i7 networks - presentation at zensar #techshowcase - an ispirt productnation initiative
DESCRIPTION
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation initiative. Started in June 2012; they work on the space of BYOD security; Their sweet spot is 100% Agentless device discovery, fingerprinting and health-check and then denying infected/malicious devices from connecting to corporate network.TRANSCRIPT
Copyright i7 Networks, i7nw.com
Welcome to “Me” Enterprise
How BYOD has changed the security map and how “Peregrine 7” helps tackle it?
Copyright i7 Networks, i7nw.com
Manjunath M GowdaCEO, i7 NetworksBangalore, India
manju_s7in/manjunathgowda/
WHY BYOD matters?
Copyright i7 Networks, i7nw.com
• 90% of enterprises will use personal devices in Enterprise by 2014 - Gartner
• 20% Savings: CISCO claimed due to BYOD & declared: “We don’t pay for it, and our users are happier.”
• Survey: Enterprises that don't support BYOD are at competitive disadvantage
Copyright i7 Networks, i7nw.com
So what is stopping them?
Copyright i7 Networks, i7nw.com
75% CIOs said Compliance & Security biggest challenge in allowing BYOD
Copyright i7 Networks, i7nw.com
DARK READING – July 2013
Copyright i7 Networks, i7nw.com
Copyright i7 Networks, i7nw.com
62% - Loss of a device that has Sensitive Data – (MDMs solve this)
61% - An infected personal device connecting to the Corporate Network
Business overview
Copyright i7 Networks, i7nw.com
79% business had a mobile incident last year alone – Checkpoint
600%+ growth in mobile malware in last 2 years
20 Mn+ devices jailbroken in just two months (Jan 2013)
18 Mn infected Android devices by end of 2013
71% mobile devices have OS / application vulnerabilities
Copyright i7 Networks, i7nw.com
$500K+ cost per such incident
$1.5Mn cost per such settlement
Copyright i7 Networks, i7nw.com
Why traditional tools can’t help here?
Copyright i7 Networks, i7nw.com
• Perimeter security and not for inside-inside or inside-out threats
• Used to IT-owned devices and not personal devices (agented)
• Used to take care of outside2inside threats
Copyright i7 Networks, i7nw.com
So what tools do exist to solve it?
Copyright i7 Networks, i7nw.com
15 Copyright i7 Networks, i7nw.com
MDMs, EPPAirwatch, MobileIron, Zenprise
MAMsBitzer, IBM, SAP, Good
MDPsAT&T toggle, Divide,
VMware
MNACi7Networks
Device level
network
Mobile Security Tools Quadrant
Server side
Our value proposition
Copyright i7 Networks, i7nw.com
“We protect your network from malicious/infected BYODs”
Copyright i7 Networks, i7nw.com
“We Protect the Enterprise Network” by
-Detect & Fingerprint1 all personal devices
-Prevent the malicious devices from connecting
-100% Agentless (Zero-touch)
-Zero-Latency Deployment
-Provide detailed Compliance Reports
“To Know & To Protect”
1 Secure detection & fingerprinting (US patent pending)
Copyright i7 Networks, i7nw.com
• Name
• Screen caps
• Demo
PeregrineGuardTM
i7 Networks; i7 Confidential
Not just phones,we support all wireless devices.
Continuous Monitoring
Complete Visibility Complete Visibility
Endpoint Authentication Endpoint Authentication
Vulnerability and malicious assessment
Vulnerability and malicious assessment
Granular policy enforcement
Granular policy enforcement
Compliance ReportingCompliance Reporting
Entry Verification – Corporate Wi-Fi or
VPN?
Entry Verification – Corporate Wi-Fi or
VPN?
Allow
Deny
Compromised /Jailbroken/ Unauthorized/Unmanaged
check
Compromised /Jailbroken/ Unauthorized/Unmanaged
check
Deny
Deny
Personal Devices
the questions we answer
Copyright i7 Networks, i7nw.com
Copyright i7 Networks, i7nw.com
• What devices are getting into the corporate network?
• Who do they belong to?• Are they infected? • Are they compromised or malicious?• How vulnerable are they?• What are they accessing?• What apps* are they running?• Can I control the access?• Can I get Compliance audit reports?
How do you deploy?
