DOCSLIB.ORG

Mobile Threat Defense

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mobile Threat Defense DISA – TEM Brief: Mobile Threat Defense (MTD) for GFE/BYOD May 19th, 2021 Agenda • What problem do we solve? • Zero-Day attacks on Mobile (Network, Device, Phishing, Mobile Apps) • Anti-Virus for Mobile • Telework, BYOD/GFE, O365/Teams, Zero Trust • Who have we solved it for? • Fortune 2K and Government Enterprises • DISA MEP DMUC • How do we solve it? • ZIPS/MAPS • Why are we unique? • z9, On-Device, On-Prem, FedRamp, Hybrid, Enterprise grade Zimperium Proprietary All Rights Reserved Single Biggest Security Gap: Mobile Endpoints Visibility (40%) No Visibility (60%) “Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks by accessing just one person’s smartphone.” Zimperium Proprietary All Rights Reserved Recent headlines Zimperium Proprietary All Rights Reserved Why DISA & DIU selected Zimperium: • The Zimperium platform will monitor DISA DMUC users when securely accessing applications and data on iOS and Android endpoints. Powered by Zimperium’s on-device, machine learning- based engine, z9, Zimperium zIPS protects devices from more mobile threats than any other solution -- even when an attacker controls the network. • DISA considers on-device (always on) protection important to ensure the greatest degree of threat detection and support in a zero-trust environment. Additionally, Zimperium was selected because it: • Provides on-device protection against device, network, phishing and malicious app attacks; • Achieved FedRAMP Authority to Operate (ATO) certification; • Protects Android and iOS; • Integrates with multiple unified endpoint management (UEM) tools in a single tenant; • Can be managed on any cloud or on-prem; and • Protects privacy. Status: Deployment in Process Zimperium Proprietary All Rights Reserved © 2020 Mobile Endpoint Protection within DoD Current Use Cases: • COCOMS • U.S. Marine Corp Please contact Mike Shea for use case details • U.S. Army • U.S. Air Force • IC Areas requiring Mobile Endpoint Protection: • U.S. Army: • Defensive Cyber Operations (DCO), Army National Guard, Net Warrior/ATAK, NETCOM (GFE/BYO), etc. • U.S. Navy: • PACOM (iPhone/BB UEM), PMW-240 Mobile Apps, FY21 Initiatives: Navy Reserve, etc. • Microsoft Office 365 / Teams • Air Force: • Android for Enterprise • AF EITaaS (GFE/BYOD), Electronic Flight Bag ** source: DISA Forecast to Industry 2019 (EFB)/iPads, BRICE/iPads, Air National Guard, etc. Zimperium Proprietary All Rights Reserved © 2020 Why enterprises need Mobile Threat Defense (MTD) App • Containers (e.g., UEMs) • Phishing Email Gateways (corporate email only) Network • Encryption (VPN) Mobile Threat Mobile Threats Mobile • Encryption (DLP) Defense Device • Jailbreak Detection Governance/Compliance Protection / Detection NIST 800.124 Rev 2 – Mobile Security Guidelines “MTD systems are designed to detect the presence of malicious apps, network-based attacks, improper configurations and known vulnerabilities in mobile apps or the mobile OS itself." Zimperium Proprietary All Rights Reserved MITRE ATT&CK and MDM/MTD Alignment MDM MTD & MDM MTD NIST 1800-22 Mobile Security: BYOD Why BYOD: ● Interchangeably for work and personal purposes throughout the day ● Flexible and convenient Why NOT: ● Introduce challenges to an enterprise ● May lack mobile device security protections ● Greater risk of unauthorized access to sensitive information ● Email phishing attacks ● Eavesdropping attacks ● Misuse of device sensors ● Compromise of organizational data due to lost devices ● to name but a few risks NIST SP 1800-22 BYOD Reference Architecture • Ensuring data is protected when accessed from personal devices poses unique challenges and threats • Can enhance the security and privacy posture of adopting organizations • The high-level security and privacy goals are illustrated below On-Device! Zero Trust & Mobile Mobile devices are the Achilles' heal of Zero Trust… : Patented detection engine designed for mobile The