Post on 16-Apr-2017
transcript
©2015 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd.
CHECK POINT
MOBILE THREAT
PREVENTION
Peter Kovalcik| Security Engineer
©2015 Check Point Software Technologies Ltd. 2
Taking Mobile Security Beyond Mobile Threat Prevention
Mobile Threat Prevention
Threat Prevention for
mobile devices
Capsule Cloud
Protect laptops
when off the
business network
Capsule Workspace & Docs
Protect business data
on mobile devices
Target solutions for mobile use-cases
©2015 Check Point Software Technologies Ltd. 3
MOBILE THREATS are ESCALATING in frequency and sophistication
1Source: Kindsight Security Labs Malware Report 2014
2Source: Kaspersky IT Threat Evolution Q1 2015 Report
3Source: Check Point Targeted Attacks on Enterprise Mobile
In the Enterprise: 50% chance you having 6 or
more mobile targeted attacks3
Sophistication of mobile threats on the rise:
Ransomware, Masque Attack, Wirelurker,
Heartbleed, mRAT and more
3.3x new malicious mobile programs were
detected in Q1 2015 than it did over the previous
quarter.
15 million mobile devices infected with Malware1
©2015 Check Point Software Technologies Ltd. 4
MOBILE THREATS are ESCALATING in frequency and sophistication
Certifi-gate: Multiple vulnerabilities in pre-
loaded 3rd party mRST’s
Stagefright:
Android (Pre 4.1) vulnerability that can be
exploited via MMS messages
Masque Attacks on IOS: Hacking team uses 11
popular apps such as Facebook, Twitter, Skype,
and WhatsApp as trojans to leak info
What’s next?
©2015 Check Point Software Technologies Ltd. 5
WHAT IS
STAGEFRIGHT?
©2015 Check Point Software Technologies Ltd. 6
HOW DEUTSCHE TELEKOM REACTED
©2015 Check Point Software Technologies Ltd. 7
WHAT IS
CERTIFIGATE?
©2015 Check Point Software Technologies Ltd. 9
A malicious app can fool plugin authentication, allowing attackers to replicate device screens and to simulate user clicks, giving them full device control.
HOW IS IT
EXPOSED?
©2015 Check Point Software Technologies Ltd. 10
WHO’S AT
RISK?
Pre-loaded plugins are
found on Android devices
manufactured by LG,
Samsung, HTC and ZTE.
Plugins can’t be stopped,
can’t be removed, and
can only be updated
when new system
software is pushed
to a device.
©2015 Check Point Software Technologies Ltd. 11
THE HIGHLIGHTS 100,000 Scan Downloads
30,000 Anonymous Scan Submissions
• An instance of Certifi-gate was found running in the wild in an app on Google Play (Google has now removed it)
• At least 3 devices sending anonymous scan results were actively being exploited
• 15% of devices anonymously reported having a vulnerable plugin installed
• Devices made by LG were the most vulnerable followed by Samsung and HTC
Certifi-Gate Scanner App Results
©2015 Check Point Software Technologies Ltd. 12
WHAT WE DON’T CONTROL?
How to protect against
©2015 Check Point Software Technologies Ltd. 13
Mix of personal and business data
Can’t control individuals’ behavior
No protection from zero day or advanced threats
MOBILE DEVICES Are difficult to control
©2015 Check Point Software Technologies Ltd. 14
Focused on device management
Provide only protection for known threats
or app reputation
Limited protection from secure wrappers
and containers
Today’s solutions leave
SECURITY GAPS
©2015 Check Point Software Technologies Ltd. 15
Static Policy
Enforcement
Data Leakage
Prevention
Unknown, Targeted &
0day Cyber Threats
Protection Against
Known Threats
Mobile Device
Management
Advanced Threat
Detection & Mitigation
Secure Containers and
Wrappers
Anti-Virus, Anti-Bot,
App Reputation
HOW TO PROTECT?
