Mobile Threat Defense

Mobile Threat Defense

DISA – TEM Brief: Mobile Threat Defense (MTD) for GFE/BYOD May 19th, 2021 Agenda • What problem do we solve? • Zero-Day attacks on Mobile (Network, Device, Phishing, Mobile Apps) • Anti-Virus for Mobile • Telework, BYOD/GFE, O365/Teams, Zero Trust • Who have we solved it for? • Fortune 2K and Government Enterprises • DISA MEP DMUC • How do we solve it? • ZIPS/MAPS • Why are we unique? • z9, On-Device, On-Prem, FedRamp, Hybrid, Enterprise grade Zimperium Proprietary All Rights Reserved Single Biggest Security Gap: Mobile Endpoints Visibility (40%) No Visibility (60%) “Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks by accessing just one person’s smartphone.” Zimperium Proprietary All Rights Reserved Recent headlines Zimperium Proprietary All Rights Reserved Why DISA & DIU selected Zimperium: • The Zimperium platform will monitor DISA DMUC users when securely accessing applications and data on iOS and Android endpoints. Powered by Zimperium’s on-device, machine learning- based engine, z9, Zimperium zIPS protects devices from more mobile threats than any other solution -- even when an attacker controls the network. • DISA considers on-device (always on) protection important to ensure the greatest degree of threat detection and support in a zero-trust environment. Additionally, Zimperium was selected because it: • Provides on-device protection against device, network, phishing and malicious app attacks; • Achieved FedRAMP Authority to Operate (ATO) certification; • Protects Android and iOS; • Integrates with multiple unified endpoint management (UEM) tools in a single tenant; • Can be managed on any cloud or on-prem; and • Protects privacy. Status: Deployment in Process Zimperium Proprietary All Rights Reserved © 2020 Mobile Endpoint Protection within DoD Current Use Cases: • COCOMS • U.S. Marine Corp Please contact Mike Shea for use case details • U.S. Army • U.S. Air Force • IC Areas requiring Mobile Endpoint Protection: • U.S. Army: • Defensive Cyber Operations (DCO), Army National Guard, Net Warrior/ATAK, NETCOM (GFE/BYO), etc. • U.S. Navy: • PACOM (iPhone/BB UEM), PMW-240 Mobile Apps, FY21 Initiatives: Navy Reserve, etc. • Microsoft Office 365 / Teams • Air Force: • Android for Enterprise • AF EITaaS (GFE/BYOD), Electronic Flight Bag ** source: DISA Forecast to Industry 2019 (EFB)/iPads, BRICE/iPads, Air National Guard, etc. Zimperium Proprietary All Rights Reserved © 2020 Why enterprises need Mobile Threat Defense (MTD) App • Containers (e.g., UEMs) • Phishing Email Gateways (corporate email only) Network • Encryption (VPN) Mobile Threat Mobile Threats Mobile • Encryption (DLP) Defense Device • Jailbreak Detection Governance/Compliance Protection / Detection NIST 800.124 Rev 2 – Mobile Security Guidelines “MTD systems are designed to detect the presence of malicious apps, network-based attacks, improper configurations and known vulnerabilities in mobile apps or the mobile OS itself." Zimperium Proprietary All Rights Reserved MITRE ATT&CK and MDM/MTD Alignment MDM MTD & MDM MTD NIST 1800-22 Mobile Security: BYOD Why BYOD: ● Interchangeably for work and personal purposes throughout the day ● Flexible and convenient Why NOT: ● Introduce challenges to an enterprise ● May lack mobile device security protections ● Greater risk of unauthorized access to sensitive information ● Email phishing attacks ● Eavesdropping attacks ● Misuse of device sensors ● Compromise of organizational data due to lost devices ● to name but a few risks NIST SP 1800-22 BYOD Reference Architecture • Ensuring data is protected when accessed from personal devices poses unique challenges and threats • Can enhance the security and privacy posture of adopting organizations • The high-level security and privacy goals are illustrated below On-Device! Zero Trust & Mobile Mobile devices are the Achilles' heal of Zero Trust… : Patented detection engine designed for mobile The detection engine uses machine learning to provide real-time, on-device protection against both known and unknown threats Device Network Phishing Malicious Attacks Attacks Sites Apps Zimperium Proprietary All Rights Reserved RISK THREAT REMEDIATION REPORTING IDENTIFICATION DETECTION Device Risks Device Compromises MDM Actions Detailed Forensics • Vulnerabilities • Rooted Device • Wipe Data • No Device Encryption • Elevated PrivileGes • Terminate Access • Jailbreaks • System TamperinG SOC Integrations • SIEMs • UnmanaGed Profiles Block Phishing Site • EDRs Phishing Sites App Risks Network Threat Hunting • Insecure Apps Malicious Apps • Disable WiFi • Sideloaded Apps • Disable Bluetooth • Network Sinkhole Network Risks Network Attacks • Reconnaissance Scans • MITM Attacks • Unsecured WiFi • RoGue Access Points Samsung KNOX • Prevent App Install • Uninstall App Zimperium’s Fundamental Design Principles • Deliver Enterprise Capabilities & Scale • Provide Management Console on Any Cloud or • Detect Known and Unknown Threats On-device On-Prem • Enable Privacy-focused Use Cases • Operate with