Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Safely Enabling Mobile Devices

advertisement 
Safely Enabling Mobile Devices with
GlobalProtect
Unlocking The Potential of Mobile Depends On Security
Benefits to Business
Running Your
Business on
Mobile Devices
Accessing
Business Apps
Intranet
Email
Mobile Maturity
•2 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Existing Approaches for Mobile Security Don’t Work
Approach
Exposure to Risk
Block mobile devices
People will still use mobile devices, except
without your control
Hope existing security
protects mobile
devices
Don’t know if existing measures will be effective
for mobile devices
Use basic mobile
security like
ActiveSync
Doesn’t address mobile threats and won’t secure
apps and data
•3 | ©2014, Palo Alto Networks. Confidential and Proprietary.
New approach to safely enabling mobile devices
Manage the Device
Protect the Device
Control the Data
Ensure devices are safely
enabled while simplifying
deployment & setup
• Ensure proper settings
in place, such as
strong passcodes and
encryption
• Simplify provisioning of
common configuration
like email and
certificates
Protect the mobile device
from exploits and
malware
• Protecting the device
from infection also
protects confidential
data and unauthorized
network access
Control access to data
and movement of
between applications
• Control access by app,
user, and device state
• Extend data movement
controls to the device
to ensure data stays
within “business apps”
•4 | ©2014, Palo Alto Networks. Confidential and Proprietary.
GlobalProtect Mobile Security Solution
GlobalProtect Mobile
Security Manager
GlobalProtect Gateway
Delivers mobile threat
prevention and policy
enforcement based on apps,
users, content and device
state
Provides device
management, malware
detection, and device state
GlobalProtect App
Enables device management,
provides device state information,
and establishes secure
connectivity
•5 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Manage The Device
GlobalProtect Mobile
Security Manager
Manage device settings
•
Enforce security settings such as passcode
•
Restricts device functions such as camera
•
Configure accounts such as email, VPN,
Wi-Fi settings
Understand device state
•
Monitor and report device state for policy
enforcement, such as:
•
Whitelisted / blacklisted apps
•
Rooted / jailbroken
Perform key operations
•
Ex: lock, unlock, wipe, send a message
Detect Android Malware
•
GlobalProtect App
6 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Detect and react to the presence of malware
Protect The Device
Consistent security everywhere
GlobalProtect Gateway
•
IPsec/SSL VPN connection to a purpose
built next generation security platform for
policy enforcement regardless of the
device location
Mobile threat prevention
Threats
GlobalProtect App
7 | ©2014, Palo Alto Networks. Confidential and Proprietary.
•
Vulnerability (IPS) and malware (AV)
protection for mobile threats
•
URL filtering for protection against
malicious websites
•
WildFire static and dynamic analysis for
advanced mobile threats
Control The Data
Applications and Data
GlobalProtect Gateway
Control access to applications and
data
•
Granular policy determines which
users and devices can access sensitive
applications and data
•
Policy criteria based on application,
user, content, device, and device state
for control and visibility
•
•
Identify device types such as iOS,
Android, Windows, Mac devices
•
Identify device ownership such as
personal (BYOD) or corporate
issued
•
Identify device states such as
rooted/jailbroken
File blocking based on content and
content type
Control data movement between
apps on the device
•
GlobalProtect App
8 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Solution provides the foundation for
future developments in data protection
How the integrated solution works
GlobalProtect Mobile Security Manager pricing &
availability

Mobile Security Manager runs on the new GP-100 appliance

GP-100 appliance comes with support for up to 500 mobile devices

Additional capacity licenses (perpetual) to support additional devices
 1K, 2K, 5K, 10K, 25K, 50K, and 100k

WildFire subscription (optional add-on) for Android malware detection
 Price varies based on underlying capacity license

Orders and shipments expected February 2014

GP-100 is not designed to be sold as a stand alone product


Requires other GlobalProtect components for full functionality
(app, portal, gateway)
Learn more