Copyright i7 Networks, i7nw.com
• 100% agentless and non-intrusive – Zero Touch
• Complete off-line deployment – Zero-Latency
• Just ONE probe* in the network
• Supports: Corporate Wi-Fi/ Public Wi-Fi/3G/4G/LTE
Deployment
i7 Networks; i7 Confidential
- Microsoft AD, RADIUS and LDAP
- Microsoft Exchange
- Maas 360 MDM
- Microsoft System Center*
- IBM Tivoli*
- Cisco/Juniper and Fortinet VPN
- Snort IDS
- CVE database
Integrates with
Why “Agentless” is Sweet?
Copyright i7 Networks, i7nw.com
14 different OS types & growing; Add versions and models5
45% enterprises have more than 5 times as many BYOD as they had 2 years ago3
3.5 – Average number of devices per Employee
42% - Average churn of devices per year among enterprise employees
< 10% enterprises aware of all mobile devices accessing their network & servers3
27% of devices are ‘approved’ by the company6
Copyright i7 Networks, i7nw.com
So what’s unique?
Copyright i7 Networks, i7nw.com
4A (Attributes)
Discovery & FingerprintingHealth CheckDiscover Apps on the wire*,Policy Enforcement
4A (Attributes)
Discovery & FingerprintingHealth CheckDiscover Apps on the wire*,Policy Enforcement
4D (Deployments)
100% Agentless (Zero-touch), ZERO-Latency SINGLE Probe,Wi-Fi/3G/4G/LTE
4D (Deployments)
100% Agentless (Zero-touch), ZERO-Latency SINGLE Probe,Wi-Fi/3G/4G/LTE
4T (Threat-Protections)
Malicious & Intrusion PreventionZero-day Attack Prevention*,Vulnerability CheckCheck of anti-malware s/w
4T (Threat-Protections)
Malicious & Intrusion PreventionZero-day Attack Prevention*,Vulnerability CheckCheck of anti-malware s/w
4K (Keywords)
100% AgentlessPatent-Pending AlgorithmsDetailed FingerprintingZero-Latency
4K (Keywords)
100% AgentlessPatent-Pending AlgorithmsDetailed FingerprintingZero-Latency
Available as : Appliance / Virtual Appliance
Available as : Appliance / Virtual Appliance
What is that you do MDM cannot?
Copyright i7 Networks, i7nw.com
oCannot do Discovery and fingerprint of all devices Authorized
Unauthorized
Unmanaged
Non-mobile devices like e-Readers, Wi-Fi watches, Gaming devices, Healthcare devices etc.
Copyright i7 Networks, i7nw.com
oMalware detection via signature is only 28%; Cannot catch malicious traffic @ network layer (not even at device layer)
oCannot do Access control based on device attributes
oCannot enforce different access rules for different departments/ LoBsCopyright i7 Networks, i7nw.com
oHot-spotting/Mac-spoofing cannot be detected
oFails where you are not allowed to install a client on the device due to privacy or compliance
oNot dynamic (need to stop iOS6.1?)
Copyright i7 Networks, i7nw.com
How different are you from a traditional nac?
Copyright i7 Networks, i7nw.com
Support all: Wi-Fi & 3G/4G/LTE 100% Zero Touch (agentless) Zero Latency (offline) (still we control) Just ONE probe Fits into any network infrastructure
Support all: Wi-Fi & 3G/4G/LTE 100% Zero Touch (agentless) Zero Latency (offline) (still we control) Just ONE probe Fits into any network infrastructure
US Patent-pending fingerprinting algorithm
Mac-spoofing/Hot spotting DVItm (Device Vulnerability Index) Detecting apps on the wire (dropbox)
US Patent-pending fingerprinting algorithm
Mac-spoofing/Hot spotting DVItm (Device Vulnerability Index) Detecting apps on the wire (dropbox)
Completely focused on BYOD Security
Completely focused on BYOD Security
Product Road Map?
Copyright i7 Networks, i7nw.com
• Recognition of all Apps on the Wire• Detection of EPP (End Point Protection)
tools• Chaining of P7s• Integrations into System Center and Tivoli• Integrations into MDMs• mNAC in the cloud to detect cloud access
Copyright i7 Networks, i7nw.com
The TEAM
Copyright i7 Networks, i7nw.com
JeffHunter
Evangelist
PeterGilsonCTO
FirstLastCFO
JackFranklin
CMO
HeatherAdlerCEO
Investors & Advisors
1st venture: $8.4M by Bluecoat (2010)Team together for second timeStarted June 12’ Product start Jan 13’