MOBILE SECURITY OVERVIEW. Tim LeMaster
|
|
- Hubert Miller
- 6 years ago
- Views:
Transcription
1 MOBILE SECURITY OVERVIEW Tim LeMaster
2 Your data center is in the cloud.
3 Your users and customers have gone mobile.
4 Starbucks is your fall-back Network.
5 Your mobile device is a gold mine for hackers ENTERPRISE ENTERPRISE APPS SaaS, Custom Apps CREDENTIALS Stored, Soft Tokens PHOTO ALBUM Whiteboard Screenshots, IDs ENTERPRISE NETWORK VPN, WiFi SENSORS GPS, Microphone, Camera
6 How are you protecting your corporate data? APPS DEVICE NETWORK WEB & CONTENT Selected, purchased, and managed by organization Selected, purchased, and managed by organization LAN / corporate Wi-Fi VPN when traveling Filtered at organizational perimeter PC - Anti-Virus - DLP - Vulnerability scanning - Administered by IT - Managed by SCCM - OS version control - OS integrity monitoring - Behavioral monitoring - On device firewalls - perimeter firewall - Secure Web Gateways Selected, purchased, and managed by user* Organizational issued, some BYOD Always on cellular User selected Wi-Fi Often unfiltered MOBILE - Partially managed using MDM Lookout 2017 Confidential and Proprietary
7 COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Spyware & surveillanceware - Trojans - Other malicious apps - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Spoofed WiFi APs - Root CA installation - Phishing - Drive-by-download - Malicious websites & files SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practices - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - Network hardware vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that leak data - Apps that breach org security policy - Apps that breach regulatory compliance - User initiated jailbreak/root - No pin code/password* - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Opening attachments and visiting links to potentially unsafe content Lookout 2017 Confidential and Proprietary
8 Multiple attack vectors utilized End user jailbreak/root Malicious jailbreak/root OS vulnerabilities exploitation Data on stolen devices OS Apps Malicious apps Non-compliant apps App vulnerability exploits Data leakage Network Malicious MitM attacks Anomalous Root CA
9 COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spy & surveillanceware - Trojans - User initiated jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach leak data company - security Apps that policy breach org - Apps security that policy breach - regulatory Apps that breach compliance regulatory compliance - No pin code/password - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary
10 For ios enterprise devices: Lookout 2017 Confidential and Proprietary
11 COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spyware & surveillance & ware - Trojans surveillanceware - Trojans - User initiated jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach company security policy - Apps that breach regulatory compliance - No pin code/password - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary
12 COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spy & surveillance ware - Trojans - User Privilege initiated escalation - jailbreak/root Remote jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Spoofed Root CA installation WiFi APs - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach company security policy - Apps that breach regulatory compliance - No User pin initiated code/password - USB jailbreak/root debugging - No pin code/password* - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary
13 MITM Example MitM Demo
14 COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spy & surveillance ware - Trojans - User initiated jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach company security policy - Apps that breach regulatory compliance - No pin code/password - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary
15 ANDROID Android Patches 101 patched CVEs in Jun 76 high or critical 120 patched CVEs in May 88 high or critical Android Security Advisory Rooting app Kernel vuln Deployment challenges Older devices not getting updates
16 IOS ios Patches ios Status ios version released 15 May 49 CVEs patched ios version released 3 Apr WiFi chip vulnerability patch ios version 10.3 released 27 Mar 91 CVEs patched Scareware for Ransom Safari browser pop-ups loop Need employees to update
17 MOBILE RISK HIGHLIGHTS Alternative App stores Fraudulent/Fake Apps Pegasus and Trident MilkyDoor ViperRAT surveillanceware App take downs
18 Lots of alternative app stores
19 Pegasus and Trident Pegasus: The Threat Trident: The Three Vulnerabilities A professionally developed and highly advanced threat leveraging, zero-day vulnerabilities, code obfuscation, and encryption and sophisticated function hooking to subvert app controls. Describes a trifecta of three related zero-day vulnerabilities in ios, that collectively allowed the attacker to automatically jailbreak the device and install far-reaching spyware.