detection engine uses machine learning to provide real-time, on-device protection against both known and unknown threats Device Network Phishing Malicious Attacks Attacks Sites Apps Zimperium Proprietary All Rights Reserved RISK THREAT REMEDIATION REPORTING IDENTIFICATION DETECTION Device Risks Device Compromises MDM Actions Detailed Forensics • Vulnerabilities • Rooted Device • Wipe Data • No Device Encryption • Elevated PrivileGes • Terminate Access • Jailbreaks • System TamperinG SOC Integrations • SIEMs • UnmanaGed Profiles Block Phishing Site • EDRs Phishing Sites App Risks Network Threat Hunting • Insecure Apps Malicious Apps • Disable WiFi • Sideloaded Apps • Disable Bluetooth • Network Sinkhole Network Risks Network Attacks • Reconnaissance Scans • MITM Attacks • Unsecured WiFi • RoGue Access Points Samsung KNOX • Prevent App Install • Uninstall App Zimperium’s Fundamental Design Principles • Deliver Enterprise Capabilities & Scale • Provide Management Console on Any Cloud or • Detect Known and Unknown Threats On-device On-Prem • Enable Privacy-focused Use Cases • Operate with Multiple UEMs Simultaneously Zimperium Proprietary All Rights Reserved - Mobile Application Protection Suite Development Runtime ü NIAP Compliance ü Code Tampering Trigger ü Device Detections ü OWASP Compliance ü Name and Flow Obfuscation ü Network Detections ü Security Policies ü App/Phishing Detections ü String Encryption ü Privacy Policies ü Code Optimization ü Over 140 parameters check ü And more Zimperium Proprietary All Rights Reserved © 2020 FedRAMP Zimperium Solution – Most Enterprise Ready Authorized MDM / EMM Integrations 3A™ CONSOLE™ SIEM / Threat Hunting/Dev Integrations Microsoft Defender / Sentinel AlienVault Workspace One Intelligence Zimperium Proprietary All Rights Reserved © 2020 Microsoft + Zimperium MDM Device Compliance & MAM App Protection • Zimperium's MTD is integrated with Microsoft's Endpoint Manager (Intune) • Microsoft and Zimperium jointly developed the integration of Mobile Threat Defense with unmanaged to support Microsoft MAM BYOD solution. • Advanced Integration with Microsoft Defender ATP and Sentinel for forensic level threat visibility and advanced hunting. • Zimperium is the only MTD solution that deploys its console within Microsoft Azure infrastructure. Zimperium Proprietary All Rights Reserved © 2020 Microsoft + Zimperium Conditional Access & Device Threat Level • Conditional access to Microsoft 365 applications based on Microsoft Endpoint Manager MAM app protection policies. • On-device detection that does not require cloud analysis or connection. • Threat remediation and user notification on the device. • Individual user and group based mobile security and access policies. • Support for multiple UEM solutions simultaneously. • Strict privacy functionality with no user information sent to the cloud. Zimperium Proprietary All Rights Reserved © 2020 Executive Threat Insights Key Insights Global Target COVERAGE Your Score ~79% Good CoveraGe. (8/20-10/20) Avg. Zone CRITICAL DEVICES 633 Devices with Malware 93 Tampered Devices (Jailbroken/System TamperinG/SE Linux) Mobile 6 Devices with App TamperinG Security Score 7.1 6.5 >8 4 Devices connected to KARMA attack (4 Access Point) 24 Connected to unsecure roGue access network 0 4 8 10 RISKY DEVICES How Secure are your >74% Devices runninG critically vulnerable OS mobile devices? 563 Devices with access to 3rd party app store High Risk Medium Low Risk 35 iOS 3rd Party App-store Profiles 1.3k Devices with access to risky settinGs (No Device Pin, Developer options) Total Devices Activated 5k HiGh Privacy OR Security Risk Apps 4.2k Devices with side-loaded apps 781 Found Rogue Access Point nearby 27.5 k 21.6 k RECOMMENDATIONS 20 k 16.5 k • Enforce compliance to activate zIPS on all devices • Review Profiles & Disallow HiGh Risk Profiles • Monitor Side-loaded apps & whitelist internal Apps 7 k • LeveraGe Corporate VPN or Alert users to prevent from 5.1 k connecting to Risky Networks (RoGue Access