Transforming any apps into self-defending apps
-
Upload
blueboxer2014 -
Category
Mobile
-
view
570 -
download
0
Transcript of Transforming any apps into self-defending apps
Transform Any Mobile Apps into Self-
Defending Apps
Sean Frazier, Sr Sales Engineer
March 31, 2015
Agenda
3
Security Risks in Mobility
Options for Securing Mobile Apps
How to Make Your Apps Self-Defending Apps
Live Demo
Application Level Risks
Insecure
Data on
device and in
transit
Reliance
on device,
OS or
MDM for
security
Reliance on
rational
user
behavior
Application Level Risks
75%Don’t use
proper
encryption
when storing
data on a
mobile device
97%Having access
to private data
without
appropriate
security
measures
75%Mobile Security
breaches by
2017 will be the
result of
exploiting
poorly
developed
mobile apps
Device Level Risks
Change of
device posture
by other apps
on deviceUncontrolled
OS versions
Undue focus
on
jailbreaking
and rooting
alone – what
about non-
root system
exploits?
Device Level Risks
52Vulnerabilitie
s patched in
iOS in 2014;
40% of those
were critical code exploits
24%Android devices
run the latest
KitKat 4.4
version
Change of
device posture
by other apps
on device
User Level RisksUser Level
Failure to
report lost or
stolen devices
Mobile
devices
connect to
more public
hotspots and
unknown
servers than
laptops
Basic device-
level
protection like
password and
encryption
turned off
User Level RisksUser Level
34%Take no
security
measures at all
26Number of
apps the
average mobile
user has
downloaded
113Number of
smart phones
lost every
MINUTE in the
U.S.
Securing Mobile Apps
Option 1: MDM
12
Enroll users to MDM
Distribute MDM profile
Enforce device-level passcode
and encryption
Distribute apps via
Enterprise App Catalog
Needs to be enabled for
the entire device
Requires profiles to be
installed on device – including
BYOD. Users rejecting due to
privacy concerns
Hard to scale for external
vendors and customers
Drawbacks:
Securing Mobile Apps
Option 2: Containerization
13
Implemented via SDK or App
Wrapping
App developer involvement
Covers Email, PIM and Browsers
as well
Substantial developer
involvement required
Unstable first gen
technologies
Non-native experience
results in low user adoption
Drawbacks:
Free developer time
from security
Focus on building
business logic
Developers
Business
Owner
Accelerate Time To
Market
Meet ever-
increasing user
demand for apps
Competitive
Advantage
Stay current with
mobile threats
Ensure compliance
Security
Mobile App Security Needs
14
What you really need
15
Easy, secure access to any app for any user on any device
Containerization of any app – on demand, instantly
Apps that assume they are at risk, ALWAYS, and defend
accordingly
Minimal management of updates across the mobile app lifecycle
Self-Defending Behavior
Bluebox Self-Defending Apps
Enterprise Controls
• Protect commercial or
custom apps in seconds
• Detect and defend against
mobile threats
• Respond quickly to keep
corporate data secure
Data Wrapping
Triple Layer Defense
16
1. Data Wrapping: The Unique Bluebox Approach
User
Data
App
Device
Network
OTHERS
▪ Data Security on Devices,
Apps and Network
▪ Support for ANY 3rd party or
internal apps
▪ Native app experience
▪ Clear separation of
personal and corporate
data
Bluebox Triple Layer Defense
1. Data Wrapping
17
Bluebox Triple Layer Defense
2. Enterprise Controls
▪ Per App VPN
▪ App eventing and logging
▪ Data sharing controls
▪ Data visibility and control
18
Bluebox Triple Layer Defense
3. Dynamic App Integrity for Self-Defending Behavior
19
Beyond Jailbreak and Root Detection
• Device Integrity
• Detection of sandbox security tampering
▪ App tampering detection
▪ Detection of tools used to reverse engineer apps
▪ Detection of hostile device environment, debuggers, hooks
▪ Checksum violations for tampering of Bluebox wrapper
▪ App tampering deterrents
▪ Honeypots, or traps, to mislead and deceive attackers
Web-based
Bluebox Admin Portal
(portal.bluebox.com)
Upload
your App
Apply Policies
and
Enterprise
Signing
Instantly
Assign Users
and Groups
Specify 3rd
Party Apps
to secure
How to Create Self-Defending Apps with Bluebox
20
Summary
21
Assume that your apps are perpetually at risk at all layers – Device, App and
User
Get beyond jailbreak and rooted detection!
Make your apps self-defending
Focus on the user – allow easy access to your apps on any device
Fortify your Apps – don’t just manage them
Bluebox User Enrollment
Proprietary and Confidential 22
▪ Easy 3-step process via
Bluebox App
▪ SAML 2.0, OAuth 2
(using Google as
provider) and ActiveSync
supported for user auth
▪ Elegantly off-board users
via SAML and SCIM