of App Not to Upload On ios, the app checks for CA certificate, proxy, or VPN configurations that could compromise the security of the device Yes Yes Yes No 6

7 2.5.2 Check Point Mobile Threat Prevention Gateway The Gateway stores the following data elements which may be viewable from the Dashboard (per customer instance). No Personal Information is processed by or stored in this component. Data Type Description Access? Information Stored in The Gateway? Displayed via the Dashboard? Check Point device_id Unique identifier of device registered to the Solution Yes Yes Yes Hash of The App Binary SHA256 hash of app binary is used as app_id in the Solution Yes Yes Yes Installation Location App installation filesystem location Yes Yes No Installation Time App installation time Yes Yes No Installation Source App source location (Market or Otherwise) Yes Yes No Last Active Time Last time device connected to the gateway Yes Yes Yes Network Connection Type Device connectivity type where type could be GPRS, SecuredWifi, or NonSecuredWifi Yes Yes No Certificates of App If an app requires a certificate to operate, such as a VPN profile certificate, the administrator can upload the certificate details and then whitelist its use Yes Yes Yes Registration Address Registration Phone Number associated with the unique Check Point device_id Phone number associated with the unique Check Point device_id Yes No* Yes Yes No* Yes, if provided Alerts Alerts sent from the Dashboard and App Yes No** Yes * Registration s or phone number the gateway sends the registration s \ registration text messages but does not store them. ** Alerts the gateway sends the alerts to the devices but does not store them. 7

8 2.5.3 Check Point Mobile Threat Prevention Management Dashboard The Dashboard stores the following data elements (per customer instance). Data Type Description Access? Information Stored in The Dashboard? Corporate User Data Data that was provided through the integration with the MDM or manually address (required) User name (optional) Phone number (optional) Yes Yes Check Point device_id Unique identifier of device Yes Yes Alerts Audit trail of incidents and actions that occurred on the device. Events/Alerts could be an app installation/removal, or profiles Yes Yes detected on devices, etc. Security Group(s) Devices can be added to specific security groups, such as Sales Team, for easy management of all devices in a group. Yes Yes Security Policy Security policy for an app. Possible settings are Default, Whitelist, Blacklist, or User Approval. Yes Yes Dashboard Users and Administrative user list and level of access Roles Yes Yes Apps to Device Association When a device is at High or Medium risk level, all malicious, warning, or info severity level apps are viewable from the device s information view If the device is not at High or Medium risk level, then no apps are associated to the device s information view Also, if BYOD Mode is enabled, the dashboard will not display the app to device association Yes Yes Check Point Mobile Threat Prevention Behavioral Risk Engine The Engine stores the following data elements which may be viewable from the Dashboard (per customer instance). No Personal Information is processed by or stored in this component. Data Type Description Access? Information Stored in The Engine? Displayed in the Dashboard? App Binary App binary obtained from the store or uploaded Yes Yes Yes Extracted Raw Data App attributes such as installed/removed from a device, threat level, code analysis method, etc. Yes Yes Yes Threats Found Per App Exploit usage, for example, the app can exfiltrate from the device Yes Yes Yes The Engine is not aware of the device (or associated user) on which the app is installed. 8

9 2.5.5 How The Data Flows Within The Solution In the event the Engine detects or suspects any malware, spyware or other malicious software on a device, the Solution sends a push notification about the threat which specifes there is malicious software on the device and instructions for how to remove it. In the event the user does not follow these instructions, the Solution may restrict device functionality according to the organization s policies and practices. Check Point will disclose to the organization s designated personnel specific and relevant information about the malicious software (name and type) and type of the information that may have leaked from a device, if any (i.e., metadata of messages exchanged through the device). The collection, processing, analysis, monitoring, storing and disclosure (as necessary in relevant cases) of the information including, but not limited to the information pertaining to the device as part of the Solution, shall be subject to our Privacy Policy 3 which is incorporated herein for reference. The Solution does not monitor with whom the user communicates or the content of such communication. It monitors information that may flag malicious or potentially harmful software on a device, such as mobile apps which are deemed by the Solution as anomalies. It monitors device use in real-time only as necessary to enable the Solution. By deleting the App from a device, the device, and all corporate data residing on the device, may be exposed to targeted attacks by malicious technology. Therefore, an alert is sent to the organization s designated personnel if the App is removed. 3 Check Point Privacy Policy: 9

