Junos Pulse Mobile Security Suite

sandwichclippersMobile - Wireless

Nov 24, 2013 (3 years and 8 months ago)

88 views

Securing the Mobile Workforce

JUNOS
PULSE

MOBILE SECURITY
SUITE

Niklas Henriksson

Senior
Systems Engineer

nhenriksson@juniper.net


2

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net



Why Mobile Security


What is Junos Pulse/Junos Pulse Mobile Security Suite


Junos Pulse Mobile Security Console


Summary

AGENDA

3

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Challenges of Today’s Environment

Multiple Types of Devices and Providers

Multiple Device Owners

Personal Devices Used for Work Activities/Work
Devices Used for Personal Activities

User’s implored to download applications and
store data

User’s demand to use devices to fullest potential

4

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Challenges of Today’s Environment

Mobile Devices are Mobile Computers…

are they being protected the same way?

5

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Copyright 2008 SMobile Systems

Page
5

Mobile Security Threat Environment



Malware

-

Viruses, Worms, Trojans, Spyware



Direct Attack

-

Attacking device interfaces,

browser exploits, etc.



Loss and Theft
-

Accessing sensitive data



Data Communication Interception
-

Sniffing data as it is

transmitted and received



Exploitation and Misconduct

-

Online predators, pornography,

inappropriate communications





MOBILE SECURITY THREAT LANDSCAPE
-

GTC

6

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


THE NEED FOR MOBILE SECURITY

AT
&T


SANS.org:12% infection from
their own independent study


Fortune 15 customer: 5%
infection rate


Alcatel
-
Lucent: Study of carrier
network traffic noted ~10% of
traffic was from Malware and
unwanted applications

Details from Juniper Analysis


61% of reported infections from
Spyware, capable of monitoring
communication from the device


17% of reported infections were
SMS Trojans that charge
money to device's account

Infected

Mobile Malware
Statistics


1 in 20 of our registered users
have had their devices lost or
stolen and wanted to protect their
data


1/3 of registered accounts have
attempted to locate their device
via GPS


77% of those that attempted to
locate their device also issued a
lock device command


30% of those users never
issued an unlock command to
the device


21% were forced to completely
wipe their device with the
assumption that it had

been lost/stolen

Mobile Anti
-
Theft
Statistics


Employees Expect Mobile Access
to Enterprise Applications



Turn your mobile device into a full
blown secure corporate
computing device
-

secure
remote VPN with strong AAA,
encryption, and always on
malware/virus protection



Role
-
based access to all
applications authorized for mobile


and enforcement of mobile
device policies


Corporate
Computing Devices

7

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Fundamental Product Components

Protect



The device, enterprise networks;
enterprise and personal data

Control



Manage devices, control access to
network resources, control and gain insight
into data and usage

Connect



Securely to corporate networks,
service provider networks

8

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Mobile Security
Enterprise

Value
Proposition and Product Strategy

Allows for increased productivity

Allows for heterogeneous mobile environment

Facilitates compliance with internal and external
regulations

Protects enterprise data

9

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net



Why Mobile Security


What is Junos Pulse/Junos Pulse Mobile Security Suite


Junos Pulse Mobile Security Console


Summary

AGENDA

10

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE (FOR WINDOWS)


Dynamically provisioned client for:


Connectivity


Security


Acceleration


Support for notebooks, netbooks,
and smartphones


Location aware and identity
-
enabled


Standards
-
based


Platform for select third party
applications



Builds on Juniper’s market
leading SA Series SSL VPN,
UAC solution, and WXC
Series technology!

11

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Applications

(of any type)

JUNOS PULSE COMPONENTS

Junos Pulse Gateways


Junos Pulse

Client

Junos Pulse

Client


Juniper Extensive
“Clientless”/ Browser
Support


SA Series SSL VPN

(also available as


virtual appliance)

IC Series UAC

WXC Series

Application Acceleration

12

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net



JUNOS PULSE AS AN INTEGRATION PLATFORM

Junos Pulse Gateways



A

P

P


1

A

P

P


2

A

P

P


3

A

P

P


4

A

P

P


1

A

P

P


2

A

P

P


3

A

P

P


4

Junos
Pulse

Platform

Base OS

Junos

Pulse

Applications

NOTE: Applications different per OS

Junos Pulse is also an integration platform for select third party
applications and services

Applications



SSL VPN



NAC


Application
Acceleration



EES



and more

Junos Pulse

Client

13

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


SA Series SSL

VPN Gateway


Junos Pulse Mobile

Security Gateway

Junos Pulse Client

JUNOS PULSE MOBILE SECURITY

ARCHITECTURE

Corporate

Applications

(of any type)

Dedicated or Virtual

Appliance Deployment

Secure, Hosted Deployment

Datacenter

Secure

Connectivity

Mobile

Security


14

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Designed to Provide:

