three secrets to becoming a mobile security superhero

Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 1© 2016 Skycure Inc. 1 August 3, 2016

Three Secrets to Becoming a Mobile Security Superhero

Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 2© 2016 Skycure Inc. 2

Quick Housekeeping

•There will be time for Q&A at the end•Ask questions using the GTW chat pane•The webinar is being recorded•All attendees will receive a copy of the slides/recording

Join the discussion #MobileThreatDefense


Meet Your Speakers

John DicksonDirector of IT Infrastructure & Cybersecurity,Republic National Distributing Company

Brian KatzDirector of Mobile Strategy,VMware

Varun KohliVice President,Skycure


Agenda

• Mobile Security Superhero- How to prove to your management that mobile threats are real- How to choose the right mobile security solution – SANS checklist- What to report to your CEO and board of directors

• Meet a real mobile security superhero: John Dickson from RNDC

• EMM Leader: Brian Katz from VMware AirWatch• How Skycure can help• Q & A


Is Mobile Security Important?

Source: BYOD and Mobile Security – 2016 Spotlight Report

Q: What are your main security concerns related to BYOD?


Are Mobile Attacks Real?

Source: BYOD and Mobile Security – 2016 Spotlight Report & Skycure Threat Intelligence Report

Q: Have any of your BYO or corporate-owned devices downloaded malware in the past?


Are Mobile Attacks Real?Q: Have any of your BYO or corporate-owned devices connected to a malicious WiFi in the past?



Are Organizations Getting Impacted? Q: Have mobile devices been involved in security breaches in your organization in the past?



Are Organizations Getting Impacted? What is the real impact?

Source: Department of Health and Human Services


What Are Leading Analysts Saying?

Phys

ical

Netw

ork

Vuln

erab

ilitie

s

Mal

ware

“Concerns related to advanced threats cannot be countered with traditional mobile security tools [such as EMM], as well as protection from wireless vulnerabilities and untrusted public networks, are the main drivers for adoption of these technologies.”

“Work environment is shifting away from employees using computers on premise towards causing smartphones and tablets off a corporate network. This will drive a growing priority around securing mobile devices.”


Selection CriteriaMobile Threat Defense/Protection/Prevention

Requirement PriorityDeployment Process

Support app download from public stores HighOverall ease of deployment High

End User Experience

Low impact on device battery usage HighLow data usage MediumApp maintains end user’s privacy HighClear display of detected threats and mitigation options

High

Provide automatic mitigation options for most threats

High

Management & Administration

Provide visibility on detected threats and vulnerabilities

High

Provide an overall risk estimate per device HighProvide forensic capabilities on identified threats

Medium

Provide the option to define an organization-level compliance policy

High

Reporting High

OtherEMM integration HighSIEM integration HighProvide a third-party API Low

Requirement Priority

Threat Detection

Network ThreatsSecure communication downgrading (SSL stripping) attack detection

High

Secure traffic decryption (SSL decryption) attack detection

High

Content manipulation attack detection MediumRogue networks detection HighAbility to perform automatic mitigation on detected network threats

High

MalwareDetection of malicious apps based on different app properties

High

Detection of repackaged/fake apps HighDetection of malicious apps based on signatures/known exploits

Medium

Ability to block malicious app installation HighDetection of iOS malware HighDetection of malicious profiles on iOS devices HighDevice VulnerabilitiesAbility to identify jailbroken or rooted devices MediumAbility to identify device OS vulnerabilities HighAbility to prompt end users to upgrade their device OS version

Medium


7 Things to Report to Your CEO and Board1. Details about the high profile public breach from last week/month2. Reason why the same thing cannot happen to your company3. What the current mobile risk score is and how you compare to

your peers4. Number of mobile incidents prevented in the last month5. Which people/devices/department were attacked the most6. Which dataset was targeted the most7. The overall ROI of your investment

Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 13© 2016 Skycure Inc. 13© 2015 Skycure Inc.

The RNDC Story

WHO WE ARE

14

15

RNDC AT-A-GLANCE

16

RNDC SECURITY TECHNOLOGIES

Mobile DevicesSFA/BYOD

AirWatch MDM*

AntiMalwareAntiHackingPatch Mgmt(Skycure)

17

RNDC’S MOBILE THREAT DEFENSE JOURNEY

Mobile is where PC was 20 years agoMobile is actually MORE VALUABLE and MORE VULNERABLE than other corporate devices

You don’t just need to manage these devices, you need to SECURE THEM too

THERE WAS SKEPTICISM EARLIER…

18

MANAGEMENT BUY-IN WAS EASY

1 2• Leveraged SKYCURE’S

iOS MALICIOUS PROFILE EXPLOIT

• Took over CFO’s iPhone in less than a minute

• Easiest sell ever

• Skycure gave 250 FREE SEATS as part of the trial

• 30% DEVICES had known vulnerabilities

• 10 DEVICES had keystroke loggers

19

MY SELECTION CRITERIA

USER IT

• USER EXPERIENCE

• PRIVACY• BATTERY LIFE

• CLOUD was a must• Integrated like glue with

AIRWATCH• Protection against

MALICIOUS APPS, NETWORKS AND DRIVE-BY WEBSITES

WHO ELSE DID WE

LOOK AT?