©2015 Check Point Software Technologies Ltd. 18
Innovation Drives Industry’s Highest Mobile Threat Catch Rate
Advanced App Analysis
Sandboxing
(Emulation)
Advanced Static
Code Analysis
Uncovers new
malware and
targeted exploits
Network
Wi-Fi
Man-in-the-Middle
(MitM) attacks
Host Threat Analysis
Malicious
Configurations
Exploits and file
system manipulation
Threat Framework
Multi-dimensional
Risk/Trust
assessments
Accurate risk
classifications
to effectively mitigate
risk
©2015 Check Point Software Technologies Ltd. 19
HOW IT WORKS CLOUD-BASED RISK ASSESSMENT, THREAT DETECTION
AND MITIGATION
Agent runs in the
background on
device, sending
risk data to Check
Point Mobile
Threat Prevention
MTP analyzes
device, apps
and networks
to detect attacks
3
MTP assigns a
real-time risk
score, identifying
the threat level.
4
• On Device Remediation Immediately Sent to User
• Risk-based Network Protection
Real-time
visibility; MDM,
SIEM & NAC
integration
2
… 1
©2015 Check Point Software Technologies Ltd. 21
USER EXPERIENCE
Preserves user device experience, battery life, privacy
Easily push lightweight agent to users through your MDM
Amnon: Graphics is not consistent
TRANSPARENT
©2015 Check Point Software Technologies Ltd. 22
IDENTIFICATION
©2015 Check Point Software Technologies Ltd. 24
Addressing the Mobile Security Challenge
Capability MDM Secure
Container MAM App Rep Anti-Virus
Check
Point
MTP
Validate App
Certificates
Detect Jailbroken
Devices
Identify Suspicious
App Behavior
Correlate Device, App,
& Network Activity
Capabilities Needed to Protect Mobile
Devices from Advanced Threats
©2015 Check Point Software Technologies Ltd. 25
Key Feature Comparison
Net
wo
rk
Ven
do
rs
Ch
eck
Po
int
Fir
eEye
Lo
oko
ut
Zim
per
ium
Sky
cure
Pal
o A
lto
Net
wo
rks
Detect unknown
malicious apps
1 2
Detect changes to OS &
device exploits
3
3
4 4
Detect connections to
malicious networks
(MiTM)
Full device Risk
Assessment (Correlate
Device, App and Network
Activity)
5
5
6
7
Adaptive Mitigation &
remediation
8 8 8
Cloud Based Mobile
Threat Presentation
9
Secure Container for
mobile devices
10
10
10
10
10
Summary
A complete Mobile
Threat Prevention
Solution
1) Behavioral Analysis
only
2) Android apps only
3) root/jailbroken device
4) Device monitoring
How to Compete Against...
FireEye • Focus only on Applications – The solution cannot prevent other attack vectors
such as network and mobile OS exploits , leaving the device exposed to
vulnerabilities
• No proactive protection – The solution requires 3rd party solution (MDM) in order
to mitigate threats on already infected devices at an extra cost
Lookout • Focus only on Applications – The Solution cannot prevent other attack vectors
such as network and mobile OS exploits, leaving the device exposed to
vulnerabilities
• No proactive protection – The solution requires 3rd party solution (MDM) in order
to mitigate threats on already infected devices at an extra cost
• Limited integration with enterprise MDM’s (only MobileIron & Airwatch)
Zimperium • Limited detection methods – the solution uses only behavioral analysis to detect
malicious activity on the device, leaving it exposed to more sophisticated attack
vectors
• No proactive protection – The solution requires 3rd party solution (MDM) in order
to mitigate threats on already infected devices at an extra cost
• Limited integration with enterprise MDM’s (only MobileIron & Airwatch)
Skycure • Partial Protection – the solution focus is on network exploits (MiTM) with weak
protection against other attack vectors such as malicious applications and OS
exploits which leaves the device exposed to vulnerabilities
Palo Alto
Networks
• On-premise solution only – All mobile traffic must be backhauled to on premise
PAN hardware (Management and Gateway at an extra cost) . Redirection of mobile
traffic can cause bandwidth and latency issues for mobile traffic
• Partial protection – Palo Alto Wildfire can analyze only android applications. It has
limited ability to protect against iOS based attacks and exploits
5) Only apps
6) Network &
apps
7) HIP only
8) Requires MDM
9) w/ On-premise
appliance
10) Via 3rd party MDM
Competition– Check Point Mobile Threat Prevention
©2015 Check Point Software Technologies Ltd. 26 ©2015 Check Point Software Technologies Ltd.
THANK YOU