JUNOS PULSE MOBILE VPN + SECURITY SOLUTION


Granular role
-
based, secure access control on mobile devices


Security from malware, viruses, and spam for a broad range of mobile devices


Ability for enterprise IT to alleviate primary concern with mobile devices and
smartphones

loss/theft


Flexibility and ability for enterprise IT to support employees’ personal devices in a
zero
-
touch deployment model

iPhone

Google Android

Win Mobile

Nokia Symbian

BlackBerry

Broad, comprehensive mobile platform support

15

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Solution Architecture

Junos Pulse Client

Partner API Integration

Web
-
Based Management
Console Access

Juniper Management
Gateway

Primary Network
Operations Center

Secondary Network
Operations Center

Virtual Web Cluster

Virtual Database Cluster

Virtual Web Cluster

Virtual Database Cluster

Could service offered as SaaS

Juniper SA

SSL VPN

Corporate Network

16

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


Solution Communication

Junos Pulse Client

Partner API Integration

Web
-
Based Management
Console Access

Juniper Management
Gateway

SMS

SOAP/HTTPS

SOAP/HTTPS

SOAP/HTTPS

HTTPS

17

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE SMARTPHONE CONNECTIVITY


Covers range of application access requirements


Web VPN (browser
-
based applications)


Secure Email (secure ActiveSync proxy)


Full Layer 3 Tunnel


Unparalleled “Data in Transit” Security


Leverages SSL VPN


Multi
-
factor authentication


Granular auditing and logging

18

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE MOBILE SECURITY SUITE


Comprehensive Smartphone Device
Management and Security Solution


Antivirus


Firewall


Anti
-
Spam


Loss/Theft Protection


Device Monitoring/Control


Sold with SA Series SSL VPN or as
standalone


Requires Junos Pulse Mobile Security
Gateway


Cloud
-
based/hosted

19

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


INTRODUCING THE

JUNOS PULSE MOBILE SECURITY SUITE



Real
-
time protection
updated
automatically


Scans files received
over
all

network
connections


SMS, MMS, email,
direct download,
Bluetooth, infrared,
etc.


On
-
demand scans
of
all

memory or full
device


Alerts on detection




Inbound/Outbound
Port +IP Filtering
automatically


Full control of
alerts/logging


Default (high/low)
filtering options +
customizable




Blacklist filtering


blocks voice and
SMS spam


Block calls,
messages or both


Automatic adds
contacts to blacklist


Message settings


Save to Inbox, save
to spam folder or
delete


Disable alerts for
incoming messages
(option)


Automatic denial for
unknown or
unwanted calls




Remote Lock and/

or Wipe


GPS Locate/Track


Device
Backup/Restore


Remote
Alarm/Notification


SIM Change
Notification



Application
inventory and
removal


Monitor SMS,
MMS, email
message content


View phone call log
and address
book/contacts


View photos stored
on device

ANTIVIRUS

PERSONAL
FIREWALL

ANTI
-
SPAM

LOSS/THEFT

PROTECTION

DEVICE
MONITORING and
CONTROL

20

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE MOBILE SECURITY SUITE

LOSS/THEFT PROTECTION


Features


Remote Lock and/or Wipe


GPS Locate/Track


Device Backup/Restore


Remote Alarm/Notification


SIM Change Notification


Supported Platforms


Microsoft Windows Mobile 6.x


Google Android 2.x


Nokia Symbian S60


iPhone: Q2 2011

21

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE ENTERPRISE
SOLUTION

FOR MOBILE DEVICES

BlackBerry
4.2*

Windows
Mobile 6.x*

Symbian S60
3
rd

& 5
th

ed*

Google

Android v2.x*


iPhone/

iOS 4.1

VPN with
Juniper SA
gateway

L3 VPN proprietary
to BlackBerry


Y

Y

Y

(for email
and web
access)

Y

Antivirus

Y

Y

Y

Y

Not possible due

to
OS restrictions


Personal
Firewall

Not possible due to
OS restrictions

Y

Y

Not possible due to
OS restrictions

Not possible due to
OS restrictions


Anti
-
Spam

Roadmap

Y

Y

Roadmap

Not possible due to
OS restrictions


Monitor and
Control

Y

Y

Y

Y

Roadmap

Backup

and
Restore

Y

Y

Y

Y

Roadmap


Loss/Theft
Protection

Y

Y

Y

Y

Roadmap


*
Junos Pulse for Google Android and Junos Pulse for BlackBerry will be available in late October 2010. Junos Pulse for Nokia
Symbian will be available in late Q1 2011. Junos Pulse for Windows Mobile will be available in late December 2010.