20 Pegasus causes catastrophic data compromise All encrypted data from any apps on the device User passwords from the keychain All wifi passwords for every network the device has been on All passwords from any connected Apple router / Airport / Time Capsule GPS / User location All calls audio and history All data from calendar including meetings Sensitive conversations recorded via microphone conversations All contacts on the device And more
21 MilkyDoor Provides access to internal networks Covertly grants attackers access to enterprise's services web, FTP, SMTP in the internal network Repackaged Android Apps 200 unique apps on Play Communicates to C&C over SSH Android.process.s
22 ViperRAT Surveillanceware Social media for targeting Fake Profile as young women Build trust Install app for easier communication Multi-stage malware Dropper for profiling 2 nd stage is more capable Extract files and Photos
23 210 Lookout-discovered threats in the Google Play Store (2016) July 15 August 4 September 7 September 30 October 19 October-November November 25 BouncerBounce OverSeer DressCode DressCode TcemuiPhoto Uploader WakefulApp Download XRanger Malware that works around Google s review process to plant malicious apps in Play Store. Spyware targeting foreign travelers searching for Embassy locations. Steals contact and location data Can make the device a proxy for network traffic on corporate networks. We discovered more apps on Play injected with this trojan. Lookout discovered this malware family in fake versions of popular apps on Play. Malware hidden in "File Explorer" app that had gotten into Play, downloads and launches additional apps. 167 apps in Play infected with this app dropper. = Discovered by Lookout in Play Store and subsequently removed by Google.
24 Gartner Market Guide for Mobile Threat Defense Solutions It is becoming increasingly important that security leaders look at the anti-malware, mobile threat defense solutions market, the products available and how they should be used. * This Gartner report is available upon request from Lookout Lookout Mobile Endpoint Security meets all four functional capabilities, including: Behavioral Anomaly Detection Vulnerability Assessment Network Security App Scan Source: Gartner Market Guide for Mobile Threat Defense Solutions, John Girard and Dionisio Zumerle, July 2016 *Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
25 What Should You Do?? Layered Defenses Stick to official app stores Lock your screen MDM Don t connect to unknown WiFi Use a VPN Be wary of phishing attempts Unknown links in text messages, s and web sites Use a Mobile Threat Detection solution
Zimperium Global Threat Data
Zimperium Global Threat Report Q2-2017 700 CVEs per Year for Mobile OS 500 300 100 07 08 09 10 11 12 13 14 15 16 17 Outdated ios Outdated ANDROID 1 of 4 Devices Introduces Unnecessary Risk 1 out of 50
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationBETTER Mobile Threat Defense (BMTD)
BETTER Mobile Threat Defense (BMTD) Powered by BETTER Mobile Security, Inc. Enterprise Challenges Today s enterprise IT managers are looking for better and more efficient ways to empower workforces utilizing
More informationPCI Compliance Updates
PCI Compliance Updates PCI Mobile Payment Acceptance Security Guidelines Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance February, 2013 - PCI Mobile
More informationWHITEPAPER. Lookout Mobile Endpoint Security for App Risks
WHITEPAPER Lookout Mobile Endpoint Security for App Risks The emerging risk around leaky and noncompliant mobile apps As organizations are increasingly embracing mobile devices in the workplace, mobile
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationMobile Devices prioritize User Experience
Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationWHITEPAPER. How to secure your Post-perimeter world
How to secure your Post-perimeter world WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward
More informationWhat is a mobile protection product?
What is a mobile protection product? A mobile protection product can be separated into two distinct categories: security and management. The security features range includes antimalware, anti-phishing,
More information68 Insider Threat Red Flags
68 Insider Threat Red Flags Are you prepared to stop the insider threat? Enterprises of all shapes and sizes are taking a fresh look at their insider threat programs. As a company that s been in the insider
More informationSecurity Made Simple by Sophos
Security Made Simple by Sophos Indian businesses in the radar of cyber-threats Frequency of cyber-attacks Most targeted systems / IT assets -- KPMG Cybercrime Survey Report 2015 3 ON AN AVERAGE, HOW MUCH
More informationMultilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.