10 Below is an overview of communication between the Solution components. Check Point Protect App Check Point Protect App Detects changes in apps or network connections Detects possible MiTM vulnerability Encrypted artifacts sent over SSL to Mobile Threat Prevention Cloud Services Mobile Threat Prevention Gateway Mobile Threat Prevention Gateway receives data from device Application list is processed, compared to already known Application Risk Assessment based on application_id Application artifacts aggregated for identification and analysis (stripped of any identifying device information) Application is retrieved Application is retrieved from device, from app store if not available from online source Application Behavioral Analysis: Automated and Researcher Behavioral Risk Engine Risk Type Identification Severity of Risk Risk Score assigned to the specific application_id Results of Analysis and Application metadata stored in the Engine database Risk Score and application_id returned to the Gateway Mobile Threat Prevention Gateway Risk/Score/application_id evaluated, if malicious/warning The Gateway sends alert to the Dashboard Mobile Threat Prevention Dashboard The Dashboard processes Risk Assessment against set policies The Dashboard sends alert to The Dashboard sends alert to MDM/EMM if configured affected devices Check Point Protect App 2.6 What Happens When a Device Is Removed from The System If for any reason a user wishes to delete or modify Personal Information, the user must contact his organization. Such requests will be handled by the organization and/or to the extent applicable, such request will be transferred to us by the organization. Reasonable efforts will be made to modify or delete any such Personal Information pursuant to any applicable privacy laws. Aggregated and/or anonymous data may remain on Check Point servers indefinitely. Note that unless the organization instructs Check Point otherwise, it may retain the user s Personal Information for as long as required to provide the organization the Solution, and as permitted under any applicable privacy laws. 10

11 3 INFRASTRUCTURE SECURITY Check Point takes reasonable measures to maintain the security and integrity of the Check Point Protect app, the Solution, the user s information, and the organization s information and to prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures (among others, state of the art firewalls, antivirus, IDS/IPS, etc.). Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and Check Point cannot guarantee that unauthorized access or use will never occur. The Solution collects ios and Android apps from their respective online app stores to analyze and detect suspicious activity and produces a risk score based on the type and severity of the risk. The App communicates with the Solution over HTTPS with a server certificate signed by a trusted certificate authority (CA). The certificate uses RSA with 2048-bit key for authentication and key exchange to establish a 256-bit session key. The HTTPS sessions are encrypted using AES. 4 authorized employee access (THE ORGANIZATION S ADMINISTRATORS) The collected information can be viewed/accessed only by the designated authorized personnel of the organization (i.e. IT officer or information security officer of the organization) in accordance with our Privacy Policy. Such information access and monitoring by the organization s designated personnel is performed through the Dashboard. 4.1 Controlling Mobile Threat Prevention Administrator Access to Employee Data There are different levels of Administrators as described below. Role Super User Admin Support Basic Support Device Admin Security Manager Security Manager Viewer Basic Security Manager Settings View Settings Update + + My Profile View My Profile Update Events View Events Update + Alerts Receive Device Risk Profiles View Profiles Policy Update App Analysis View App Policy Update Devices View Devices Resend Registration Groups Update Dashboard

12 4.2 Information Visible to The Organization s Administrators Via The Dashboard Device Not at Risk There are two views in which user and device information are viewable when the device is not at risk, Devices and Device Risk tabs. In the Devices tab, the user s name, address, and phone number as entered by the organization are associated with a particular device id. The details of the device are limited to device OS type and version, device type, the version of the Check Point Protect app running on the device, and the last time the device connected with the Gateway. In this view, the Administrators can view a list of registered devices, but cannot view the list of apps installed on a particular device. When the device is viewed from the Device Risk tab, the device detail is similar to that of the Devices tab. From the App Analysis tab, the Administrator can view a comprehensive list of all the apps installed across all the registered devices, but they cannot view on which devices the apps are installed when the app is not identified as Malicious or Warning severity level. 12