Multiple UEMs Simultaneously Zimperium Proprietary All Rights Reserved - Mobile Application Protection Suite Development Runtime ü NIAP Compliance ü Code Tampering Trigger ü Device Detections ü OWASP Compliance ü Name and Flow Obfuscation ü Network Detections ü Security Policies ü App/Phishing Detections ü String Encryption ü Privacy Policies ü Code Optimization ü Over 140 parameters check ü And more Zimperium Proprietary All Rights Reserved © 2020 FedRAMP Zimperium Solution – Most Enterprise Ready Authorized MDM / EMM Integrations 3A™ CONSOLE™ SIEM / Threat Hunting/Dev Integrations Microsoft Defender / Sentinel AlienVault Workspace One Intelligence Zimperium Proprietary All Rights Reserved © 2020 Microsoft + Zimperium MDM Device Compliance & MAM App Protection • Zimperium's MTD is integrated with Microsoft's Endpoint Manager (Intune) • Microsoft and Zimperium jointly developed the integration of Mobile Threat Defense with unmanaged to support Microsoft MAM BYOD solution. • Advanced Integration with Microsoft Defender ATP and Sentinel for forensic level threat visibility and advanced hunting. • Zimperium is the only MTD solution that deploys its console within Microsoft Azure infrastructure. Zimperium Proprietary All Rights Reserved © 2020 Microsoft + Zimperium Conditional Access & Device Threat Level • Conditional access to Microsoft 365 applications based on Microsoft Endpoint Manager MAM app protection policies. • On-device detection that does not require cloud analysis or connection. • Threat remediation and user notification on the device. • Individual user and group based mobile security and access policies. • Support for multiple UEM solutions simultaneously. • Strict privacy functionality with no user information sent to the cloud. Zimperium Proprietary All Rights Reserved © 2020 Executive Threat Insights Key Insights Global Target COVERAGE Your Score ~79% Good CoveraGe. (8/20-10/20) Avg. Zone CRITICAL DEVICES 633 Devices with Malware 93 Tampered Devices (Jailbroken/System TamperinG/SE Linux) Mobile 6 Devices with App TamperinG Security Score 7.1 6.5 >8 4 Devices connected to KARMA attack (4 Access Point) 24 Connected to unsecure roGue access network 0 4 8 10 RISKY DEVICES How Secure are your >74% Devices runninG critically vulnerable OS mobile devices? 563 Devices with access to 3rd party app store High Risk Medium Low Risk 35 iOS 3rd Party App-store Profiles 1.3k Devices with access to risky settinGs (No Device Pin, Developer options) Total Devices Activated 5k HiGh Privacy OR Security Risk Apps 4.2k Devices with side-loaded apps 781 Found Rogue Access Point nearby 27.5 k 21.6 k RECOMMENDATIONS 20 k 16.5 k • Enforce compliance to activate zIPS on all devices • Review Profiles & Disallow HiGh Risk Profiles • Monitor Side-loaded apps & whitelist internal Apps 7 k • LeveraGe Corporate VPN or Alert users to prevent from 5.1 k connecting to Risky Networks (RoGue Access Point) • Automate Reminders to Users to update the OS periodically *Data Analyzed 08/2020 -10/20 Zimperium Proprietary All Rights Reserved © 2020 Key Insights Apps that have both high Privacy 27.1k & high Security Risks Devices with Malicious Apps 316 Apps with possible Data leakage ● Tutu App *com.tutuapp.tutuapphwenterprise ● UnCover jailbreak Unique Android Apps removed from or no 242 721 longer in PlayStore Malicious ● Science.xnu.undecimus High Risk Apps Apps Unique iOS Apps removed from or no ● Metasploit: com.metasploit.stage 127 longer in AppStore 20.7k Devices running Vulnerable OS 86 ● Jailbroken/Rooted (Magisk, uncover) Devices vulnerable to CheckRa1n but 4.2 k don’t have MTD activated 6 ● App Tampering (Cydia) Risky Device Configurations Tampered ● File System Changed. (Chinese device High Risk Devices 1 Devices 1.3k (Developer options, USB debugging on, manufacturer) Unknown Sources Enabled) Devices connected to Rogue Access Points 143 Devices running Vulnerable OS 4 experienced a Karma attack. iOS 3rd Party Profiles 93 ● Tutulite, u04Store,AppValley, Network Profiles Emus4u Attacks 781 Devices found unique Rogue Access Points Nearby (55 Rogue Access Points exhibiting KARMA Attacks) 42 Jailbreak Profiles ● Unc0ver, Jailbreak Installer, Cydia Zimperium Proprietary All Rights Reserved © 2020 Interesting Threat Chains SideloadedUn-managedApps profile Malicious App File System Changed 5 Devices 12:31:30 PM 12:34:10 PM 12:39:40 PM 8/23/2020 Unsecured Network Rogue Access Point SSL Strip 24 Devices 2:11:30 PM 2:11:40 PM 2:14:30 PM 9/12/2020 System Tampering Device Jail-Broken App Tampering 10 Devices 9:10:30 AM 9:11:21 AM 9:13:21 AM 9/24/2020 Zimperium Proprietary All Rights Reserved © 2020 Next Steps • Questions ? • Action Items …… ZimperiumZimperium Proprietary Proprietary All Rights All Rights Reserved Reserved © 2020 Thank You! Contact Information: Michael Shea, Senior Director DoD Phone: 703-626-8971 Email: [email protected] Zimperium Proprietary All Rights Reserved © 2020.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    22 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us