22

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE MOBILE SECURITY SUITE

LICENSING


Licenses Sold as 1, 2 or 3
-
year Subscriptions for Number of Handset
Devices to Secure

Ranging from 50 to Tens of Thousands


License includes
Junos Pulse Mobile
Security
Gateway
available as a
Software
-
as
-
a
-
Service
(SaaS)
hosted on Juniper’s
data center


SA Series 7.0
R2 will
include
Host Checker
option on the admin
UI
for
Mobile Devices


Enabling the feature

will require the
Junos
Pulse Mobile
Security
Gateway


Enabling the feature

will require the security
client software

on the mobile devices

Junos Pulse Client


Applications
for each
mobile platform will be
available in respective
App Stores


Applications
will
include mobile security
features, activated

only upon license
enablement

23

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net



Why Mobile Security


What is Junos Pulse/Junos Pulse Mobile Security Suite


Junos Pulse Mobile Security Console


Summary



AGENDA

24

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS

PULSE
MOBILE SECURITY

SUITE

MANAGEMENT CONSOLE: INTRODUCTION

The Junos Pulse Mobile Security Suite Console is where an administrator
can:


Manage devices (Add / Edit / Remove)


Manage user accounts (Add / Edit / Remove)


Change mobile security policies


View reporting


Send commands to remote devices



25

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE
MOBILE SECURITY

SUITE

MANAGEMENT CONSOLE:
THE ENTERPRISE

The enterprise is the container to which
devices are added


The enterprise defines what features are
available for the administrator to enable
(AV, Anti
-
spam, Firewall, Monitor and
Control)


The “Enterprise Code” is the code that a
user enters in Junos Pulse to bind their
phone to the Junos Pulse Mobile
Security Suite Management Console


The enterprise can be configured to
require user accounts, or create them on
the fly



26

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


MANAGEMENT CONSOLE:

ENTERPRISE SECURITY POLICY

The default policy for devices joining an
enterprise is configured under Settings


You can define the default policies for:



Antivirus



Personal Firewall



Pointguard

(Anti
-
spam)



Monitor and Control


Applies to all devices that join the
enterprise



Can be overridden by device policy


27

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE
MOBILE SECURITY

SUITE

MANAGEMENT CONSOLE: USERS

Users can be created by an
administrator or can be created when a
device registers


Users can have multiple devices (which
will all be listed at the bottom of the
user page)


Administrators can also create user
groups to which commands may be
sent


28

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE
MOBILE SECURITY

SUITE

MANAGEMENT CONSOLE: DEVICES

This is the detailed view when you click
on a device


You can view details for the device,
including:



Phone Number



ESN



IMEI



Phone model and software version



etc.


You can override the default policies for
enterprise for individual devices. This
can be done for:



Antivirus



Personal Firewall



Pointguard

(Anti
-
spam)



Monitor and Control


Device groups can also be created


29

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE
MOBILE SECURITY

SUITE

MANAGEMENT CONSOLE: COMMANDS

Commands give you the ability to
send actions to mobile devices
running Junos Pulse


Sending a command to a mobile
device will send a SMS command
that Junos Pulse will intercept and
then perform the action


Commands are used for actions
like:



Remote locking a device



GPS tracking



Remote wipe



etc.


Commands can be sent to devices,
device groups or user groups

30

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE
MOBILE SECURITY

SUITE

MANAGEMENT CONSOLE: REPORTING

Reporting is where an administrator can view the following reports:



Monitor and Control (Pictures, Messages, Contacts, Apps)



Virus reports



GPS Tracking reports



App revocation



General reporting



Command tracking (auditing SMS commands sent)



31

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net



Why Mobile Security


What is
Junos

Pulse/
Junos

Pulse Mobile Security Suite


Junos

Pulse Mobile Security Console


Summary



AGENDA

32

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE
AND MOBILE SECURITY SUITE

ENTERPRISE VALUE PROPOSITION

Ability for enterprise IT to
alleviate primary concern

with mobile devices and
smartphones

loss/theft

Flexibility and ability for
enterprise IT to support
employees’ personal

devices in a zero
-
touch
deployment model

Secure, remote VPN

reinforced by strong security
against malware, viruses all
in a single client

Role
-
based access to
applications authorized for
mobile users

web, email

or client
-
server applications

SECURITY ON A BROAD RANGE OF MOBILE PLATFORMS

33

Copyright
© 2010 Juniper Networks, Inc. www.juniper.net


JUNOS PULSE
MOBILE SECURITY
SUITE

VPN AND
MOBILE SECURITY

COMPLEMENTARY AND WORK WITH EACH OTHER

SSL VPN Solution

(with the SA Series

Gateway, running SA Series 7.0)


Available for Google Android, Nokia
Symbian, Apple iPhone,

and Microsoft Windows Mobile


Requires the Junos Pulse Gateway

(SA Series SSL VPN) with the Junos
Pulse client on mobile devices

Junos Pulse Mobile Security
Suite (with Junos Mobile
Security Gateway)


Available for Google Android, Apple
iPhone, BlackBerry, Nokia Symbian,
and Microsoft Windows Mobile


Requires the Junos Pulse Mobile
Security Gateway in addition to the
Junos Pulse client on mobile
devices

Strictly Juniper Confidential