13 4.2.2 Device at Risk If a device is determined to be at High or Medium risk level, the Administrators can view the same level of device details as before, but with a list of applications that put the device at risk.further details regarding the Malicious or Warning severity level app are viewable either by drilling-down on the app from the Device Risk view or by viewing the app from App Analysis tab. A Malicious or Warning severity level app will not only include information about the app, such as fingerprint, store location, capability, etc., but also list the affected devices (i.e. the devices on which the app is installed). 4.3 BYOD Privacy Mode In the Dashboard under Settings > Privacy Settings, BYOD Privacy Mode can be enabled. When enabled, administrators can only see that a malicious threat exists, but not which user is affected. This is to ensure the highest user privacy when needed. 1 3

14 4.3.1 Events and Alerts Tab BYOD Privacy Mode Disabled BYOD Privacy Mode Enabled Device Risk Tab BYOD Privacy Mode Disabled BYOD Privacy Mode Enabled 14

15 4.3.3 App Analysis Tab BYOD Privacy Mode Disabled When BYOD Privacy Mode is disabled, the drill-down into the App Analysis information for a Malicious or Warning severity app will display the affected devices BYOD Privacy Mode Enabled However, when BYOD Privacy Mode is enabled, the drill-down into the App Analysis information for a Malicious or Warning severity app will not display the affected devices. 4.4 User and Device Management User and Device Management (UDM) is a web-based application residing within the organization s data center that manages a range of user and device related tasks. A typical user accesses organizational resources from multiple devices: computers, laptops, smartphones, and tablets. UDM provides a unified environment for managing various user and device related tasks, such as provisioning, transparency of access via logs, viewing user and device details, certificate management, AD user management, and FDE password recovery (for Endpoint Security clients). With UDM, security administrators can delegate user and device management tasks to Help Desk administrators. This delegation of responsibilities lets the network security team handle security policy issues and the Help Desk team manages some user access tasks. The purpose of this section is to describe the data elements and flow of data between the App, the Dashboard, and the User and Device Management (UDM) server Solution Architecture with UDM Check Point Mobile Threat Prevention Cloud DB EMM/ MDM Server UDM Mgmt Server Mobile Threat Prevention Gateway DB Behavioral Risk Engine (BRE) AD Company A Dashboard 15

16 4.4.2 Where and How Data Is Stored in a UDM Deployment The data elements/types accessed, uploaded, viewable, and/or stored are listed below per component Check Point Protect App The App interaction with the Solution does not change in a UDM deployment model. Information remains the same as described in Section No Personal Information is processed by or stored in this component Check Point User and Device Management (UDM) Server Data Type Description Access? Upload Detail to The Solution? Device Owner Name User s Name Yes Encrypted Device Owner Address User s Address Yes Encrypted Device Number User s Device Phone Number Yes Encrypted Check Point device_id Unique identifier of device registered to the Solution Yes No Gateway In a UDM deployment model, the UDM Management Server communicates directly with an server for sending device registration messages. All data elements remain the same as described in Section except that the Dashboard displays encrypted corporate user data ( , name, and phone number) as indicated below. No Personal Information is processed by or stored in this component. Data Type Description Access? Registration Address Registration Phone Number Management Dashboard associated with the unique Check Point device_id Phone number associated with the unique Check Point device_id Information Stored in The Gateway? Displayed Via The Dashboard? Encrypted No Encrypted Encrypted No Encrypted The Dashboard stores the same data elements in a UDM deployment model as it does without UDM with the notable difference that the corporate user data ( address, name, and phone number) is encrypted. The UDM Management Server does not allow editing of the Dashboard; it is a read-only view. All other data elements remain the same as described in Section Data Type Description Access? Corporate User Data Data that was provided through the integration with the MDM or manually address (required) User name (optional) Phone number (optional) Encrypted Information Stored in The Dashboard? Encrypted Behavioral Risk Engine The interaction between the Dashboard and the Engine does not change in a UDM deployment model. Information remains the same as described in Section No Personal Information is processed by or stored in this component. 1 6