New materials – public site and partner center
10 | ©2014, Palo Alto Networks. Confidential and Proprietary.
System Setup
Configure Portal to enable GP-100
Configure Gateway to receive mobile hip
Setup GP-100 - Quickly talk about Quick Start Guide to get the
device up and running
GlobalProtect Portal Setup
•Page 12 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Mobile Security Manager Setup on Gateway
•Page 13 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Mobile Security Manager Setup
•Page 14 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Mobile Security Manager Features
Demo
Dashboard - Widgets
Monitor – MDM Logs, HIP Match Logs, Reports, Custom Reports
Devices – Filters, Actions, Import
Policy – iOS and Android Configurations, HIP Objects, Policies , Notifications
Dashboard - Widgets
•Page 16 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Monitor – MDM Logs, HIP Match Logs, Reports, Custom
Reports
•Page 17 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Devices – Filters, Actions, Import
•Page 18 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Policy – iOS and Android Configurations, HIP Objects,
Policies
•Page 19 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Wildfire Integration
Malware signatures from Wildfire – daily content update on GP-100
GlobalProtect App send the list of installed apps to GP-100
GP-100 will detect if the apps contain Malware
Gateway via HIP report learns about devices that contain Malware
GP-100 and Gateway can react to presence of Android malware and
enforce policy.
Setup – Dynamic Updates
•Page 21 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Gateway- Mobile Device HIP Demo
Mobile Device HIP Object Creation
View Mobile Device HIP report
Mobile Security Policy to control access to an application
Gateway – Mobile HIP Object for use in Security Policy
•Page 23 | © 2013 Palo Alto Networks. Proprietary and Confidential.
Mobile Device HIP View from
Panorama
Configure HIP Match Log forwarding on the gateway to view
from panorama
End User Experience Demo
App install from Play/App Store
Connect to portal
Complete enrollment (iOS and Android)
Device configured automatically (iOS)
Mobile Security Landscape
Mobile Security Manager vs. Leading MDM Vendors
Common Features
Features Other MDM has
slightly more Options
Features we don’t
support but other MDMs
do
Features we do better
than other MDMs
Features
GlobalProtect MDM
Leading MDM Vendors
Device management
Set Passcode, VPN, Wi-fi, certs,
email, web clips, Disable Camera etc
Same
Reporting and dashboards
Yes
Yes
Mobile OS Support
iOS, Android
iOS, Android(+ Samsung Safe),
Windows Phone, Blackberry
Device Actions
Lock, Wipe, Message
Same + some Selective Wipe
Deployment Option
On-Premise appliance
On-Premise, Cloud/Hosted
End-user self service portal
No (target next year)
Yes
Enterprise app store & App
Management
No (target next year)
Yes
Data Protection/DLP on devices
No (target next year)
Various approaches – App/Document
Containers, App Wrapping, Email
Control etc.
Roaming management & reporting
No
Yes
Max # devices supported
100,000
Don’t Know; Cloud may scale but onpremise most likely not
Management Features
Role based Admin, logging, Syslog,
Directory Integration, SNMP etc.
Yes but potentially not fully baked
Malware detection
Yes
No , some soft claims
Automated device policy based on
device state
Yes
limited
Integration with VPN/Firewall for
Granular security policy based on
device state
Yes
Active Sync Connectors to block
email access
Why Palo Alto Networks for Mobile Security
Integrates the necessary technologies –
VPN, policy, threat prevention, management
Uniquely capable of protecting the device by
leveraging WildFire, IPS, and app policy
Rich security platform that can protect all
traffic, devices, applications and data – in
the network
28 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Related documents
Secureworld_2014_Malware
Secureworld_2014_Malware
VM-Series Enhancements - Exclusive Networks Netherlands
VM-Series Enhancements - Exclusive Networks Netherlands
Government Outreach APP
Government Outreach APP
1.-CANTO-PANW
1.-CANTO-PANW
Palo Alto Networks
Palo Alto Networks
Ryan Olson Director of Threat Intelligence October, 2014
Ryan Olson Director of Threat Intelligence October, 2014
Health Exchange Subsidy Calculator
Health Exchange Subsidy Calculator
Networking, policy, management, reporting
Networking, policy, management, reporting
About Palo Alto Networks
About Palo Alto Networks
NtregaBusinessPlanExpress 1.1 MB
NtregaBusinessPlanExpress 1.1 MB
GLOBALPROTECT - Palo Alto Networks
GLOBALPROTECT - Palo Alto Networks
Seculert - Security Innovation Network
Seculert - Security Innovation Network
Aveline Estié
Aveline Estié
Juniper Migration Webinar
Juniper Migration Webinar
Lists_PM_Presentation_Conference_2014
Lists_PM_Presentation_Conference_2014
2007-2010 Widescreen Template
2007-2010 Widescreen Template
GlobalProtect Product Presentation
GlobalProtect Product Presentation
Palo Alto Networks Next
Palo Alto Networks Next
drive - Exclusive Networks
drive - Exclusive Networks
Palo Alto Networks
Palo Alto Networks
Palo Alto Networks
Palo Alto Networks
Download
advertisement