Mobile Security: We Are The Enemy

Mobile devices have changed the cybersecurity landscape for large enterprises.  And anyone in cybersecurity will tell you that even the most sophisticated attacks often originate from the weakest link in any corporations’ security: humans.

Mobile security is a big problem, and it’s not going to go away.

According to a recent whitepaper citing a survey from IDG Research, roughly two thirds of organizations have a mobility program in which they give out a cell phone or have a corporate app. And 74% of survey respondents say that their companies had experienced a data breach due to a mobile security issue, almost always extending from malicious apps or unsecured WiFi.

Cybersecurity firm Proofpoint recently revealed that a rogue app store — given the delicious moniker “DarkSideLoader” — had been allowing iOS users to download free apps using a process known as sideloading. On iOS devices, sideloading is typically only allowed for enterprise customers that create their own apps and don’t want them available publicly on Apple’s app store.

However, the rogue store stole the enterprise code keys that allow these apps to be downloaded onto a device that hadn’t been jailbroken — a term referring to the removal of software restrictions on a mobile device, allowing apps or extensions from any source to be downloaded and used.

“The App Store was super-locked-down in the beginning,” says Ryan Kalember, SVP of cybersecurity strategy at Proofpoint. “They’ve never really veered from that, except for allowing sideloading for enterprise customers. This opened up security vulnerability that was unexpected. Now Apple’s got to play whack-a-mole as long as they allow enterprise sideloading.”

Often the offending apps are found on executives’ devices, which, at this point in history seems nearly inexcusable. There’s no way to eliminate the human element from a corporation, but maybe if we all took the time to think a little more like robots, it’d be harder for hackers to get into our data.

NOAA to expand high-speed data network beyond researchers

The National Oceanic and Atmospheric Administration is moving away from using separate computer networks for research and mission needs.

This consolidation will give mission areas access to the high-speed network called N-Wave.

“It’s a 10-gig network and it’s going up to 100 gigabytes and what we are doing is moving it from research to operations,” said Zach Goldstein, NOAA’s chief information officer. “It started as the network we built to move our massive amounts of supercomputer data around the country but because of the economics and reliability of the system, we are finding that our mission systems—backups to satellite archiving functions and so on—are using the network as well. Now that we have all these dependencies upon it, we are doing to the network what we do to our model and so many other things a NOAA is transitioning them from research to operations. We’ll be able to use the N-Wave network as the backbone for further network consolidation to improve support to our customers.”

NOAA says N-Wave is a highly scalable, stable and secure network built using 10GB-per-second Wave Division Multiplexed (WDM) fiber-optic links supplied by partners in the national Research and Education (R&E) network community including: Internet2 (I2), the Global Research Network Operations Center (GRNOC) and the National LambdaRail (NLR).

Goldstein said over the next year or two  N-Wave will be the largest single network across NOAA. He said he expects NOAA to continue to run a dedicated operational network inside the National Weather Service for handling communications between supercomputers and the folks who generate products from the supercomputers, and also the meteorologists who add their skills to the computer models to produce the best forecast possible.

Goldstein said security requirements for that NWS network is why N-Wave will not be the one NOAA network.

The network consolidation is part of NOAA’s ongoing technology modernization effort.

The Commerce Department bureau was one of the first agencies to move its e-mail to the cloud—moving 25,000 employees to Google Apps for Government in 2012.

Since then, NOAA has made additional awards to Microsoft and Amazon for infrastructure and platform-as-a-service offerings.

Goldstein said the most recent award to Amazon Web Services came in September for $9.9 million.

“We are moving out in a smart way. We are taking out time and organizing our efforts so that we can gain economies of scale, save infrastructure costs and have a single security boundary for multiple systems in the cloud,” he said. “Once our customers are using the cloud, we will have additional economies through systems administration and maintenance. We have these two cloud providers to help use learn how we handle transition and optimize the services we receive.”

He said Office of Marine and Aviation Operations and the National Ocean Service are using the Microsoft Azure cloud.

“We are still working out the mechanism for folks to choose where to go,” Goldstein said. “We are putting together a more formal process for moving to AWS. In both cases what we want to do is get a better handle on the commonality opportunities so we don’t want everybody to simply bring their own system administrator for their instance. We don’t want to have everybody to figure out how they will the security element that is not being provided by the cloud provider, and then we will be putting in place the infrastructure for both and based on the natural parameters of the application that is being moved and the economics, we will make decisions.”

He said NOAA will use the cloud instances for everything from application hosting to storage, with the big opportunity for test and development.

In October, Goldstein announced that his office would create a shared service to acquire, broker and manage single NOAA accounts for AWS and Microsoft.

“The shared service will be incorporated into the NOAA Enterprise IT Services Catalog and operated by the NOAA OCIO Service Delivery Division (SDD) by November 16, 2015,” according to the NOAALink User’s Quarterly newsletter posted to the agency’s website. “The only authorized means of obtaining AWS and Microsoft Azure cloud services is via the NOAA OCIO shared service.”

Commerce CIO Steve Cooper has been pushing the department toward enterprise services for commodity IT over the last year or so. Four working groups have been examining the opportunities across technology, finance, human resources and acquisition.

Goldstein said NOAA will lead the cybersecurity shared services piece.

In fact, NOAA will release a solicitation in the coming months for its cybersecurity center.

