As organizations start to develop more robust mobile security policies and strategies, they're looking for mobile device management (MDM) functionality that goes above and beyond simple remote wipe and password management features. Last month's Black Hat conference in Las Vegas featured a number of talks on the subject, as well as mobile security products announced during and after the show. Here's a look at some of the releases, as well as the latest vulnerability management and forensics products:
Often, much of the MDM value-add is the context or overall product framework around which the particular device management functionality is built. In the case of BeyondTrust's PowerBroker Mobile, which was launched at Black Hat, that context is the PowerBroker vulnerability assessment portfolio, which the company picked up with its acquisition of eEye Digital. The new mobile component plays into PowerBroker's overall endpoint and vulnerability management platform by adding tablets and smartphones to the equation. PowerBroker Mobile offers provisioning and configuration management, plus policy management for VPNs, email, passwords, device encryption, remote locking, GPS tracking and (of course) remote wipe. It's all built into the same PowerBroker platform to add mobile devices to a company's governance, risk and compliance (GRC) policy and reporting workflow.
While a lot of attention has been generated around controlling devices through MDM, organizations must also start thinking about how to control the applications that run on those devices. Today's mobile app stores are now rife with both malicious applications and outwardly good apps that have troubling features that could compromise both user and corporate data. In fact, one figure from the Android Malware Genome Project at North Carolina State University went so far as to quantify that risk by claiming that 86% of Android malware exists as legitimate applications repackaged to include a malicious payload. At Black Hat, RSA introduced FraudAction Anti Rogue App Service to address the threat posed by unauthorized and malicious apps running on devices that access the corporate network. The service monitors app stores, both enterprise-run and publicly run, to find and shut down applications running malicious behavior. The service works with the hosting app store and the developer to keep users from downloading rogue apps.
Vulnerabilities and Advanced Threats
One of the biggest challenges in vulnerability management is knowing what assets IT has in order to decide what needs to be scanned for flaws in the first place. But discovery and inventory software agents on devices can be problematic in today's dynamic environments, with trends like BYOD and cloud adoption posing particularly thorny problems in the asset management process. Qualys has responded to the need with its new Dynamic Asset Tagging and Management product for its cloud platform to tag and inventory assets without needing to depend on agents. The product gives users the power to automate hierarchical organization of IT assets so they can be grouped by geography, line of business or technology type and organized into trees that show relationships between assets and various business units. This enables quick reporting and vulnerability scanning of assets for improved security and compliance reporting.
While not unveiled at the show proper, IBM rode the security wave out this past week with the introduction of a new intrusion prevention system. The IBM Security Network Protection XGS 5000 builds on its existing IPS platform by adding secure Web gateway features like URL monitoring and filtering; Web and application control and policy enforcement; and better integration with the security information and event management capabilities of the QRadar purchased with Big Blue's acquisition of Q1 Labs.
Forensics and Incident Response
These days, most forensics and IT incident response teams scrabble together best-of-breed collections to get their work done. It sometimes gives them the pick of the litter when it comes to functionality, but the lack of cohesion leaves gaps that can limit enterprisewide visibility and lengthen the amount of time it takes to find incidents, stop the bleeding, figure out what happened, and remediate the problems that lead to break-ins or theft.
Jockeying for position among a niche forensics market that includes heavyweight RSA NetWitness, AccessData claims to have the platform to solve that incident response gap by bringing together endpoint forensics, network forensics, data and e-discovery capabilities into one product. Version 2 of Cyber Intelligence & Response Technology adds a malware analysis technology to that mix. The idea is to give incident handlers the ability to correlate network and host analysis more quickly in order to prevent any future data leaks while identifying and triaging suspected malware involved in any attack. The added analysis functionality gives examiners the ability to determine behavior and intent of attackers without a sandbox or reliance on signature-based tools.