Next up: Securing Macs and Windows PCs

July 30, 2014 by

The workplace isn’t constrained by a single device in a single location. Your security shouldn’t be either.

That’s why Mojave Networks is extending mobile security to include Macs and Windows PCs. The same web security that we’ve always had for smartphones and tablets now can protect Macs and Windows PCs with threat detection, visibility into cloud apps, data loss prevention, URL filtering and robust analytics. These innovative solutions block more threats, reduce IT complexity and mitigate the risk of data loss.

Our cloud-based secure web gateway is simple to deploy, requires no hardware and saves on total ownership costs. So no matter where or how your employees access the network, you can gain visibility into network activity and control over devices for comprehensive security that keeps sensitive data safe.

Sign up now for early access to Mojave’s secure web gateway for Macs and Windows PCs.

Beta Landing Page

Mojave Connect – Real Time Event API

July 24, 2014 by

We often hear from customers who have existing Security Information and Event Management (SIEM) tools, like Splunk or QRadar, and wish to leverage those investments in combination with the unique data that we can provide. And for our own part, we believe that security vendors should interoperate seamlessly to best protect enterprise assets. Therefore, we have been hard at work on an enterprise-integration initiative, and are pleased to announce the general availability of our real-time event API: Mojave Connect.

With this API, customers gain full visibility into the events flowing through Mojave as they happen, including,

  • Network Activity — Source (IP, port, user agent), Destination (IP, port, URI), bytes transferred, protocol, network type (carrier, wifi), category, action (block, audit, allow), and more
  • Device Activity — Event type (lock, wipe, locate, diagnostics, app installation, etc.), severity (alert, warning, low), device (make, model), user

Mojave Connect

Customers can then store and analyze these events as suits their needs. For example, companies can collate network events happening on devices outside of the corporate network with events happening internally. Having a single, homogeneous corpus of all network activity across the enterprise will make it easier to find anomalies and threats, and having it all centralized will make it that much easier for IT to manage.

So how does it work?

Mojave Connect consists of two layers, each providing different opportunities for integration:

  • Mojave Connect SDK — The SDK (currently available for Java; other versions forthcoming) is a low-level library for consuming our real-time event streams. Customers with proprietary applications might want to use the SDK directly so that they can customize the interaction to best suit their needs.
  • Mojave Connect Agent — These are higher-level software agents that wrap the SDK and are deployed onsite to provide integration with a specific third-party application:
    • The Syslog Agent for Mojave Connect reads events from the event stream and logs them to the local syslog daemon.
    • The Spunk Agent for Mojave Connect is a Splunk add-in (soon to be published to the Splunk App marketplace) that lets you add Mojave streams to your enterprise data as seamlessly as any other data source.
    • Many more to come…

Contact us today to take the Mojave Connect API for a spin.

Special thanks to Josh Bandur for helping write this post and more importantly writing the API!

Survey: What does the future of cloud security look like?

July 17, 2014 by

Click Here

We’ve been thinking a lot about the future of cloud security lately. As workforces become more mobile, and work becomes anytime/any place/anywhere, companies have to think differently about securing their data and systems.

We want to get your feedback as we build the next-generation cloud security. Help shape our future product direction by sharing your thoughts in our two minute survey.

Stay tuned, we’ll share the results here on our blog!




[Webinar] “Beyond Permissions: The Truth Behind Mobile Application Risk ”

June 23, 2014 by

App Rep_webinar btns V3

Permission by proxy. That sounds pretty scary right?  It happens to any of us who use apps on our mobile devices, from official or unofficial sources. Simply by using an app, we grant permission to that app to access various areas of our mobile devices. Sometimes, those permissions are extended to data sharing with other applications via app-installed libraries.

Do you want to learn more about the hidden risks in your mobile apps? Join us on Wednesday, June 25 at 11:00 AM for our webinar, “Beyond Permissions: The Truth Behind Mobile Application Risk.”

Our presenter, product marketing manager Samer Baroudi, will discuss the hidden risks of your mobile apps and how to gain visibility into the apps installed on your organization’s corporate-owned and BYOD devices.

In this webinar you’ll learn:

  • Why app store apps have hidden risks
  • How to add visibility into the apps on your mobile devices
  • What data is collected by your apps and how it is shared

Webinar Details

Topic: Beyond Permissions: The Truth Behind Mobile Application Risk
DateJune 25
Time11:00 AM PST
RegisterSign up to attend

Register Now

 

Two Factor Authentication, Data Usage Alerts, and More!

June 17, 2014 by

We wanted to take a quick break from all of our hard work and give a quick update on some important new features.

Two Factor Authentication

In the wake of recent vulnerabilities like Heartbleed, we felt it was necessary to give our users additional security around their login credentials.  That’s why we recently implement two factor authentication which can now be enabled for any account by simply going to Settings -> Personal.