17 5 EU DATA PROTECTION LAWS In April 2016, the European Union published the final text of Regulation (EU) 2016/679, also known as the General Data Protection Regulation (GDPR), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data 5. The GDPR takes effect on May 25, 2018, after a two-year implementation period. It replaces EU Directive 95/46/EC 6. The GDPR regulates the use of Personal Information and the free movement of such data across a wide range of sectors. As a regulation, the GDPR is a directly binding legislative act that must be applied in its entirety across the EU. In the context of the GDPR and Check Point Mobile Threat Prevention, the Enterprise organization is the controller 7 and Check Point is the processor 8. The Solution requires the user s address, in most cases their work address assigned by their Enterprise organization, to register a device. Upon the creation of a user device within the organization s Dashboard, a unique identifier (Check Point device_id) is created and used as the pseudonymized 9 method of identifying a user s device within the Solution. The personal data is only stored in the organization s Dashboard, where the linkage to the Check Point device_id and user s address (and possibly name and phone number, if provided) is made. The organization s Dashboard is a web-based cloud service secured with HTTPS (SSL/TLS). If the organization has employees within the EU, the organization s Dashboard (and its database) will reside within the EU. In the cases of data exchanged between the Dashboard and the Gateway, and the App and the Gateway, no personal data is exchanged or stored. In the case of a device registration, a registration is sent via the Gateway, but is not stored in the Gateway. In all components other than the organization s Dashboard, only the unique identifier is used, providing a pseudonymized method. In the case of a UDM deployment, the user s personal data is encrypted before the information is uploaded to the organization s Dashboard. Please see Section 4.4 for additional information regarding the UDM Deployment. Except in the organization s Dashboard, there is no Personal Information stored within the other components. The data is either anonymized (such as during the exchange between the Engine and the Gateway) or pseudonymized (such as during the exchange between the Dashboard and the Gateway or between the Gateway and the App). All communication between each component from the App to the Engine is encrypted in transit. There is no transfer of Personal Information outside of the EU-based servers (the organization s Dashboard) to third countries. Only anonymized or pseudonymized data is exchanged between EU-based servers and U.S.-based servers. 4 Official Journal of the European Union: Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 5 See GDPR definition in Section EU Directive 95/46/EC: Protection of Personal Data Official Journal L 281, 23/11/1995 P See GDPR definition in Section See GDPR definition in Section See GDPR definition in Section

18 The Solution architecture is conducive with meeting the EU Directive and the EU Regulation as a data processor by minimizing the amount of personal data needed to operate the Solution, keeping the data within the EU, using industry leading security measures, and by utilizing and providing anonymizing and pseudonymizing methods/ techniques. Check Point takes all necessary actions to ensure personal data is secure at rest as well as in transit within the Solution. As discussed in Section 2.6, the user can contact the organization to request their personal data be removed from the Solution. However, anonymized data may persist. 5.1 Solution Component Locations Check Point Mobile Threat Prevention Cloud (US) Check Point Mobile Threat Prevention Cloud (Regional - EU) Mobile Threat Prevention Gateway DB Behavioral Risk Engine (BRE) DB Dashboard Dashboard DB EMM/ MDM EMM/ MDM EU Company B US Company A The Dashboards are running in Amazon Web Services (AWS) located in both the EU and the U.S. The accompanying Dashboard databases are always near the Dashboard (same AWS region). Therefore, any user s Personal Information (user s name, address, and phone number) is stored in the region required by the organization, either EU or U.S. All of the Gateways, as well as the Gateway databases, are running in AWS located in the U.S. There is no Personal Information stored in the Gateway or Gateway databases. 18

