is your business secure from the latest mobile threats? a look at the trends and risks for the first...
DESCRIPTION
Social media has become a top target for attacks and mobile devices are expanding that target. Join us as we take a look back at the first half of 2013, and examine what tactics are being implemented by attackers and are likely to challenge your enterprise in 2014.TRANSCRIPT
© 2012 IBM Corporation
IBM Security Systems
11© 2013 IBM Corporation
Mobile Security: Is your business secure from the latest threats? A look at the trends and risks for the first half of 2013
Caleb Barlow’s discussion with Robert Freeman
November 6, 2013
© 2013 IBM Corporation2 IBM Security2 IBM Security
X-Force is the foundation for advanced security and threat research across the IBM Security Framework
The mission of X-Force is to:
Monitor and evaluate the rapidly changing threat landscape
Research new attack techniques and develop protection for tomorrow’s security challenges
Educate our customers and the general public
The mission of X-Force is to:
Monitor and evaluate the rapidly changing threat landscape
Research new attack techniques and develop protection for tomorrow’s security challenges
Educate our customers and the general public
© 2013 IBM Corporation3 IBM Security3 IBM Security
Collaborative IBM teams monitor and analyze the changing threat landscape
CoverageCoverage
20,000+ devices under contract
3,700+ managed clients worldwide
15B+ events managed per day
133 monitored countries (MSS)
1,000+ security related patents
DepthDepth
20B analyzed web pages & images
40M spam & phishing attacks
76K documented vulnerabilities
Billions of intrusion attempts daily
Millions of unique malware samples
© 2013 IBM Corporation4 IBM Security4 IBM Security
Security Incidents in the first half of
© 2013 IBM Corporation5 IBM Security5 IBM Security
Viable targets with strong intent related to specific organizations
ROI: Malware authors are investing more effort into malware that are more resilient and dangerous
Explosive market growth for Android gets attention of malware authors
wherever you go, attackers will follow
© 2013 IBM Corporation6 IBM Security6 IBM Security
ChuliVery targeted attack
-Compromised address book-Emails sent to targets-Hooks into Android’s SMS service-Messages routed to remote C&C server
ObadSpread primarily through SMS spam
-Spreading through Bluetooth-Device Administration-Anti-analysis techniques-Code obfuscation
Advances in Android Malware
© 2013 IBM Corporation7 IBM Security7 IBM Security
Degree of sophisticationfor this malware will eventually rival those found in desktop malware
X-Force expects the number of Android Malware applications to continue rising
Android Security EnhancementsOlder devices more at risk with only 6% running latest version
Mobile operating system (OS) fragmentation will remain a problem
© 2013 IBM Corporation8 IBM Security8 IBM Security
has become a new playground for attackers
Social Media top target for attacks and mobile devices are expanding those targets
-Pre-attack intelligence gathering
-Criminals selling accounts
-Campaigns enticing user to click on malicious links
© 2013 IBM Corporation9 IBM Security9 IBM Security
Security professionals should understand how attackers are taking advantage of trust in relationships to:
- Breach an organization
- Target groupsof users
- Create methods of diversion
© 2013 IBM Corporation10 IBM Security10 IBM Security
Trusteer expands IBM’s capabilities
© 2013 IBM Corporation11 IBM Security11 IBM Security
IBM’s NEW appliance-based solution – ISAM for Mobile
Mobile Security Compliance
Mobile Identity Assurance
Mobile Access Management
* Available as virtual or hardware appliance
Low TCO, Fast TTV and Highly Scalable
• Deliver Mobile SSO and session management for secure employee and consumer user access to mobile and web apps
• Enforce context-aware access with mobile device fingerprinting, geo-location awareness and IP Reputation
• Improve Identity Assurance using built-in mobile authentication service and OTP use
• Secure Mobile App deployment with IBM WorkLight & QRadar security intelligence Integration
• Reduce TCO and time to value with an “all-in-one” access appliance in a virtual & hardware form factors
Implement secure mobile user access with the new ISAM for Mobile
Solution HighlightsSolution Highlights
IBM Security Access Manager for Mobile
© 2013 IBM Corporation12 IBM Security12 IBM Security
Optimize ahead of Attackersidentify critical assets, analyze behavior, spot anomalies
Defragment your Mobile postureconstantly apply updates and review BYOD policies
Social Defense needs Socializationeducate users and engender suspicion
Don’t forget the basicsscanning, patching, configurations, passwords
Key takeaways for enterprises embracing Mobile Technology
© 2012 IBM Corporation
IBM Security Systems
1313
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.