Point) • Automate Reminders to Users to update the OS periodically *Data Analyzed 08/2020 -10/20 Zimperium Proprietary All Rights Reserved © 2020 Key Insights Apps that have both high Privacy 27.1k & high Security Risks Devices with Malicious Apps 316 Apps with possible Data leakage ● Tutu App *com.tutuapp.tutuapphwenterprise ● UnCover jailbreak Unique Android Apps removed from or no 242 721 longer in PlayStore Malicious ● Science.xnu.undecimus High Risk Apps Apps Unique iOS Apps removed from or no ● Metasploit: com.metasploit.stage 127 longer in AppStore 20.7k Devices running Vulnerable OS 86 ● Jailbroken/Rooted (Magisk, uncover) Devices vulnerable to CheckRa1n but 4.2 k don’t have MTD activated 6 ● App Tampering (Cydia) Risky Device Configurations Tampered ● File System Changed. (Chinese device High Risk Devices 1 Devices 1.3k (Developer options, USB debugging on, manufacturer) Unknown Sources Enabled) Devices connected to Rogue Access Points 143 Devices running Vulnerable OS 4 experienced a Karma attack. iOS 3rd Party Profiles 93 ● Tutulite, u04Store,AppValley, Network Profiles Emus4u Attacks 781 Devices found unique Rogue Access Points Nearby (55 Rogue Access Points exhibiting KARMA Attacks) 42 Jailbreak Profiles ● Unc0ver, Jailbreak Installer, Cydia Zimperium Proprietary All Rights Reserved © 2020 Interesting Threat Chains SideloadedUn-managedApps profile Malicious App File System Changed 5 Devices 12:31:30 PM 12:34:10 PM 12:39:40 PM 8/23/2020 Unsecured Network Rogue Access Point SSL Strip 24 Devices 2:11:30 PM 2:11:40 PM 2:14:30 PM 9/12/2020 System Tampering Device Jail-Broken App Tampering 10 Devices 9:10:30 AM 9:11:21 AM 9:13:21 AM 9/24/2020 Zimperium Proprietary All Rights Reserved © 2020 Next Steps • Questions ? • Action Items …… ZimperiumZimperium Proprietary Proprietary All Rights All Rights Reserved Reserved © 2020 Thank You! Contact Information: Michael Shea, Senior Director DoD Phone: 703-626-8971 Email: [email protected] Zimperium Proprietary All Rights Reserved © 2020.
Load more

Recommended publications
  • IDC Marketscape IDC Marketscape: Worldwide Mobile Threat Management Software 2018–2019 Vendor Assessment
    IDC MarketScape IDC MarketScape: Worldwide Mobile Threat Management Software 2018–2019 Vendor Assessment Phil Hochmuth IDC MARKETSCAPE FIGURE FIGURE 1 IDC MarketScape Worldwide Mobile Threat Management Software Vendor Assessment Source: IDC, 2018 Please see the Appendix for detailed methodology, market definition, and scoring criteria. December 2018, IDC #US44521018 IDC OPINION As mobile security and governance frameworks mature, mobile threat management (MTM) software tools are filling a major security gap many enterprises are discovering across one of their most pervasive technology deployments: smartphones and tablets used by employees. Many organizations see enterprise mobility management (EMM; technology which manages, configures, and monitors mobiles) as the beginning and end of their mobile endpoint security strategy. While many EMM platforms support security functions (compliance checking, VPN connectivity, data security/encryption, and device certificate management, etc.), most EMMs do not actively scan for mobile-related threats on devices. This is where MTM technology comes in, with its ability to address actively misbehaving or malicious apps, as well as OS and network-based attacks on devices. Driving many MTM early adoptions, and among more mature deployments, is the desire to deploy another layer of security to mobile end-user computing in addition to EMM. Among the more than two- dozen MTM customer interviews conducted for this document, 100% of these enterprises deployed their respective MTM products with an EMM platform; nearly all said that meeting existing or potential future compliance requirements was among the top 3 drivers behind their adoption of the technology. These requirements are driving much of the direction of the market from an MTM feature set and overall go-to-market strategy for MTM vendors.