We chose the open TOTP standard as the underlying authentication method and made it simple enough to use that anyone can have it enabled for their account within a few minutes.

Mojave two factor auth

 

Data Usage Alerts

Another feature that customers have often requested is to receive alerts when users are approaching a certain amount of data usage.  This is ideal for companies that pay for data plans and want to ensure they remain within certain usage parameters to avoid expensive overage charges.

To enable, simply go to the Network settings within a policy and set the threshold of when you want to be alerted.  It’s as simple as that.

Data Usage Alert

 

Samsung Safe

Mojave now integrates with Samsung Safe allowing more granular controls of Safe devices including preventing factory reset, booting into safe mode, and better email configuration.

All of these features are immediately available so feel free to use them and keep providing your suggestions so we can keep improving the Mojave experience.

[Video] All About Mojave Networks in 90 seconds

June 11, 2014 by

Do you want to understand how to add control, visibility, and security to the mobile devices connected to your network? Check out our short video to find out how to secure your devices with our cloud-bases network security.

New Application Reputation Offering

June 6, 2014 by

This week, we unveiled a new application reputation feature to provide enterprises with detailed insight into the applications that are run on employee mobile devices. With this new feature, companies can analyze the data being collected, stored or transmitted from mobile applications, enabling them to discover the potential risk of applications and make informed policies to prevent compromises or data loss. See the press release for more details.

Ryan W. Smith, our lead threat engineer, explained the problem to Tim Wilson at Dark Reading: “When we first come into a customer site, most of them have no idea what apps their users have installed on their devices, or what their risk exposure might be. They are accepting a level of risk on their mobile devices that they would never accept on PCs.”

In SecurityWeek, Ryan was quoted as saying: “Some of the most significant risk factors affecting corporate employees and individual mobile users, such as data loss and PII collection, occur not by the application itself, but within mobile advertising libraries and other library components such as social media or analytic tools.”

From Network World: “Unfortunately, when you give permission to an app to access your private or sensitive data, you’re also giving access to each of the included libraries and their author(s), whether you know it or not. This is like entrusting your house keys to your teenage child for the weekend, only to have them immediately make copies for their friends, unbeknownst to you.”

As you can see in the graph below, the majority to apps contain third-party ad libraries. In fact, at least 78% of all applications downloaded by business users connect to either an ad network, social media API, or analytics API – putting their personal information and their company’s sensitive data at risk. More details about how mobile ad libraries create risks for enterprise data are available in Ryan’s blog post.

graphZoom2blog

Other news:

  • Mojave Networks Unveils New Application Reputation Offering, InfoSecurity Buzz
  • Mobile apps siphon off reams of data through excessive permissions, FierceMobileIT
  • Mobile Apps Leak Personal Information, Study Finds, SiliconBeat
  • Mojave Networks Application Reputation Feature Aims at BYOD, eWeek

Mobile Ad Libraries Create Major Risk for Enterprise Data

June 2, 2014 by

Every day at Mojave Threat Labs, our research team analyzes thousands of mobile apps using more than 200 individual risk factors. One of the key risk factors that we track is private data or personally identifiable information (PII) that is collected and sent to remote web APIs. This may include the user’s name, phone number, email address, location, applications they have installed, phone call history, contact list, and much more. On average, corporate employees and mobile users have around 200 applications on their mobile devices, including all of the pre-installed apps like the address book and camera. Each application has an average of nine permissions that users agree to before using the app – things like permission to access your address book or your location in order to tell you about what’s nearby. With so many applications requesting access to private or sensitive information, it’s often difficult for users, let alone IT administrators, to fully understand who’s accessing their data, where it’s being sent, and how it will be used.

 

Why You Shouldn’t Blindly Trust Mobile Advertising Libraries

Some of the most significant risk factors affecting corporate employees and individual mobile users, such as data loss and PII collection, occur not by the application itself, but within mobile advertising libraries and other library components such as social media or analytic tools. These libraries are large packages of code written by a third party, which the developer includes in their mobile app to help them add standard functionality. In this case the developer may use the libraries to collect ad revenues, track user statistics, or integrate with social media APIs. There are thousands of such libraries available to mobile app developers, each with varying reputations, and developers will often include their code with little or no review. Although many of these libraries refrain from collecting PII and have sensible privacy policies, not all libraries are so reputable, and for most users it’s impossible to know which ad library is included in a particular app.

Unfortunately, when you give permission to an app to access your private or sensitive data, you’re also giving access to each of the included libraries and their author(s), whether you know it or not. This is like entrusting your house keys to your teenage child for the weekend, only to have them immediately make copies for their friends, unbeknownst to you. This indirection and lack of transparency leads to a lack of accountability for the apps’ included subcomponents and precludes IT administrators from making adequately informed risk decisions.