“It’s going to differentiate to what we are doing today because in addition to having folks on premise monitoring systems, doing automatic correlation of events, we are looking to industry to see if they can offer us as part of that offering security-as-a-service and other ideas about how we can more efficiently provide corporatewide security services,” he said. “The contract is both to support the Department of Commerce enterprise security operations center and the NOAA computer cybersecurity center. They are co-located. They will share a contractor team. They share infrastructure and they are in the same high impact security boundary.”

Goldstein said the request for proposals is expected in the spring and an award by September.

VMware, Intel team up for mobile security

The collaboration will help eliminate the 'mobile blind spot' that currently exists in many enterprises' security, says VMware's Jansen van Rensburg.

The collaboration will help eliminate the ‘mobile blind spot’ that currently exists in many enterprises’ security, says VMware’s Jansen van Rensburg.

Intel Security and AirWatch, VMware’s enterprise mobility subsidiary, are partnering in an effort to help organisations manage security issues caused by mobile devices in the enterprise.

AirWatch and Intel have joined each other’s mobile security programmes to help enterprise customers extend security protection across mobile devices, PCs, operating systems, the network and the cloud, says VMWare.

VMware has become a member of the Intel Security Innovation Alliance, while Intel Security has joined the AirWatch Mobile Security Alliance.

Solutions developed by Intel Security would now be integrated with VMware’s AirWatch platform as part of a new agreement.

According to Ian Jansen van Rensburg, senior systems engineering manager at VMware, Southern Africa, AirWatch and Intel will together simplify advanced mobile security administration to give companies protection against threats to any mobile device, their applications and networks.

  See also

Jansen van Rensburg says the alliance will make it easier to manage the flow of mobile device data, such as device attributes and location, into security management tools.

This can help eliminate the “mobile blind spot” that currently exists in many enterprise security infrastructures and will allow security teams to better manage events and incidents across a variety of devices and operating systems, he adds.

“To drive mobile business transformation, organisations need their foundational security elements they already leverage across their enterprise work seamlessly across their mobility assets,” says Noah Wasmer, vice president of mobile engineering and product management, end-user computing at VMware.

Jansen van Rensburg notes many companies are allowing their staff to access business critical applications and data from mobile devices without any mobile device management or security in place on these devices. “Hackers can exploit these devices through the Internet.”

He adds security has a big influence on devices but some companies are still allowing users to access business critical applications and data from their personal (not secured or managed) mobile devices.

Therefore solutions like AirWatch together with Intel Security are necessary to provide the advanced security features across the mobile enterprise.

Our comments policy does not allow anonymous postings. Read the policy here


Samsung KNOX gets fit for government use in China, France

Along with the enterprise, mobile device and platform makers have always set their eyes on government certification and accreditation. For one, the public sector usually purchases devices in bulk or at least in groups, making them somewhat a lucrative customer. For another, an official thumbs up from governments boosts confidence in the brand. Samsung KNOX, the Korean OEM’s official mobile security platform, received just that not from one but two countries, in France and China. Naturally, Samsung is only too happy to boast about how secure KNOX and, by extension, its devices really are.

Samsung KNOX Workspace 2.3 is the specific version that underwent French and Chinese government scrutiny in this case. The devices that were used were the most recent Samsung flagships, the Galaxy S6 edge+ and the Galaxy Note 5. In essence, this means that both devices could be allowed for use by government employees and public sector workers in their official capacity as such.

Both France’s National Agency of Computer Security (ANSSI) and China’s Information Security Certification Center (ISCCC) gave their seal of approval for these two smartphones. The Chinese certification is probably an interesting one, as that particular government has very stringent security requirements, especially when it comes to the possibility of pilfering state secrets through devices from foreign companies.

Android enterprise security solutions have been on the rise lately, with manufacturers and Google itself pushing for more Android visibility in the workplace. Samsung KNOX has been the OEMs entry into that race, trying to wrest the crown away from enterprise darling BlackBerry while the latter was still down on the ground. The launch of the BlackBerry PRIV, the Canadian company’s first full Android smartphone, means, however, that it is still very much in the running and is ready to give its own spin on Android in the enterprise.

SOURCE: Samsung

ARA Networks Releases ‘SSL-Prism,’ an All-in-One SSL Visibility Appliance

SEOUL, South Korea–()–ARA Networks (www.aranetworks.com) launched ‘SSL-Prism (http://www.aranetworks.com/products/ssl_prism),’ an internet traffic decryption solution.

SSL-Prism is an all-in-one network visibility appliance designed to solve the rising security issues about encrypted traffic providing 1Gbps/10Gbps interface. This single-box product is optimized for the security of client-side enterprise with transparent connection processing, selective SSL decryption via all network ports, real-time DPI feature and fast decryption performance.

The key functions include decryption mirroring port and inline active port support, detection and filtering applications that allows bypass accesses, such as anonymizer, private certificate generation, management and automatic distribution, detailed report and analysis for encrypted network traffic, URL filtering including encrypted websites and SSL log management.

Most of all, SSL-Prism is available in five different models based on maximum SSL throughput and provides a decryption port to allow simple and easy integration with various network security appliances, such as DLP, IPS and IDS, without need for complex network device reconfiguration.

“The purpose of traffic encryption is to secure information privacy but it causes serious security problems by creating a big blind spot to existing network security appliances. Now we are seeing a sharp increase of malware and information leaks at workplace through encrypted traffic. It will become a big security issue for quite a long time,” said ARA Networks CEO Jae-hyuk Lee. “SSL-Prism offers the best features and performance in enterprise security solutions to allow the enterprise to deal with encrypted traffic issues and integrate with their existing network appliances. ARA networks is already cooperating with network security companies and strategic partners in Korea. We are expanding the marketing routes all over the world.”