Cisco Systems

Business Driver: Zimperium Mobile Threat Defence

 

Business faces numerous conundrums when allocating resources that improve employee productivity and enhance the customer experience. Sales staff revel in their ability to work in the field and act more responsively to client requests. Many customers prefer the self-service approach to supply-chain management that enables online ordering and real-time ordering and inventory requests. This effectively increases the “surface area” that an organisation’s IT professionals must patrol and protect. Analysts like Ponemon and Gartner have identified mobile device security as a core threat that must be addressed to further mitigate security risks.

 

According to Chief Security Officer (CSO) Magazine mobile threats can be divided into seven key threat vector subsets;

 

Data Leakage and Data Loss Prevention

 

Losing sensitive data either inadvertently as a result of error or from a direct threat like malware or a targeted hacking attack risks reputational damage and possible financial loss. To counter this threat the deployment of mitigation measures that protect users from themselves and orchestrated threats can reduce or eliminate the potential threat.

 

Social Engineering

 

After nearly two decades of intense scrutiny and harsh lessons, 91% of cybercrime begins with a simple email. For those in the field accessing digital assets, distractions can limit even the most security conscious employees from practicing good security. Clicking on a bad email link that eluded the spam filter happens, irrespective of security awareness training provided by diligent employers. Mobile devices provides a vector through which Enterprise can still be compromised, in spite of IT administrator’s best efforts to mitigate these risks.

Value Proposition: Zimperium Mobile Threat Defence

 

Diligently protecting mobile devices is vital to protect every link in the Enterprise computing chain against compromise. The mobile device landscape is challenging and requires safeguards that are unique to the types of endpoints management and their employees are using. Further complicating the mobile device ecosystem is the widespread adoption of bring your own devices (BYOD) that fall outside (in many cases) security policy enforcement. Anecdotal evidence suggests that 60% of endpoints within an organisation are mobile which represents a pervading threat that must be mitigated. To meet the unique threats posed by the mobile landscape it’s a critical determinant that organisations justify the added overheads required to protect mobile endpoints;

 

Detect Compromise

 

Identify the breach and notify IT administrators

 

Anomalous Behaviour

 

Analyse application behaviour for malicious or unusual patterns

 

Monitoring

 

Block surveillance or data interception attempts

 

Authorise Access

 

Block unsanctioned attempts to commandeer microphone or camera

 

Wi-Fi and Access Points

 

How many times have you accessed “free” wi-fi in the last year? For security savvy professionals the likely answer is never. If you believe the vendor research, nearly one quarter of devices have connected to insecure network connections or have had data intercepted with targeted “man-in-the-middle” attacks.

 

Un-patched Mobile Software

 

Application and security updates for mobile devices is a hit-and-miss affair at best. Leading vendors take their responsibilities seriously and enforce a solid security regimen upon their devices. This applies to IOS and Android based machines that must meet compliance standards before they gain admission to an organisation’s corporate assets. Bad policy and BYOD have muddied the waters and require intensive oversight to ensure compliance with policy and good practice.

 

Hijacking Devices for Nefarious Purposes

 

Every device with a network connection poses a potential risk if they are commandeered by malignant entities for illicit purposes. Most people are aware of the more common threats like capturing a PC’s camera or hacking a home router but compromising a mobile phone to be press-ganged into mining crypto-currency seems unlikely and laughable. It’s already happened. If there is a way to steal resources, criminals will find a way to exploit any and all mobile device weaknesses.

 

Password Breaches

 

An ongoing, seemingly insurmountable challenge.

 

Physical Security

 

Unprotected mobiles can still be found across every Enterprise. Not setting a PIN or storing inappropriate data insecurely on mobile devices still occurs in spite of relentless training and the most rigid policy settings.

 

Malware

 

Stop “phishing” attempts

 

Privacy

 

Block attempts to compromise end user and corporate privacy

 

Support IOS and Android Devices and Applications

 

One application that protects 95% of mobile devices

 

Product Overview – Zimperium’s Mobile Threat Defence

 

Zimperium’s Mobile Threat Defence mobile device protection suite protects mobile devices using Android and IOS operating systems. The product range is optimised for Enterprise environments and complement other existing safeguards by focussing solely on mobile security safeguards.

 

The organisation offers a broad range of mobile risk measures including;

 

z9 – Machine Learning

 

Lightweight, low-latency on-device mobile security that was designed specifically for iOS and Android mobile deployment. z9 uses machine learning to proactively detect and prevent threats

 

zIPS – Mobile Device Technology

 

Mobile Threat Defence detects and prevents intrusion and provides mobile threat forensics to assist administrators mitigate and prevent intrusion

 

Z3A – Mobile Application Analysis

 

Automated Application Analysis that provides detailed audits and insights into published apps

 

zIAP – Software Development Kit (SDK) suit z9

 

Beef up the security of your applications by embedding security safeguards directly into your own mobile apps

 

Links and Resources