    [Show full text]
  • JMP Securities Elite 80 Report (Formerly Super 70)
    Cybersecurity, Data Management & ,7 Infrastructure FEBRUARY 201 ELITE 80 THE HOTTEST PRIVATELY HELD &<%(5SECURITY, '$7$0$1$*(0(17 AND ,7,1)5$6758&785( COMPANIES &RS\ULJKWWLWLSRQJSZO6KXWWHUVWRFNFRP Erik Suppiger Patrick Walravens Michael Berg [email protected] [email protected] [email protected] (415) 835-3918 (415) 835-8943 (415)-835-3914 FOR DISCLOSURE AND FOOTNOTE INFORMATION, REFER TO JMP FACTS AND DISCLOSURES SECTION. Cybersecurity, Data Management & IT Infrastructure TABLE OF CONTENTS Executive Summary ............................................................................................................................ 4 Top Trends and Technological Changes ............................................................................................ 5 Funding Trends ................................................................................................................................ 11 Index by Venture Capital Firm .......................................................................................................... 17 Actifio ................................................................................................................................................ 22 Alert Logic ......................................................................................................................................... 23 AlgoSec ............................................................................................................................................ 24 AnchorFree ......................................................................................................................................
    [Show full text]
  • Piper Jaffray Cybersecurity Earnings Update
    Piper Jaffray Cybersecurity Earnings Update Third Quarter 2017 Marc Steifman Greg Klancher Co-Head of Technology Principal Investment Banking Piper Jaffray & Co. Piper Jaffray & Co. MINNEAPOLIS | BOSTON | CHICAGO | HOUSTON | LONDON | LOS ANGELES | NEW YORK | SAN FRANCISCO | ZÜRICH Piper Jaffray Companies (NYSE: PJC) is an investment bank and asset management firm headquartered in Minneapolis with offices across the U.S. and in London, Zurich and Hong Kong. Securities brokerage and investment banking services are offered in the United States through Piper Jaffray & Co., member NYSE and SIPC, in Europe through Piper Jaffray Ltd., authorized and regulated by the Financial Conduct Authority, and in Hong Kong through Piper Jaffray Hong Kong, authorized and regulated by the Securities and Futures Commission. Asset management products and services are offered through three separate investment advisory affiliates registered with the U.S. Securities and Exchange Commission: Advisory Research Inc., Piper Jaffray Investment Management LLC and PJC Capital Partners LLC. Piper Jaffray & Co., Member SIPC and FINRA 11/17 Piper Jaffray Case Study: Vista Equity Partners acquires majority stake in Jamf Vista Equity Partners: Undisclosed . Vista Equity Partners is a U.S.-based investment firm with more than $30 billion in cumulative capital commitments, currently invests in software, data and technology-enabled organizations. The firm invests in middle market management and leveraged buyouts, growth and acquisition Has purchased a majority financing, recapitalizations, private transactions, spin-outs and corporate divestitures. stake in . The firm was founded in 2000 and is headquartered in Austin, Texas. Jamf: . Jamf focuses on helping businesses, education and government organizations succeed with November 2017 Apple through its Jamf Pro and Jamf Now solutions.