SOLUTION OVERVIEW Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms. What is a mobile protection product? A mobile protection
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS
ANDROID PRIVACY & SECURITY GUIDE WESNET The Women s Services Network Smartphones store a lot of personal information, including email or social media accounts, reminders and notes, the number of steps
More informationMultilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.
SOLUTION OVERVIEW Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms. What is a mobile protection product? A mobile protection
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationTrinity Multi Academy Trust
Trinity Multi Academy Trust Policy: Bring Your Own Device Date of review: October 2018 Date of next review: October 2020 Lead professional: Status: Director of ICT and Data Non-Statutory Page 1 of 5 Scope
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationQuick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.
Quick Heal Mobile Security Free protection for your Android phone against virus attacks, unwanted calls, and theft. Product Highlights Complete protection for your Android device that simplifies security
More informationMOBILE THREAT PREVENTION
MOBILE THREAT PREVENTION BEHAVIORAL RISK ANALYSIS AN ADVANCED APPROACH TO COMPREHENSIVE MOBILE SECURITY Accurate threat detection and efficient response are critical components of preventing advanced attacks
More informationFinding GDPR non-compliance in a mobile first world
Finding GDPR non-compliance in a mobile first world How to gain visibility into mobile threats & risks that could trigger infringement fines Personal data shall be processed in a manner that ensures appropriate
More informationGo mobile. Stay in control.
Go mobile. Stay in control. Enterprise Mobility + Security Jeff Alexander Sr. Technical Evangelist http://about.me/jeffa36 Mobile-first, cloud-first reality 63% 80% 0.6% Data breaches Shadow IT IT Budget
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationSecurity of End User based Cloud Services Sang Young
Security of End User based Cloud Services Sang Young Chairman, Mobile SIG Professional Information Security Association sang.young@pisa.org.hk Cloud Services you can choose Social Media Business Applications
More informationCommercial Product Matrix
PRODUCT MATRIX 1H2016 FOR INTERNAL USE ONLY Trend Micro Commercial Product Matrix SELLING TREND MICRO SECURITY SOLUTIONS Small Business or /Medium Business? < 100 Users > 100 Users Trend Micro Customer
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Quick Heal Total Security for Android Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that
More informationA Guide to Closing All Potential VDI Security Gaps
Brought to you by A Guide to Closing All Potential VDI Security Gaps IT and security leaders are embracing virtual desktop infrastructure (VDI) as a way to improve security for an increasingly diverse
More informationTechnical Evaluation Best Practices Guide
Technical Evaluation Best Practices Guide How to test enterprise mobile security deployment, device monitoring, threat detection, and support TABLE OF CONTENTS STEP 1 Testing app deployment STEP 2 Testing
More informationMobile Services Category Team (MSCT) Advanced Technology Academic Research Center (ATARC)
Mobile Services Category Team (MSCT) Advanced Technology Academic Research Center (ATARC) Mobile Threat Protection App Vetting and App Security Working Group Document July 2017 Table of Contents 1 Introduction...
More informationMOBILE THREAT LANDSCAPE. February 2018
MOBILE THREAT LANDSCAPE February 2018 WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationCHECK POINT SANDBLAST MOBILE BEHAVIORAL RISK ANALYSIS
CHECK POINT SANDBLAST MOBILE BEHAVIORAL RISK ANALYSIS AN ADVANCED APPROACH TO COMPREHENSIVE MOBILE SECURITY Accurate threat detection and efficient response are critical components of preventing advanced
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationSecuring Office 365 with MobileIron
Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationMobile devices boon or curse
Mobile devices boon or curse Oliver Ng - Director of Training Kishor Sonawane - India Lead Security Compass Consulting & Training Consumerization According to Apple s chief operating officer, 65 percent
More informationHIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department
HIPAA Assessment Prepared For: ABC Medical Center Prepared By: Compliance Department Agenda Environment Assessment Overview Risk and Issue Score Next Steps Environment NETWORK ASSESSMENT (changes) Domain
More informationPLATFORM CONVERGENCE JOURNEY
Windows 10 Client PLATFORM CONVERGENCE JOURNEY Converged OS kernel Converged app model Windows 10 DEPLOYMENT CHOICES Wipe-and-Load In-Place Provisioning Traditional process Capture data and settings
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationProteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro
Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro 2 Customer Challenges 3 Most Attacks Include Phishing Emails 5 Advanced Malware Difficult to
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationSeamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads
Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads Kimmo Vesajoki, Country Manager Finland & Baltics Trend Micro EMEA Ltd. Copyright 2016 Trend Micro Inc. Cross-generational
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationSecuring Enterprise or User Brought mobile devices
Securing Enterprise or User Brought mobile devices Wilfried Baeten Business Line Director Projects&Consulting Econocom Managed Services 20/09/2013 WWW.ECONOCOM.COM Agenda Introduction The mobile security
More informationHow WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security
How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security Drivers for Fraud Prevention WebSafe Protection Drivers for Fraud Prevention WebSafe Protection
More informationExposing The Misuse of The Foundation of Online Security
Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationMcAfee MVISION Mobile Threat Detection Android App Product Guide
McAfee MVISION Mobile Threat Detection Android App 1809.4.7.0 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationBig Trends in IT and how they shape Security. Gerhard Eschelbeck, CTO
Big Trends in IT and how they shape Security Gerhard Eschelbeck, CTO Industry Trends #1 The Rapidly Growing Demand for Processing and Data Storage Google processes 20 PB a day London s traffic cams processing
More informationTHE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS
SESSION ID: MBS-W04 THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS Nadir Izrael CTO & Co-Founder Armis, Inc. Ben Seri Head of Research Armis, Inc. Placeholder Slide: Image of spread of infection Placeholder
More informationZero Trust in Healthcare Centrify Corporations. All Rights Reserved.
Zero Trust in Healthcare 1 CYBER OFFENSE REDEFINED: TRANSFORM YOUR SECURITY POSTURE WITH ZERO TRUST 2 What Keeps CIOs Up at Night? How exposed are we, anyway? Who can access what? Can we trust our partners?
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationBUFFERZONE Advanced Endpoint Security
BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,
More informationBUFFERZONE Advanced Endpoint Security
BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationOffice 365: Modern Workplace
Office 365: Modern Workplace November 8, 2018 Bruce Ward, VP of Business Strategy Helping you grow your business with scalable IT services & solutions for today s challenges & tomorrow s vision. 2018 Peters
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE
ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE AGENDA Network Traffic Analysis: What, Why, Results Malware in the Heart of Europe Bonus Round 2 WHAT: NETWORK TRAFFIC ANALYSIS = Statistical analysis,
More informationNew World, New IT, New Security
SESSION ID: GPS1-R08 New World, New IT, New Security Jackie Chen Chief Product & Marketing Officer Sangfor Technologies (HQ) #RSAC New World, New IT, New Security Internet of Things BYOD Cloud Estimated
More informationBest Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security
Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More information2013 InterWorks, Page 1
2013 InterWorks, Page 1 The BYOD Phenomenon 68% of devices used by information workers to access business applications are ones they own themselves, including laptops, smartphones, and tablets. IT organizations
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationLessons from the Human Immune System Gavin Hill, Director Threat Intelligence
Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationCeedo Client Family Products Security
ABOUT THIS DOCUMENT Ceedo Client Family Products Security NOTE: This document DOES NOT apply to Ceedo Desktop family of products. ABOUT THIS DOCUMENT The purpose of this document is to define how a company
More informationCourse Outline (version 2)
Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students
More information