Zero Trust Mobile Security Whitepaper
-
Upload
purna-bhat -
Category
Documents
-
view
31 -
download
1
Transcript of Zero Trust Mobile Security Whitepaper
Protecting Android Mobile Devices from Known ThreatsAndroid OS – A Popular Target for Hacks
Common Android Vulnerabilities
Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected.
Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, and do not necessarily reflect a flaw in Android’s design and implemen-tation.
BETTERat work.
Contact us
BETTER Mobile Security110 Fifth AvenueNew York, NY 10023
In the tech industry, it’s a truism that hackers focus their attention on af-flicting the largest number of targets possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target.According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access.
Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.
All trademarks and registered trademarks contained herein are property of their respective holders. Rather than identifying a trademark by symbol with every occurrence, names and logos are used in an editorial fashion, with no intention of infringement of the respective owner’s property.
www.BETTER.mobi
White Paper
Zero Trust Mobile Security
An Introduction to the
BETTER Mobile Security Platform
Executive Summary The increasing threats to mobile security.
The cumulative number of mobile threats is expected to double from the previous
year–reaching over 8 million–spread across devices and applications1. While analysts
have identified the need for real-time, self-aware and self-protecting endpoints, MDM/
EMM and MAM solutions that do not address real time threats still dominate the market.
A zero trust approach for protecting today’s mobile user.
Zero trust is an approach to security that follows the mantra of “never trust, always
verify.” It views every entity, including networks and apps, as hostile and that a breach
is inevitable. Operating from that perspective sets a mandate for a more complete
security solution as opposed to traditional perimeter-based approaches. When applied
to mobile security, a zero trust approach continuously monitors and verifies exactly what
is happening on the network, the mobile device itself, the apps installed on the device,
and actively detects and prevents threats in real time.
In order for a zero trust mobile security solution to be effective, it has to operate based
on the following principles:
• You cannot trust the network
• You cannot trust the device
• You cannot trust the apps
• You cannot trust the user
In this white paper, the following will be covered:
• The current mobile threat landscape and how there is an immediate need
for a zero trust mobile security solution
• An explanation of zero trust
• How to apply a zero trust model to mobile security
• How a zero trust solution for mobile devices needs to operate under the
principles of secure and verify
• How BETTER Mobile Security provides the only comprehensive zero trust
mobile security solution that is able to secure and verify mobile devices,
apps, users and the network in real time
BETTER’s zero trust mobile security solution operates under the assumption that an
attack on a mobile device will happen, and that the network, device, apps, and user
can be hostile. Our solution provides both the security to prevent such attacks as well
as the measures necessary to protect if a breach should occur.
2
A zero trust approach
follows the mantra of
never trust, always verify.
According to cyber
security research, the
vulnerabilities in mobile
devices and apps will
become even greater
risks in 2015.1
The Mobile Threat Landscape
Attacks on mobile devices are rapidly evolving.
The mobile threat landscape is changing rapidly. Mobile attackers are taking traditional
methods from the wired world and adapting them to the mobile one, as well as coming
up with new, never before seen tactics that take advantage of the new avenues mobile
devices offer into an organization’s network. Mobile devices are constantly switched
on and they bounce from one connection to another, allowing a hacker to have multiple
attempts to gain access to a device.
A new end-point of corporate risk.
Mobile threats can wreak havoc on both mobile devices and the corporate network.
Once a trusted device has been compromised, an attacker may have priviledged access
to the corporate network. Depending on the type of attack, they will be able to decrypt
secure communications, intercept traffic to and from the device, install apps or
keyloggers, take screen captures, access any information stored on the device or within
apps, including passwords, email, and text messages. These attacks can go as far as to
give themselves root privileges, jailbreak the device, or leverage the device as part of a
mobile botnet to mount DDoS attacks.
Connected by design, vulnerable as a result.
Our research indicates that mobile devices connect to upwards of ten times more
networks than other end-points. The tools required to intercept, modify, and push
network data are relatively inexpensive, readily available, and their uses are becoming
more sophisticated and nefarious. Man-in-the-Middle (MitM) attacks can perform
active eavesdropping, intercept, and alter traffic between a mobile device and a
remote server. The user believes they are interacting with a known and trusted entity
but, in fact, they are being rerouted through an attacker controlled device. Once
connected to the attacker’s device, all communication going to and from the victim’s
mobile device is seen by the attacker, regardless of encryption such as SSL.
Malicious apps and their means of entry.