    [Show full text]
  • Our Customer Terms Telstra Mobiles Section
    Our Customer Terms Page 1 of 148 Telstra Mobiles Section Part K – Enterprise Mobility Management Contents 1 About this Part 2 2 Enterprise Mobility Managed Service Modular 2 3 Enterprise Mobility Managed Service 3 8 4 Enterprise Mobility Managed Service 2 22 5 Enterprise Mobility Managed Service 60 6 Telstra Mobile Device Management ("T-MDM") service 105 7 Mobile Workspace 132 Part K – Enterprise Mobility Management was last changed on 17 December 2019 Our Customer Terms Page 2 of 148 Telstra Mobiles Section Part K – Enterprise Mobility Management Certain words are used with the specific meanings set out in Part A – General of the Telstra Mobile section, or in the General Terms of Our Customer Terms. 1 About this Part 1.1 This is part of the Telstra Mobile section of Our Customer Terms. Provisions in other parts of the Telstra Mobile section, as well as in the General Terms of Our Customer Terms, may apply. See clause 1 of the General Terms of Our Customer Terms for more detail on how the various sections of Our Customer Terms should be read together. 2 Enterprise Mobility Managed Service Modular What is the Enterprise Mobility Managed Service Modular (EMMS Modular)? 2.1 EMMS Modular is a managed service that: (a) supports compatible smartphones and tablets, and other endpoints we support from time to time (“Endpoints”); and (b) consists of platform management, end user support, and licencing for your Endpoint environment. 2.2 For EMMS Modular, some of the available modules you can choose from are: (a) Unified Endpoint Management – aims
    [Show full text]
  • Critical Capabilities for High-Security Mobility Management
    Critical Capabilities for High-Security Mobility Management Published: 24 August 2017 ID: G00315906 Analyst(s): John Girard, Dionisio Zumerle, Rob Smith High-security mobility management is a subset of the enterprise mobility management market, which serves organizations with stringent requirements. When security is a high priority, security and risk management leaders should pursue best-of-breed solutions for each platform they plan to support. Key Findings ■ High-security, managed mobility solutions do not correspond to a single, specific mobile technology market. ■ The solutions that provide the highest level of security require users to accept reductions in scope and flexibility, which affects users' experiences. This may involve expensive, specialized hardware, software and cryptography, as well as reduced choices in devices and features. Recommendations Security and risk management leaders responsible for endpoint and mobile security strategies should: ■ Choose best-of-breed solutions for each platform they plan to support, if security is their highest priority. ■ Choose products that will support business processes without undue disruptions or interference, because solutions with high-security qualifications may not meet usability expectations. ■ Plan tiers of access that support less-secure configurations for less-sensitive tasks, especially in high-security organizations. Strategic Planning Assumption Through 2022, organizations that require the highest levels of security will prefer platforms that rely on dedicated security hardware and software that leverage trusted environments. What You Need to Know The decision to pursue the highest levels of security and privacy on small mobile devices that do not run workstation-class OSs is an absolute necessity for the protection of confidential, secret, sensitive and competitive, official and unofficial information, as well as intellectual property (IP).
    [Show full text]
  • Enterprise Mobility Management - Market Quadrant 2016 ∗
    . The Radicati Group, Inc. Palo Alto, CA 94301 . Phone: (650) 322-8059 . www.radicati.com . THE RADICATI GROUP, INC. Enterprise Mobility Management - Market Quadrant 2016 ∗ ........ An Analysis of the Market for Enterprise Mobility Management Revealing Top Players, Trail Blazers, Specialists and Mature Players. April 2016 SM ∗ Radicati Market Quadrant is copyrighted April 2016 by The Radicati Group, Inc. Reproduction in whole or in part is prohibited without expressed written permission of the Radicati Group. Vendors and products depicted in Radicati Market QuadrantsSM should not be considered an endorsement, but rather a measure of The Radicati Group’s opinion, based on product reviews, primary research studies, vendor interviews, historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of many information sources that readers use to form opinions and make decisions. Radicati Market QuadrantsSM are time sensitive, designed to depict the landscape of a particular market at a given point in time. The Radicati Group disclaims all warranties as to the accuracy or completeness of such information. The Radicati Group shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. Enterprise Mobility Management - Market Quadrant 2016 TABLE OF CONTENTS RADICATI MARKET QUADRANTS EXPLAINED ................................................................... 2 MARKET SEGMENTATION – ENTERPRISE MOBILITY MANAGEMENT .............................
    [Show full text]
  • Defending Mobile Devices for High Level Officials and Decision-Makers
    Authors Teemu Väisänen, Alexandria Farar, Nikolaos Pissanidis, Christian Braccini, Bernhards Blumbergs, and Enrique Diez Defending mobile devices for high level officials and decision-makers Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non‐ profit and non‐commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1. Abstract High‐level officials and decision‐makers handle and store sensitive data with their own or with their organisations’ mobile devices. The sensitive data may be owned by the person him/herself or by the organisation. These users do not always follow security policies, creating a risk of leaking this sensitive data. It is often impossible to assess all the places where data is accessed and/or stored. The purpose of this study is to find mitigation mechanisms for a number of risks resulting from the usage of such systems without obeying security policies. The study was done by analysing usage scenarios; their actors and the assets to be secured; related mobile threats; suitable mitigation mechanisms; and threats lacking good enough mitigation mechanisms.
    [Show full text]
  • Mobile Threat Defense (MTD) Provider Achieves “Fedramp Authorized” Status
    Mobile Threat Defense (MTD) Provider Achieves “FedRAMP Authorized” Status DALLAS--(BUSINESS WIRE)-- Zimperium, the global leader in mobile threat defense (MTD), announced today that the Zimperium Federal Cloud has achieved a Federal Risk and Authorization Management Program (FedRAMP) Authorization. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190708005026/en/ FedRAMP is a government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP makes it easier for the agencies to adopt technologies helping employees become more productive while staying secure. Zimperium has many ongoing relationships with the U.S. federal government, including the Department of Homeland Security and Immigration and Customs Enforcement, Department of Defense, as well as state and local authorities. “FedRAMP compliance demonstrates our ongoing commitment to our federal government clients and their data security,” said Shridhar Mittal, chief executive of Zimperium. “As an MTD provider authorized by FedRAMP, we look forward to continuing to serve the mobile security needs of federal agencies." ● Providing a mobile security solution that detects threats on-device, even when disconnected from trusted networks by a man-in-the-middle attack or rogue access point; ● Multiple deployment options, including Shared SaaS, Dedicated SaaS and On-Premise; ● Integrations with the leading enterprise mobility management (EMM) solutions, and can integrate with multiple EMMs in a single console; ● Advanced integrations with security information and event management (SIEM) and single- sign-on (SSO) solutions; ● Provides detailed forensic data available through device MTD; and ● Ensures threat analytics and extensive reporting capabilities.
    [Show full text]
  • Cybertiles: Securing Information Pathways
    Security Industry Monitor Executive Summary CyberTiles: Securing Information Pathways December 2016 For additional information regarding this report or Imperial Capital, LLC.’s Cloud and Security Investment Banking Team, please contact: Rick Juarez Managing Director, Investment Banking Group – San Francisco Office (415) 615-4002 [email protected] PLEASE SEE IMPORTANT DISCLOSURES ON LAST PAGE September 2009 1 Security Industry Monitor Table of Contents About Imperial Capital, LLC Imperial Capital is a full-service investment bank offering a uniquely integrated platform of comprehensive services to institutional investors and middle market companies. We offer sophisticated sales and trading services to institutional investors and a wide range of investment banking advisory, capital markets and restructuring services to middle market corporate clients. We also provide proprietary research across an issuer’s capital structure, including bank debt, debt securities, hybrid securities, preferred and common equity and special situations claims. Our comprehensive and integrated service platform, expertise across the full capital structure, and deep industry sector knowledge enable us to provide clients with superior advisory services, capital markets insight, investment ideas and trade execution. We are quick to identify opportunities under any market conditions and we have a proven track record of offering creative, proprietary solutions to our clients. Imperial Capital’s expertise includes the following sectors: Aerospace, Defense & Government Services, Airlines & Transportation, Business Services, Consumer, Energy (Clean Energy and Traditional Energy), Financial Services, Gaming & Leisure, General Industrials, Healthcare, Homebuilding & Real Estate, Media & Entertainment, Security & Homeland Security and Technology. Imperial Capital has three principal businesses: Investment Banking, Institutional Sales & Trading and Institutional Research. For additional information, please visit our Web site at www.imperialcapital.com.