To show the prevalence of such third party libraries, Mojave Threat Labs analyzed more than 11 million URLs that our customers’ installed apps have connected to. We then further broke the URLs into categories based on whether they connected to ad networks, social media, and analytics APIs. When we analyzed all of the apps downloaded by our customers, we found that:

  • Business users connect to at least as many data gathering libraries as consumer users, and in some cases more, leaving enterprises at risk for sensitive data loss;
  • Some of the top ad libraries such as AdMob, AirPush and Flurry leak private information such as which mobile apps you have downloaded onto your phone, precise geo-location data including your zip code, your device ID number, web browsing history and more;
  • 65% of applications downloaded by business users connect to an ad network;
  • 40% of applications downloaded by business users connect to a social network API;
  • At least 78% of all applications downloaded by business users connect to either an ad network, social media API, or analytics API.

Not surprisingly, the top domains in both categories belong to the top ad libraries (AdMob, Airpush, Flurry, MillenialMedia) as well as social media (Facebook, Twitter, LinkedIn, Google+). Not far behind in the top 50 are data sharing APIs like DropBox.

graphZoom2blog

A graph of the connections made by mobile apps, gravitating towards the most highly connected domains in the center ( Click to view full size )

For example of the types of data collected by these libraries, we examined one of the top URLs in our database, Airpush. The type of data exposed included:

  • Android ID
  • Advertiser ID
  • Device make and model
  • Mobile web browser type and version
  • IP address
  • Airpush-generated ID
  • Application name
  • A list of mobile applications installed on your device (opt out option)
  • “other technical data about your device”

In accordance with your permission, Airpush may also collect:

  • precise geo-location
  • browser history (opt out option)
  • country
  • zip code
  • device IDs (including IMEI, device serial number and MAC address)
  • encrypted values of your email address (opt out option)

The bottom line is that you may trust the author of a particular app, but you may not even know the authors of the components (libraries) which are gathering the most information about you. In almost all cases, a user is bound by the library’s data policies simply by downloading and installing an app which includes it, without ever getting a chance to review the policy details.

 

Enterprise Risk vs. Consumer Risk: Enterprises Beware

Although it wasn’t a surprise that most applications connect to an ad network, it is notable that the breakdown between apps installed by business users and apps installed by individual (consumer) users were nearly the same. Some other interesting findings include:

  • Apps installed by business users were at least 10% more likely to connect to social media APIs.
  • Apps installed by business users (vs. consumers) were just as likely to include libraries which exposed them to PII, personal or corporate data loss risk.

The table below compares the top URLs from applications on business user devices (right) and consumer devices (left). The table shows that there’s not a huge distinction between business users and consumer users when it comes to the top ad libraries, social medial libraries and other libraries which affect data privacy – enterprises aren’t as safe as they may think. percent_of_apps_connecting_to_domain It is critically important that users and IT Administrators understand what data is being collected from their devices, where it is being sent, and how it is being used. Given that the majority of the sensitive data being collected occurs within these third party libraries such as ad networks, social media APIs, and analytics tools, it is therefore important to fully understand each of the libraries included in your mobile apps.  Gone are the days when we can simply say “I trust this app with these permissions and data”.  With the number of third-party libraries coming along for the ride we must now ask “for whom is the data, where will it be sent, how will it be used, and how will it be handled.”

Watch last week’s webinar, “A Three-Pronged Approach to Mobile Security”

May 30, 2014 by

Did you miss our webinar last week, with Forrester Research’s Tyler Shields, discussing how to best understand mobile risk and mitigate it?  You can now watch the recording, or download the slides.

You can also check out some of the questions we discussed during the webinar.

Stay tuned – we had too many questions, and will answer these later on our blog.


Webinar Details

Topic: Three-Pronged Approach to Mobile Security

 

 

#3ProngSecurity: Q3 – What combination of technologies can help me meet my business goals?

May 20, 2014 by

We posted questions one and two for our upcoming webinar, and here is the third installment: what combination of technologies can help me meet my business goals? Q&A orange These days, mobility managers have a range of solutions to consider to manage and protect mobile devices: mobile device management (MDM), enterprise mobility management, app reputation solutions, containerization, and firewalls.  It seems like there is a new solution available every month! We’ll talk about how to build a unified approach for your mobile security in our webinar on May 21. If you have questions to ask during the webinar, post them in the comments here, or tweet with the hashtag #3ProngSecurity. Here are a few other resources to help you sort out all of the options:


Webinar Details

Topic: Three-Pronged Approach to Mobile Security
DateMay 21
Time11 AM PST
RegisterSign up to attend


Follow

Get every new post delivered to your Inbox.

Join 887 other followers