Malicious apps can come from anywhere and wreak all kinds of havoc. With no means
of protection, the recommendation to users has always been to not download apps from
unknown sources. This is not a viable approach, because it requires device users to know
what is a trusted source and what is not. Another problem with this approach is that today’s
3
Kapersky Labs reported
that attacks on mobile
devices have increased by
over 400% in the last year.
Mobile devices connect
to upwards of 10x more
networks than other
end-point devices.
Forrester Research
reported that over 61%
of enterprises stated
that app security is
their greatest mobile
security challenge.
attackers are adept at convincing users to trust that an app is genuine and beneficial to
their needs. Malicious apps can steal passwords, email, text messages and corporate data.
They can also log keystrokes and screen scrape. Malicious apps can even be side-loaded
onto an iOS device through the use of stolen or illegally-acquired enterprise or developer
certificates. This gives the attacker the ability to gain access to encrypted data, bypass VPN
tunneling, and break the OS’ sandbox, providing access to containerized apps. This access
enables the attacker to view the contents of secure containers and wrapped apps, thus
nullifying those attempts to protect sensitive data.
WireLurker: the advent of iOS threats.
An iOS malware example, named Wirelurker, uses a stolen enterprise certificate and
a vulnerability in how the trust of the bundle identifier works to install a malicious app
onto a mobile device. Wirelurker was first brought to light by Palo Alto Networks2. It
bypasses the security features on iOS devices and installs malicious apps onto it, without
the need of first jailbreaking the device. The WireLurker Trojan installs itself on an OS X
machine, rooting itself into the operating system, and then waits until an iOS device
connects to the computer. It then abuses the trusted pairing relationship between the
devices to read the mobile device’s serial number, phone number, iTunes store identifier,
plus a host of other sensitive information. This data is all sent to the attacker’s remote
server. It then installs a series of malicious, though benign looking, apps onto the mobile
device. The Wirelurker threat shows how vulnerable iOS devices are to attacks and that
the path to infection can come from anywhere.
Masque attacks: appearances can be deceiving.
Masque attacks get users to install malicious apps on their devices through refined
social engineering techniques such as phishing emails or messages from trusted sources.
These apps take the form of updates to existing apps and are therefore not detectable
by traditional MDM and EMM solutions. Once on the device, they have access to all
data stored within the app. Since these apps are by all appearances genuine and have
the same bundle ID, they go undetected by MDM and EMM solutions, so it is virtually
impossible to know if your data has been compromised.
What can be done to protect my mobile device?
Today, MDM/EMM mobile security solutions offer little to no protection against these
attacks. Hackers play a numbers game with the general public, since all they need is for
just one person to slip up one time to gain access to a corporate network. These attacks
4
The introduction of
WireLurker and Masque
attacks formally marked
the beginning of a new
era of iOS vulnerability.
Today’s malicious apps
appear and behave just like
the authentic versions.
BYOD Explosion:
Gartner has stated that
the number of employee-
owned devices used for
work will be greater than
corporate-owned by 2018.
happen fast, compromising devices, apps, or communications in the blink of an eye,
without being detected. To fully secure mobile devices from threats, the network,
users, apps and the device itself all need to be viewed as potentially hostile. The
solution must operate on the assumption that eventually the device will get into the
wrong hands, apps will be compromised, and communications will be intercepted.
BETTER Mobile Security provides enterprises with the only comprehensive zero trust
mobile security platform on the market. With a “trust no one, verify everything”
approach as our focus, BETTER is able to provide complete protection for mobile
devices in real time. Our solution is end-point based, residing on the device itself, and
continuously monitors the device, apps and connections for any behavioral abnormalities.
When coupled with the BETTER App Shield, the resulting solution has the ability to
provide comprehensive real-time threat detection and prevention. It is this “trust no one,
verify everything” approach that makes BETTER’s mobile security solution truly complete.
Mobile Security Requirements - Comparison Chart (iOS)
MDM/EMM Mobile AV Container Wrapper BETTER
Can Detect Zero-Day Malicious Apps
Can Detect Known/Signature Malicious Apps
Can Detect Exploits
Can Detect MitM Attacks
Can Detect Malicious Profiles
Can Detect Threats in Real-Time
Can Detect Unknown Threats
Real-time Device Monitoring
Continuously Monitors Apps
Continuously Monitors Network
Can Prevent Threats in Real-Time
Can Prevent Unknown Threats
Provides Device Visibility
Provides Device Controls
Secures Mobile Devices
Secures Mobile Apps
Segregates Data
Can Detect a Jailbroken Device
Prevents Lateral Movement of Data
Operates Under Zero Trust
* During enrollment and intermittently.
5
In order for enterprise
to fully protect iOS and
Android devices, they must
adopt a zero trust approach
to mobile security.