ZIMPERIUM AND

LOOKOUT

Zimperium had a complicated UX and required scripting

Lookout did not do anything for network awareness and protection

20

WHAT DO I REPORT ON?

• MULTIPLE DEVICES had malicious activity• SKYCURE HELPED WITH IMMEDIATE REMEDIATION• GETTING MORE MOBILE RELATED QUESTIONS – There is more

awareness• Helps to drive more applications into the AirWatch App Store rather than fighting the

pushback• This gives us a touch into the salesforce automation program.

THIS WAS MISSING EARLIER.• “THANK YOU’S” from all associate levels, especially for securing BYO

devices and personal data in addition to business data21

OVERALL IMPACT OF SKYCURE

5,000+Users

8,000Devices

~10,000Networks Scanned

850,000Apps Analyzed

4,000,000Tests Performed


AirWatch Overview

Manage All Endpoints in a Single Solution

23

Any Endpoint Any Use Case

Knowledge worker

Corporate | BYO

Task workerLine of Business

No userKiosk | IOT

Modern Management Framework

Out of box configuration

Policies and security settings

Over-the-air management and

updates

Asset tracking

Full lifecycle management

Protect Company Apps and Data Through Multi-layered Security

24

Intelligent Access Controls | Automated Compliance

Secure the Endpoint

Trust the User

Containerize the App

Safeguard the Data

Protect the Network

25

Skycure + AirWatch allows you to predict, detect and proactively mitigate mobile threatsSkycure and AirWatch Integration

Malware

Vulnerabil-ity

Network

Mobile Threats


Skycure Overview

Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 27

Skycure – High Level OverviewLeading Product & ResearchCustomers

Venture BackedStrategic Partners

CONSUMER GOODS

FINANCIAL SERVICESMANUFACTURING TRANSPORTATIO

N

FORTUNE 50 PHARMACEUTICAL

COMPANY

250+TV channelsFORTUNE 100

HEALTHCARE COMPANY

FORTUNE 500 FINANCIAL SERVICES

COMPANIES


Skycure Solution Overview

Phys

ical

Netw

ork

Vuln

erab

ilitie

s

Mal

ware

• 24x7 detection and protection

• Network, device and app analysis

• Multi platform

Seamlessexperience

Privacy Minimalfootprint

End-User App


Phys

ical

Netw

ork

Vuln

erab

ilitie

s

Mal

ware

• Policy enforcement• Risk-based

management• Enterprise

integrations

Security Visibility IT Satisfaction

Management• 24x7 detection and

protection• Network, device and

app analysis• Multi platform

End-User App

Seamlessexperience


Skycure Solution Overview


Phys

ical

Netw

ork

Vuln

erab

ilitie

s

Mal

ware

• Policy enforcement• Risk-based

management• Enterprise

integrations

Security Visibility IT Satisfaction

Management• 24x7 detection and

protection• Network, device and

app analysis• Multi platform

Seamlessexperience


End-User App

Skycure Solution OverviewMobile Threat Intelligence Platform

1 Million+ Global Threats Identifiedhttps://maps.skycure.com

Real-Time ThreatIntelligence

CrowdWisdom

Millions ofmonthly tests -

apps & networks

SkycureResearch

No iOS Zone, Malicious Profiles, WiFiGate,

LinkedOut

ThreatAggregator

Dozens of threat feeds from 3rd parties

LegitimateServices

Attackers & Threats

https://maps.skycure.com/

https://maps.skycure.com/


Is your organization vulnerable?

50 Free Skycure Licenses• Step 1 – Download Skycure Public App (Recommendation: 5-20

devices) • Step 2 – Review Skycure Assessment Report in 4 weeksWhat do we usually find?

NUMBER OF DEVICES WITH MALICIOUS APPS INSTALLED

PERCENTAGE OF DEVICES EXPOSED TO NETWORK

THREATS

PERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-

SEVERITY VULNERABILITIES

EVERY ORG

with 200+ devices had

iOS malware

81.57%

7.22%

1-800-650-4821 [email protected]

tel://1-800-650-4821/