Patriot has been able to integrate multiple platforms to provide a holistic approach to Mobile Device Security Management. We can bring you mobile device visibility, awareness, compliance, authentication & authorization, mobile application security, and continuous monitoring, and can assist in establishing mobile policy and security architectures. Remember, there are no silver bullet solutions in mobile security—you need to integrate multiple platforms for holistic security.
Mobile Security: It’s All About the Data
With mobile computing on the rise, organizations are forced to address how to provide the best balance of convenience versus security. With mobile devices outstripping PC sales—last year, smartphone shipments surpassed PCs for the first time—it is clear users are opting for the convenience of these personal devices for business use.
Along with the increased number of mobile users is the alarming increase in mobile threats. Statistics range from a 125% to over 400% increase in malicious mobile malware over the past year. Data loss prevention is becoming more essential, especially as an increasing number of security breaches are being traced back to mobile devices.
Security professionals are now challenged with understanding all the new terms (BYOD, COPE, MDM, MAM, etc.) along with their respective nuances and, more importantly, how to secure and protect corporate assets in a mobile environment. Patriot assists organizations with this overwhelming task through our lifecycle approach to mobile device security management (MDSM). Regardless of the size of the organization, business vertical or stage you are with your mobile device solution—Patriot’s versatile solutions provide great value.
Most organizations are familiar with the concept of mobile device management (MDM). MDM is the core component of any mobile solution; however, in and of itself it is not a security solution. At Patriot we bridge the gap between MDM and MDSM—Mobile Device Security Management. We do this by integrating a range of mobile security components to provide a holistic solution. With customized integration each organization receives a solution that meets their unique environment while maintaining a positive end-user experience.
THE PATRIOT VALUE ADD
Patriot’s mobile solution brings together various technologies appropriate to the needs of the customer. As an example, we are able to integrate three primary mobile device platforms, such as MDM, network access control (NAC) and mobile device detection/contextual awareness. These three technologies address the who, what and where of mobile devices as well as give visibility and control of the data down to each and every enrolled device. Patriot can then integrate a variety of other security and visibility capabilities, such as identity and access management (IAM), intrusion detection and prevention systems (IDPS), mobile application security, and file security—specific to organizational requirements and network architecture. To complete the solution, we are able to integrate enterprise security capabilities to ensure organization-wide protection.
Patriot’s holistic MDSM solution addresses all the important components of mobile device security, such as:
- Automatic detection of any mobile device via cellular or WiFi
- Automatic enrollment/provisioning of employee-owned devices
- Network access control policy enforcement
- Device management and policy enforcement
- Identity and access management: multi-factor authentication using smartcards and PKI
- Contextual awareness
- Automatic malware detection & remediation
- Mobile app control & behavioral analysis
- Integrated visibility with network management tools (SEIM, GRC, etc.)
- Data integrity/encryption
- Data loss prevention (DLP)
As with any solution, there is no silver bullet and organizations will often need to use a combination of mobile products to address enterprise security concerns. Patriot provides best-of-breed products along with integration capabilities to deliver a customized solution for your environment that meets security requirements and ensures a positive end user experience.
PATRIOT’S MDSM INTEGRATED SOLUTION PARTNERS
Having the ability to identify, monitor and manage mobile devices on wireless and cellular networks within your facility is key to controlling unauthorized devices. Through contextual security you can determine specific device compliance with security policies and actively enforce policies by limiting or modifying a device’s capabilities while it is within a secured zone.
Network Access Control
Provides you with the real-time visibility and control over smartphones, tablets and mobile PCs on your network. With a NAC solution, users can enjoy the productivity benefits of mobile computing devices while you keep the network safe from data loss and malicious threats.
Identity and Access Management
Leveraging existing identity and access credentials allows mobile users the ability to access secure information, emails, VPNs, etc. anywhere. Patriot offers a variety of identity solutions that range from multi-factor authentication to derived credentials that take advantage of existing infrastructure.
Leveraging mobile application scanning allows organizations to reach a balance between productivity and the security of sensitive data on the device and internal networks. With over 730 different behavioral and malware activity checks, apps available through public and enterprise stores can be thoroughly analyzed and scored based upon perceived risk prior to downloading—allowing for effective black and whitelisting.
Integrated Network Visibility and SEIM
Effective mobile security requires real-time visibility. Providing organizations with true, real-time situational awareness and the speed required to identify critical threats, respond intelligently, and ensure continuous compliance and threat monitoring is key for an enterprise environment. Security teams now have simple access to real-time, risk relevant information to obtain a stronger security posture while shortening response time.
Mobile Device Management
MaaS360 answers the BYOD challenge with an easy-to-use platform that lets IT instantly start managing personal devices, without compromising the user experience, security or privacy. MaaS360 provides flexible approaches for enrollment, asset management, policy enforcement and the distribution of profiles, apps and docs, all based on device ownership whether corporate- or employee-owned.
The ability to easily access and share documents is a must if mobile users are to be productive. However—providing such access can lead to data leaks and file security breaches. By embedding security directly into the files IT can now manage documents even if they reside outside of their network control – thus adding security without complicating access.
Virtual Desktop Infrastructure
The most secure way to allow users to access corporate data and applications via their mobile devices is through virtual desktop infrastructure (VDI). The mobile device basically serves as a monitor since all of the processes are running in the backend server environment. This allows IT to control the policies and infrastructure while not having to worry about the security of the individual device.
THE WHO, WHAT, WHERE OF MOBILE SECURITY
Who: as with any device there must be a way for a user to authenticate—this can be achieved with a simple user name and password or a more sophisticated (and secure) two-factor authentication using PKI credentials or biometric aspects. Once a user has been authenticated, the appropriate policy and network access levels can then be applied.
What: it is extremely important to understand what type of device, operating system and version of operating system that is being used. Certain operating system versions are inherently more vulnerable than others. Further, devices that have been “jailbroken” or “rooted” pose further threats.
Where: this is one of the most challenging components of an MDSM solution. Policies must account for a device’s location—called contextual awareness—which allows an organization to set policies based on where their devices are located (e.g., corporate boardroom, SCIF) and from where they are accessing the network (e.g., on premises or Starbucks).