Safely Enabling Mobile Devices
advertisement
Safely Enabling Mobile Devices with GlobalProtect Unlocking The Potential of Mobile Depends On Security Benefits to Business Running Your Business on Mobile Devices Accessing Business Apps Intranet Email Mobile Maturity •2 | ©2014, Palo Alto Networks. Confidential and Proprietary. Existing Approaches for Mobile Security Don’t Work Approach Exposure to Risk Block mobile devices People will still use mobile devices, except without your control Hope existing security protects mobile devices Don’t know if existing measures will be effective for mobile devices Use basic mobile security like ActiveSync Doesn’t address mobile threats and won’t secure apps and data •3 | ©2014, Palo Alto Networks. Confidential and Proprietary. New approach to safely enabling mobile devices Manage the Device Protect the Device Control the Data Ensure devices are safely enabled while simplifying deployment & setup • Ensure proper settings in place, such as strong passcodes and encryption • Simplify provisioning of common configuration like email and certificates Protect the mobile device from exploits and malware • Protecting the device from infection also protects confidential data and unauthorized network access Control access to data and movement of between applications • Control access by app, user, and device state • Extend data movement controls to the device to ensure data stays within “business apps” •4 | ©2014, Palo Alto Networks. Confidential and Proprietary. GlobalProtect Mobile Security Solution GlobalProtect Mobile Security Manager GlobalProtect Gateway Delivers mobile threat prevention and policy enforcement based on apps, users, content and device state Provides device management, malware detection, and device state GlobalProtect App Enables device management, provides device state information, and establishes secure connectivity •5 | ©2014, Palo Alto Networks. Confidential and Proprietary. Manage The Device GlobalProtect Mobile Security Manager Manage device settings • Enforce security settings such as passcode • Restricts device functions such as camera • Configure accounts such as email, VPN, Wi-Fi settings Understand device state • Monitor and report device state for policy enforcement, such as: • Whitelisted / blacklisted apps • Rooted / jailbroken Perform key operations • Ex: lock, unlock, wipe, send a message Detect Android Malware • GlobalProtect App 6 | ©2014, Palo Alto Networks. Confidential and Proprietary. Detect and react to the presence of malware Protect The Device Consistent security everywhere GlobalProtect Gateway • IPsec/SSL VPN connection to a purpose built next generation security platform for policy enforcement regardless of the device location Mobile threat prevention Threats GlobalProtect App 7 | ©2014, Palo Alto Networks. Confidential and Proprietary. • Vulnerability (IPS) and malware (AV) protection for mobile threats • URL filtering for protection against malicious websites • WildFire static and dynamic analysis for advanced mobile threats Control The Data Applications and Data GlobalProtect Gateway Control access to applications and data • Granular policy determines which users and devices can access sensitive applications and data • Policy criteria based on application, user, content, device, and device state for control and visibility • • Identify device types such as iOS, Android, Windows, Mac devices • Identify device ownership such as personal (BYOD) or corporate issued • Identify device states such as rooted/jailbroken File blocking based on content and content type Control data movement between apps on the device • GlobalProtect App 8 | ©2014, Palo Alto Networks. Confidential and Proprietary. Solution provides the foundation for future developments in data protection How the integrated solution works GlobalProtect Mobile Security Manager pricing & availability Mobile Security Manager runs on the new GP-100 appliance GP-100 appliance comes with support for up to 500 mobile devices Additional capacity licenses (perpetual) to support additional devices 1K, 2K, 5K, 10K, 25K, 50K, and 100k WildFire subscription (optional add-on) for Android malware detection Price varies based on underlying capacity license Orders and shipments expected February 2014 GP-100 is not designed to be sold as a stand alone product Requires other GlobalProtect components for full functionality (app, portal, gateway) Learn more New materials – public site and partner center 10 | ©2014, Palo Alto Networks. Confidential and Proprietary. System Setup Configure Portal to enable GP-100 Configure Gateway to receive mobile hip Setup GP-100 - Quickly talk about Quick Start Guide to get the device up and running GlobalProtect Portal Setup •Page 12 | © 2013 Palo Alto Networks. Proprietary and Confidential. Mobile Security Manager Setup on Gateway •Page 13 | © 2013 Palo Alto Networks. Proprietary and Confidential. Mobile Security Manager Setup •Page 14 | © 2013 Palo Alto Networks. Proprietary and Confidential. Mobile Security Manager Features Demo Dashboard - Widgets Monitor – MDM Logs, HIP Match Logs, Reports, Custom Reports Devices – Filters, Actions, Import Policy – iOS and Android Configurations, HIP Objects, Policies , Notifications Dashboard - Widgets •Page 16 | © 2013 Palo Alto Networks. Proprietary and Confidential. Monitor – MDM Logs, HIP Match Logs, Reports, Custom Reports •Page 17 | © 2013 Palo Alto Networks. Proprietary and Confidential. Devices – Filters, Actions, Import •Page 18 | © 2013 Palo Alto Networks. Proprietary and Confidential. Policy – iOS and Android Configurations, HIP Objects, Policies •Page 19 | © 2013 Palo Alto Networks. Proprietary and Confidential. Wildfire Integration Malware signatures from Wildfire – daily content update on GP-100 GlobalProtect App send the list of installed apps to GP-100 GP-100 will detect if the apps contain Malware Gateway via HIP report learns about devices that contain Malware GP-100 and Gateway can react to presence of Android malware and enforce policy. Setup – Dynamic Updates •Page 21 | © 2013 Palo Alto Networks. Proprietary and Confidential. Gateway- Mobile Device HIP Demo Mobile Device HIP Object Creation View Mobile Device HIP report Mobile Security Policy to control access to an application Gateway – Mobile HIP Object for use in Security Policy •Page 23 | © 2013 Palo Alto Networks. Proprietary and Confidential. Mobile Device HIP View from Panorama Configure HIP Match Log forwarding on the gateway to view from panorama End User Experience Demo App install from Play/App Store Connect to portal Complete enrollment (iOS and Android) Device configured automatically (iOS) Mobile Security Landscape Mobile Security Manager vs. Leading MDM Vendors Common Features Features Other MDM has slightly more Options Features we don’t support but other MDMs do Features we do better than other MDMs Features GlobalProtect MDM Leading MDM Vendors Device management Set Passcode, VPN, Wi-fi, certs, email, web clips, Disable Camera etc Same Reporting and dashboards Yes Yes Mobile OS Support iOS, Android iOS, Android(+ Samsung Safe), Windows Phone, Blackberry Device Actions Lock, Wipe, Message Same + some Selective Wipe Deployment Option On-Premise appliance On-Premise, Cloud/Hosted End-user self service portal No (target next year) Yes Enterprise app store & App Management No (target next year) Yes Data Protection/DLP on devices No (target next year) Various approaches – App/Document Containers, App Wrapping, Email Control etc. Roaming management & reporting No Yes Max # devices supported 100,000 Don’t Know; Cloud may scale but onpremise most likely not Management Features Role based Admin, logging, Syslog, Directory Integration, SNMP etc. Yes but potentially not fully baked Malware detection Yes No , some soft claims Automated device policy based on device state Yes limited Integration with VPN/Firewall for Granular security policy based on device state Yes Active Sync Connectors to block email access Why Palo Alto Networks for Mobile Security Integrates the necessary technologies – VPN, policy, threat prevention, management Uniquely capable of protecting the device by leveraging WildFire, IPS, and app policy Rich security platform that can protect all traffic, devices, applications and data – in the network 28 | ©2014, Palo Alto Networks. Confidential and Proprietary.