* *
BETTER Active Shield
The new generation
of iOS and Android
advanced threats
has demonstrated
that mobile device
management is not
the same as mobile
device security.
BETTER Zero Trust Mobile Security Solution
The comprehensive mobile security platform
for enterprise.
BETTER provides enterprises with a zero trust comprehensive mobile endpoint visibility,
security, and control with real time, self-protecting advanced mobile threat detection
and prevention, that follows the tenant of secure and verify. With BETTER, CSOs and
Security Administrators gain mobile application visibility and risk-based intelligence
and can add security controls to any app outside of an MDM container to satisfy existing
security infrastructure requirements. BETTER does this quickly and seamlessly without
coding or wrapping.
BETTER promotes trust in BYOD deployments. Employees can use their own mobile
devices for business anytime and anywhere in a fully secure way while protecting their
personal privacy and without limiting their freedom of use or control of their own device.
BETTER’s zero trust solution provides self-protecting advanced mobile threat detection
and prevention, protecting all of the data on the device at all times. From simple security
to complete lockdown, BETTER can secure any iOS or Android device and verify that is
safe when it matters, before and after an attack occurs.
BETTER enables mobile employees to harness the full power of corporate mobility
while providing enterprise with complete administrator visibility, risk-based mobile
app intelligence, third party app security, and real time, self-protecting advanced
mobile threat detection and prevention. BETTER’s Advanced Mobile Threat Detection
and Prevention Solution provides iOS and Android devices with a real time self-
protecting solution against advanced mobile threats and targeted attacks. Only BETTER
can identify suspicious activity and secure devices from Man-in-the-Middle attacks,
malicious apps, and any other mobile security threats, known and unknown.
6
According to the 2014
Cyber Threat Defense
Report, more than 60%
of organizations fell
victim to one or more
successful cyberattacks
in 2013.
When is comes to
protecting iOS and
Android mobile devices,
99% secure is the same
as 100% vulnerable.
BETTER Mobile Security Architecture
BETTER’s app virtualization secures any mobile app without making security and usability
tradeoffs. BETTER is the only solution that does not modify iOS and Android apps with
app-wrapping or require the use of an SDK, and adds the zero trust framework of network
security, app security and device integrity. BETTER’s app virtualization technology for
iOS and Android is key to BYOD security because it respects user privacy and choice,
limiting IT visibility and control to the enterprise container and giving workers a native
user experience on their personal device of choice. Network threats of man-in-the-middle
attacks and malware is eliminated because BETTER prevents personal apps from accessing
enterprise resources.
Zero Trust Mobile Security
7
The primary objective is to
minimize the attack surface,
so when a breach occurs
the damage is negligible
Network Security
App Analysis & Testing
Device Integrity
App
Adaptive Virtual App Perimeter
Original App in its Sandbox
App Virtualization
BETTER Product Modules
The BETTER Mobile Security Platform includes four product modules.
BETTER Mobile App Analyzer
The Mobile App Analyzer automatically conducts a complete behavioral analysis of any
mobile app, on demand, and generates a risk-based assessment of the app’s behavior
and vulnerabilities for administrator visibility and evaluation prior to deployment.
BETTER Mobile AppShield
The Mobile AppShield turns any mobile app into a self-aware and self-protecting app,
including all homegrown and third party apps, without wrapping or coding, which
is then easily secured by determined enterprise security controls and policies.
BETTER Mobile Device Configuration Control
The Mobile Device Configuration Control provides enterprise administrators with the
ability to determine, set and enforce policy on any mobile device, including which native
and third party applications can be used and if settings may be changed, and provides
real time visibility of attempts to use unauthorized apps, change settings, make baseline
deviations, as well as advanced mobile threats and targeted attacks.
BETTER Real Time Mobile Threat
Detection and Prevention
Our Real Time Mobile Threat Prevention detects and prevents any advanced mobile
threat, targeted attack or other hostile behavior on the device as it occurs in real time.
BETTER also provides security administrators with real time alerts of targeted attacks,
suspicious device behaviors and baseline deviations, giving them a clear overview and
the ability to take immediate action.
References1. The Invisible Becomes Visible: Trend Micro Security Predictions for 2015 and Beyond.
Trend Micro, 2015.
2. Wirelurker: A New Era in iOS and OS X Malware. Palo Alto Networks, 2014.
3. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security.
Forrester Research, 2014.
8
BETTER Mobile App Analyzer
BETTER Mobile AppShield
BETTER Mobile DeviceConfiguration Control
BETTER Real Time Mobile ThreatDetection and Prevention