Securing BYOD in Three Easy Steps

Download Securing BYOD in Three Easy Steps

Post on 12-May-2015




1 download

Embed Size (px)


More than 80% of companies are already experiencing the Bring Your Own Device (BYOD) trend, and further growth is expected over the next few years. But, fewer than half of all companies are actually doing something about the security risks that BYOD brings. In this Rapid7 webcast, Rapid7's VP/GM of Mobile, Giri Sreenivas, will provide examples and explain the severity of recent mobile exploits, and outline a simple yet highly effective three-step process to manage a company's mobile risks. To download a free Mobilsafe demo, click here:


<ul><li>1.Securing BYOD Giri Sreenivas VP and GM, Mobile Dirk Sigurdson Director of Engineering </li></ul> <p>2. 2 Giri Sreenivas VP and GM, Mobile Rapid7 Presenters Dirk Sigurdson Director of Engineering Rapid7 3. Big, pervasive trend 80+% of companies experience it today Fewer than half of all companies have begun to manage it Do nothing, ActiveSync or MDM What can you be doing to secure BYOD? BYOD Is Here To Stay 3 4. IT - Enforcer Roles of IT and Security for BYOD 4 Security Advisor 5. Rest of IT Resources Written, legally vetted acceptable use policies Dedicated operations staff Controls, tools Risk assessment Remediation / mitigation plans 5 Going With What You Know To Enable BYOD BYOD + Mobile Acceptable use policy is under revision for end user acceptance Yet another system for existing staff MDM, MAM, EMM, MCM, ? ? 6. Lost/Stolen Devices and Terminated Employees Jailbroken Devices / Custom ROMs Malware / Trojans User Behavior with apps Promiscuous apps Phishing Sniffing / MITM Top Mobile Threats 6 7. Numerous examples where policies and controls fail to protect data DroidDream PDF exploits Web site exploits iOS Lockscreen Bypass Todays focus: DroidDream and iOS Lockscreen Bypass Attacks Know your vulnerability risk But We Have Policies And Controls?! 7 8. Initially showed up in iOS 4.1 Took approximately 1 month for an OS update to patch the vulnerability Regressed in iOS 6.1 with one bypass attack A second bypass attack was discovered shortly after the initial attack No assurances on policies and controls for lost/stolen devices iOS Lockscreen Bypass 8 9. 9 10. Approximately 60 apps and games in the Google Play Market were pirated and had DroidDream embedded in them in 2011 These pirated/infected copies were downloaded by approx. 250,000 phones The malware looked to exploit two vulnerabilities to gain root access Upon gaining root access, the malware package downloaded and installed another malicious application from a C&amp;C server From there, information was exfiltrated off devices DroidDream Malware: Breaking It Down 10 11. 11 12. Get visibility into all devices and users accessing corporate resources Assess the vulnerability risk these devices present 49% of Android and 18% of iOS devices have at least one high severity vulnerability Take mitigation and remediation steps to reduce or eliminate risks to your data Only 6% of devices with latest firmware version have a high severity vulnerability Manage Your Mobile Risks 12 13. Available for on premise Exchange and starting last week, available for Office365 Demo to follow Mobilisafe: Mobile Risk Management 13 14. Mobilisafe available for on premise Exchange and starting last week, available for Office365 Take Mobilisafe for a test drive! Try our online demo: Q&amp;A 14 15. Thanks! Contact: </p>


View more >