19 6 APPENDICES 6.1 Appendix A Android Check Point Protect App Permissions 10 Permissions Area Device and App History Identity SMS Photos/Media/Files Wi-Fi Connection Information Device ID and Call Information Other Details Retrieve running apps Read sensitive log data Find accounts on the device Receive text messages (MMS) Receive text messages (WAP) Read text messages (SMS or MMS) Receive text messages (SMS) Modify or delete the contents of USB storage Read the contents of USB storage View Wi-Fi connections Read phone status and identity Receive data from the Internet Full network access View network connections Run at startup Close other apps Read battery statistics Modify system settings Connect and disconnect from Wi-Fi Change network connectivity Prevent device from sleeping 6.2 Appendix B Advanced Threat Detection Capabilities 11 Vector ios Android Device Jailbreaking Version-specific ios exploits Suspicious configuration changes Rooting and root kits Version- or device-specific Android exploits Suspicious configuration changes Vulnerable configurations File system tampering Network Man-in-the-middle attacks Malicious proxy and VPN profiles Man-in-the-middle attacks Apps Malicious behaviors Spyphones and RATs Side-loading of apps using stolen or fake certificates Malicious behaviors Spyphones and RATs Bots SMS interception Keylogging and credential theft Screen scraping 10 Google Play Store Check Point Protect App Permissions 11 Mobile Threat Prevention: Behavioral Risk Analysis 19

20 6.3 Appendix C Definitions Under GDPR (Article 4) For clarity, a few of the definitions listed under Article 4 of the GDPR are provided below. This is not an exhaustive list of definitions. Word or Phrase personal data processing pseudonymisation (pseudonymization) controller processor third party personal data breach binding corporate rules supervisory authority cross-border processing Definition Any information relating to an identified or identifiable natural person ( data subject ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed Personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity An independent public authority which is established by a Member State pursuant to Article 51 Either: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State 20

21 6.4 Appendix D EU Member States (at the time of this publication) 12 Austria (1995) Belgium (1958) Bulgaria (2007) Croatia (2013) Cyprus (2004) Czech Republic (2004) Denmark (1973) Estonia (2004) Finland (1995) France (1958) Germany (1958) Greece (1981) Hungary (2004) Ireland (1973) Italy (1958) Latvia (2004) Lithuania (2004) Luxembourg (1958) Malta (2004) Netherlands (1958) Poland (2004) Portugal (1986) Romania (2007) Slovakia (2004) Slovenia (2004) Spain (1986) Sweden (1995) United Kingdom (1973) 6.5 Appendix E EEA Member Countries (at the time of this publication) 13 Including All EU Member States Listed Above, and Norway Liechtenstein Iceland 6.6 Appendix F Safe Jurisdiction List (at the time of this publication) 14 Andorra Argentina Canada (commercial organizations) Faeroe Islands Guernsey Israel Isle of Man Jersey New Zealand Switzerland Uruguay 6.7 Appendix G References/Resources 1. Mobile Threat Prevention: Behavioral Risk Analysis 2. Google Play Store Check Point Protect App Permissions 3. Check Point Privacy Policy 4. User and Device Management (UDM) Administration Guide dogoviewsolutiondetails=&solutionid=sk101672&partition=general&product=user 5. EU Data Privacy Regulations and Directives Official Journal of the European Union, L 119, 4 May EU Directive 95/46/EC: Protection of Personal Data Official Journal L 281, 23/11/1995 P Regulation (EC) No 1882/2003 of the European Parliament and of the Council of 29 September 2003 Official Journal L 284, 31/10/2003 P Check Point is a registered trademark of Check Point Software Technologies Ltd. All rights reserved. Android and Google Play are trademarks of Google, Inc. App Store is a registered trademark of Apple Inc. ios is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. ios is used under license by Apple Inc. CONTACT US Worldwide Headquarters 5 Ha Solelim Street, Tel Aviv 67897, Israel Tel: Fax: info@checkpoint.com U.S. Headquarters 959 Skyway Road, Suite 300, San Carlos, CA Tel: ; Fax: