Managing BYOD Networks

Similar documents
The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Mobile Security using IBM Endpoint Manager Mobile Device Management

RHM Presentation. Maas 360 Mobile device management

Securing BYOD With Network Access Control, a Case Study

Securing Today s Mobile Workforce

3-Part Guide to Developing a BYOD Strategy

BYOD: BRING YOUR OWN DEVICE.

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Mobile Device Management: A Real Need for the Mobile World

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Symantec Network Access Control Starter Edition

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Mobile Devices prioritize User Experience

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017

Microsoft 365 Business FAQs

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

Service Description VMware Workspace ONE

Network Access Control

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Protecting Health Information

Securing Office 365 with MobileIron

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Support Device Access

SECURITY & PRIVACY DOCUMENTATION

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Securing Your Most Sensitive Data

Securing Office 365 with SecureCloud

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Transforming Security Part 2: From the Device to the Data Center

BYOD Business year of decision!

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

ClearPass and MaaS360 Integration Guide. MaaS360. Integration Guide. ClearPass. ClearPass and MaaS360 - Integration Guide 1

Symantec Endpoint Protection Family Feature Comparison

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

PCI DSS Compliance. White Paper Parallels Remote Application Server

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Make security part of your client systems refresh

Symantec Enterprise Solution Product Guide

Information Security BYOD Procedure

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Information Security Controls Policy

USP Network Authentication System & MobileIron. Good for mobile security solutions

The Internet of Everything is changing Everything

2013 InterWorks, Page 1

Cisco ISE Ports Reference

Symantec Network Access Control Starter Edition

Enhancing and Extending Microsoft SharePoint 2013 for Secure Mobile Access and Management

Driving the Need for Mobile Device Management (MDM)

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Symantec Network Access Control Starter Edition

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Securing Health Data in a BYOD World

Say Goodbye to Enterprise IT: Welcome to the Mobile First World. Sean Ginevan, Senior Director, Strategy Infosecurity Europe

Cisco ISE Ports Reference

Effective Strategies for Managing Cybersecurity Risks

McAfee Total Protection for Data Loss Prevention

Securing Corporate Data on Mobile Devices

Trusted Computing Today: Benefits and Solutions

Agenda. BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Introduction BYOD Defined Trends By the Numbers

Google on BeyondCorp: Empowering employees with security for the cloud era

Xerox and Cisco Identity Services Engine (ISE) White Paper

ForeScout ControlFabric TM Architecture

PLATFORM CONVERGENCE JOURNEY

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Cisco ISE Ports Reference

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

ISO27001 Preparing your business with Snare

Mobile Security / Mobile Payments

Windows Server Network Access Protection. Richard Chiu

Vodafone Secure Device Manager Administration User Guide

Changing face of endpoint security

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

BYOD Risks, Challenges and Solutions. The primary challenges companies face when it comes to BYOD and how these challenges can be handled

Support Device Access

Mobility, Security Concerns, and Avoidance

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

All-in one security for large and medium-sized businesses.

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

AKAMAI CLOUD SECURITY SOLUTIONS

Secure wired and wireless networks with smart access control

empow s Security Platform The SIEM that Gives SIEM a Good Name

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

MaaS360 Secure Productivity Suite

BYOD the HP Way: Secure, Device-Agnostic Network Access Management Jochen Fischer Solution Architect (MASE) September 2013

Office 365 Buyers Guide: Best Practices for Securing Office 365

As Enterprise Mobility Usage Escalates, So Does Security Risk

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Automating the Top 20 CIS Critical Security Controls

The Future of Mobile Device Management

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Altitude Software. Data Protection Heading 2018

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Publishing Enterprise Web Applications to BYOD using a Granular. Trust Model. Shachaf Levi IT Client Security & Connectivity May 2013.

10 FOCUS AREAS FOR BREACH PREVENTION

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Transcription:

Managing BYOD Networks SPS-2013 Raghu Iyer raghu.iyer@nevisnetworks.com 1

What is BYOD Bring Your Own Device Are you allowing a Rogue? SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 2

Why BYOD Increased productivity and employee satisfaction Employees can respond to work requests outside work hours Employees report higher satisfaction with flexible working hours The traditional work place has morphed airports, coffee shops Penetration of IT into homes Emails, social networking, digital entertainment, net-banking Highly capable laptops, tablets and smartphones found in many homes Employees do not wish to carry multiple devices Personal IT devices are more capable than the corporate device Attracting, retaining and supporting new talent Employees seek work environments that foster freedom on choice of tools and technologies Lower IT procurement, support costs Employees procure, maintain and upgrade their own devices SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 3

Who is adopting BYOD Universities are pioneers of BYOD Out of necessity SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 4

Risks of BYOD Corporate data loss Legal and Financial consequences of inappropriate use of data Staying compliant and preventing privacy breaches regulatory challenge Intellectual Property loss e.g. the iphone 4 was lost even before launch Application Security Freeware or Malware or Spyware Greater than 80% Android and IOS Apps access sensitive information such as location, calendars, address books. Many share information with service providers, app developers and possibly 3 rd parties. Device security Stolen/lost devices can get back into the network In a survey greater than 40% of personal device users did not have device unlock passcodes Support costs may escalate Device variety and heterogeneity can be overwhelming Absence of suitable infrastructure can be human resource intensive SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 5

Growth of Android Malware SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 6

Outdated Versions of Android SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 7

BYOD Administration SPS-2013 Raghu Iyer raghu.iyer@nevisnetworks.com 8

Plan for BYOD Adoption Accept the inevitable plan proactively. Plan for a phased roll out. Begin with a smaller a target user segment and limited device type and limited application support. Expand coverage in phases. Define a BYOD strategy with a governance plan and an acceptable use policy that users must sign up to. Specify security requirements and practices based on employee roles and devices types Explain user liabilities and responsibilities Address employee privacy concerns Develop plans for violations Deploy a BYOD Authorization and a Network Access Control as a first line of defense Deploy security and management tools to monitor and manage BYOD threats SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 9

Solution Architecture for BYOD Registration Self Help Portals KYC procedures Reduce Risk Provision configuration, monitoring agents Device registration using digital certificate Continuously Assess Authentication Enforce Compliance Regulate Access Attribute based access control Device, Location, Time, User Role based Monitor Deploy Data Mining, Analytics Track User activity, Traffic SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 10

Self Help Registration Portal User friendly secure device registration, provisioning portal Potential to reduce IT support costs Redirect unregistered devices to self help portal Enable user to register device with a browser Provisioning wizard to guide user through the process Process may include checkpoints for administrator intervention/authorization Deploy device specific supplicant for security posture check and monitoring Cater to heterogeneous device and OS variety Provision digital certificates chained to organization Root CA De-provisioning, De-registration Device loss or theft Employee self help page for device management Revoke all Digital Certificates issued to the user/device Blacklist Access SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 11

Certificate Infrastructure Maintain a Root Certificate Authority (CA) Organization MUST only trust client certificates that can be traced back to a Root CA controlled by the organization. An intermediate CA chained to the Root must issue final certificates Certificate Attributes Must include Device specific information e.g. MAC address Must have low life time recommend 6 months Certificate Revocation check should be enforced CRL should be always available Scalable to maintain high volume of certificate issue/renew/revocation activity SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 12

Central Authentication Maintain Enterprise wide User and Device Identity Maintain User/Device groups and manage memberships Scalable to address organization growth Headcount Geographical spread low latency, replicated Authentication Rates Monday morning flood Support digital certificate based identity verification SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 13

Network Access Control User and Device ID established via digital certificates and central authentication server Registered Devices Typically employee owned and employee registered via self help portal Granted partial or full access based on Device category and Employee group membership in Central Authentication server Whitelist Corporate owned and provisioned device list manually administered Access control pre-determined by administrator mostly Full Access Blacklisted devices denied access, can be reinstated Posture checks by supplicant Ensure passcodes for device unlock are implemented Verify OS/Application versions, verify permitted/disallowed applications Disable Cameras and other accessories when plugged into network Check for Jail break devices SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 14

Monitor and Log User/Device Traffic LAN based IPS Malware injection points are now spread throughout the network no longer a single perimeter gateway problem Signature based Anomaly based Deploy data mining and Analytics Provision flow logging Get visibility E.g. Netflow/S-Flow Provision user and device network access logging Archive logs Plan for storage scale Deploy correlation tools to simplify log analysis and shorten incident response times SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 15

BYOD Network Process Employees Guests User Agnostic Device Agnostic Network Agnostic Location/Time Aware Identity Authentication 1 I d like access. Who are you? Authorized User Unclean Quarantine Area 2 Is Device compliant? Device Authentication Clean Ongoing compliance management 3 Regulated Access Authorization 4 Corporate Network Behavior Monitoring SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 16

Thanks Q&A SPS-2013 Raghu Iyer raghu.iyer@nevisnetworks.com 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback