Assurance for the Mobile User:

mashpeemoveMobile - Wireless

Nov 24, 2013 (3 years and 6 months ago)

61 views

Assurance for the Mobile User:

Mobile Device Security

Symantec Mobile Enterprise Security

2

Agenda

Who are we?

Evolving Device Security Market

Call To Action




1



2



3

Market for Device Security


Symantec Mobile Enterprise Security

4

Consumers Grow Sophisticated as
the World Converges..

Mobile Content, Services, Providers
all Converging …


Emergence of the “Prosumer”


Better Devices


100 Million Symbian Smart
Phones shipped to
-
date


High penetration in matured
markets & youth segments in
emerging markets


IMS Services Enabled Devices



Richer Content


Open Standards Push eMail


38.2% CAGR grow in Mobile
eMail


Richer Content on Devices


Better cameras, more storage


Richer Services


M
-
Commerce Resurgence


Content to Blog sites


Symantec Mobile Enterprise Security

5

The Smart Phone Security “Perfect
Storm”



Outdated Thinking
:

75% of companies have not addressed smart phone security*

(60% cite security as biggest mobility obstacle*)

IT
is

Organizing
:

Ad hoc deployment giving way

to centralized policies that
include all endpoints

(Server, PC, Laptop
and

Mobile)


Mobile/wireless IT spending likely
to exceed IT budget growth in
many organizations: 12.5% avg.
growth rate



(Source: Gartner)

Increasing Mobile Device Threats
:
Mobile virus variants have doubled
every 6 months since 2004

(235 mobile virus variants in H1’06)

(Source: Symantec Security Response)

Enterprise Faith
:

80% of companies are
allowing corporate
data on devices, yet
continue to not secure
the data*

Fastest Growing Device Segment
:
Smart phone growth = 77%

Other mobiles = 27%

Mobiles out ship PC’s 5:1 in 2006

(Source: Canalys for H1’05 to H1’06, IDC & Gartner)


* Q1 2006

Symantec survey conducted by
Economist Intelligence Unit

Symantec Mobile Enterprise Security

6

Global Survey on Enterprise Attitudes
Toward Mobile Device Security


OBJECTIVES


To explore corporate attitudes regarding enterprise mobile device
security


Survey done against 248 companies headquartered in North
America , Western Europe, and Asia Pacific


RESULTS


60% said security biggest obstacle


Only 9% addressed security issues


88% of companies deals with security on an ad
-
hoc basis or do not
address it at all


25% of senior management fully understands the risks of mobile
computing in North America, compared with 30% in Western
Europe and 37% in Asia Pacific.




4 out of 5 companies surveyed view the risk of mobile data services
the same or greater than wired data risks.


Source : Economist Intelligence Unit

Symantec Mobile Enterprise Security

7

Global Survey on Enterprise Attitudes
Toward Mobile Device Security


NOTABLE DATA


Reasons for companies permitting mobile access


Improve employee productivity
-

73%,


to enable increased business flexibility
-

46%, and


increase responsiveness to customers
-

33%.


POLICIES ON STORAGE OF CORPORATE DATA


While 21% of North American companies allow storage of corporate
data on employee
-
owned mobile devices and leave security to
employees, only 13% of companies in other global regions do the
same.



Only 53% of North American companies limit storage of corporate
data to company
-
owned mobile devices; 64% of companies outside
North America allow storage of corporate data only on company
-
owned devices.


Source : Economist Intelligence Unit

Symantec Mobile Enterprise Security

8

New Symbian Threats by Month
0
5
10
15
20
25
30
35
Jun-04
Jul-04
Aug-04
Sep-04
Oct-04
Nov-04
Dec-04
Jan-05
Feb-05
Mar-05
Apr-05
May-05
Jun-05
Jul-05
Aug-05
Sep-05
Oct-05
Nov-05
Dec-05
Jan-06
Feb-06
Mar-06
Apr-06
May-06
Jun-06
Jul-06
Month
Number of New Treats
Threats
Cabir released

Skulls[A
-
B] released

Cabir.B Released

Cabir Source Code released

18 Variants in 1 Month

Commwarrior[A
-
B], Dampig, Drever[A
-
C], Skulls[E
-
H] released

Doomboot[A
-
C], Skulls[K
-
L],
Cabir.U released

First Symbian Spyware

Released.

Threat Landscape:

Wireless Threats Continue to Proliferate


Symantec Response has already identified over 30
vulnerabilities on the Windows Mobile 5 OS. Threats for
Windows Mobile are likely to follow a similar evolution
pattern as Symbian and PC threats.

Symantec Mobile Enterprise Security

9


Increasing amount of personal content on mobiles


Highly personal pictures, videos e.g. lost mobile content in HK
sold for profit


Attacks now for Financial Gain… not Notoriety



30 of the top 50 threats exposed user confidential data (source
Symantec ISTR X
http://www.symantec.com/enterprise/threatreport/index.jsp
)


Premium SMS attacks can drain user accounts


RedBrowser.A and Webser released in February 2006


No predictive fraud detection methods in many mobile payment
mechanism similar ass offered by Visa and MasterCard


Devices increasingly becoming payment instruments


Pay
-
with
-
a
-
wave in Japan, UK… add financial risk to mobile

New Platform, New Risks:
Pranking4Profit

Mobiles are becoming digital wallets and identities

but

Mobile payment fraud methods are comparatively immature

Symantec Mobile Enterprise Security

10


People are the Perimeter
: Mobile blurs the
distinction between Employee and Consumer,
between user and network


If a mobile phone is always with you… it is always a risk


70% use their mobile phones as alarm clocks
(source ICM Research)


Snoopware: Mobile spyware exploits the telephony
apps… not eMail


Consult the calendar to determine the best times to snoop


Remotely activate the microphone to eavesdrop on conversations or
spy via pictures and video


Examples: FlexiSpy and iCam (available April
2006)

New Platform, New Risks:
Snoopware… an Invasion of Privacy

Snoopware puts a Stranger in your Bedroom

and a Competitor in your Boardroom

Symantec Mobile Enterprise Security

11


Loss/Theft/Damage of a mobile device far more likely than
PCs


Phones lost 15X more frequently than PC’s by some estimates


In the UK,
20,000 devices are lost or stolen in the UK
each month

and

one third of all robberies now solely involve mobile phones
(Sources: ARC & UK Gov’t Stats)


Loss Mitigation: Flexible defense to match the risk


Anti
-
Virus, Remote wipe and kill, Data Encryption, File Activity Log


AV prevents undetected loss of data


Activity Log = peace
-
of
-
mind & a regulatory compliance option
without the overhead of encryption


Future of Loss Mitigation: Data Backup and Recovery


Data tagged as personal or business, encrypted on the phone,
sent over
-
the
-
air and targeted at either the work or home PC
for back
-
up

New platform, New risks: Mobile
Loss Mitigation

Lost phones hurt everyone: Users, Employers and Operators


Symantec Mobile Enterprise Security

12





Call to Action

Managed Anti
-
Virus

Prevent virus &
malware outbreaks

Anti
-
SPAM

eMail SPAM
prevention

Secure User
Identities

Prevention of
identity theft

IM Threat Protection

SPAM prevention
on IM

Managed Apps
Back Up & Storage

Protecting
business critical
information

Managed Web
Content

Prevent attacks on
corporate web
sites

Mobile Device
Protection

Anti
-
Virus &
Firewall

Managed Anti
-
Virus

Prevent virus &
malware outbreaks

Anti
-
SPAM

eMail SPAM
prevention

Q&A