    [Show full text]
  • Mobile Threat Defence with Microsoft 365 and Zimperium Free Mobile
    Next-generation, On-device Secure your Mobile device Mobile Security investment Mobile devices are now the dominant BT has harnessed the capability from productivity platform in any organization Zimperium for Mobile Threat Defence Mobile Threat Defence with with more than 80% of the daily work (MTD) on iOS and Android deployed performed on a mobile device. These devices to provide a comprehensive mobile devices have access to the same information security solution that protects against both Microsoft 365 and Zimperium and applications that a traditional endpoint known and unknown mobile network, does but without the same security controls. application, device OS and phishing threats. Enterprise IT organizations are under pressure to deliver a robust mobile Zimperium’s MTD has been developed with experience to employees. In order to realize Microsoft as an integrated solution with these goals with mobility initiatives there is a Microsoft’s Enterprise Mobility + Security need for robust security against the ever- (EMS) providing the only Azure native increasing threats facing mobile devices. solution: Free Mobile Risk Assessment For organisations who are unsure about the The Risk Assessment Report will detail the the need for Mobile Threat Defense or who following broken down by iOS & Android: wish to understand what threats exist on the iOS & Android devices connecting to their 1. Number of compromised devices: network, BT offer a Mobile Risk Assessment. • devices with HW & SW vulnerabilities • devices with critical risks Free Mobile Risk Assessment The Risk Assessment involves using your • devices that should have OS updated MDM to push the Zimperium MTD zIPS app to a cross section of your mobile devices.
    [Show full text]
  • Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)
    NIST SPECIAL PUBLICATION 1800-21 Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C) Joshua M. Franklin* Gema Howell Kaitlin Boeckl Naomi Lefkovitz Ellen Nadeau* Dr. Behnam Shariati Jason G. Ajmo Christopher J. Brown Spike E. Dog Frank Javar Michael Peck Kenneth F. Sandlin *Former employee; all work for this publication done while at employer. Final This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800-21 The first draft of this publication is available free of charge from: https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/enterprise NIST SPECIAL PUBLICATION 1800-21 Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C) Joshua M. Franklin* Gema Howell Kaitlin Boeckl Naomi Lefkovitz Ellen Nadeau* Applied Cybersecurity Division Information Technology Laboratory Dr. Behnam Shariati University of Maryland, Baltimore County Department of Computer Science and Electrical Engineering Baltimore, Maryland Jason G. Ajmo Christopher J. Brown Spike E. Dog Frank Javar Michael Peck Kenneth F. Sandlin The MITRE Corporation McLean, Virginia *Former employee; all work for this publication done while at employer. Final September 2020 U.S. Department of Commerce Wilbur Ross, Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Undersecretary of Commerce for Standards and Technology NIST SPECIAL PUBLICATION 1800-21A Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) Volume A: Executive Summary Joshua M. Franklin* Gema Howell Kaitlin Boeckl Naomi Lefkovitz Ellen Nadeau* Applied Cybersecurity Division Information Technology Laboratory Dr.
    [Show full text]
  • Elite 80 the Hottest Privately Held Cybersecurity and It Infrastructure Companies
    Cybersecurity & IT Infrastructure APRIL 2021 ELITE 80 THE HOTTEST PRIVATELY HELD CYBERSECURITY AND IT INFRASTRUCTURE COMPANIES Copyright: Shutterstock/Paopano Erik Suppiger [email protected] (415) 835-3918 FOR DISCLOSURE AND FOOTNOTE INFORMATION, REFER TO JMP FACTS AND DISCLOSURES SECTION. Cybersecurity & IT Infrastructure TABLE OF CONTENTS Executive Summary ....................................................................................................................................................................................... 4 Funding Trends .............................................................................................................................................................................................. 5 Index by Venture Capital Firm ..................................................................................................................................................................... 11 Aqua Security ............................................................................................................................................................................................... 15 Arctic Wolf .................................................................................................................................................................................................... 16 Armis ...........................................................................................................................................................................................................
    [Show full text]