Smart Agent > PAC File

As we’ve been developing our web security solution for Macs and Windows, the question often comes up if we use an agent/client or just configure the native proxy (often done via PAC files).  We’ve chosen the approach to distribute a smart agent for several reasons.

Agents Can’t Be Ignored by Applications

Since an agent is at the kernel level, an application can’t choose to bypass it.  Applications do have the option though of ignoring the proxy settings.  This means that potentially sensitive data or a malicious app can bypass the proxy without the IT administrator ever knowing.  Firefox is a good example of an application that by default ignores proxy settings.  Any piece of smart malware would obviously choose to ignore the proxy so there’s one less possibility of being detected.

With it being relatively trivial for any type of app or program to bypass proxy settings via a PAC file, it renders this approach fairly insufficient if being used as a security solution.

Agents Are Intelligent

The proxy settings are inherently very static and leave little room for dynamic configuration.  With the growing concerns around privacy, you want a solution that can change with the times and the context of the situation.  Maybe this means only taking certain traffic for some employees, or changing what traffic is analyzed depending on the context (location, behavior, application, risk, etc).  An agent allows for so much more intelligence in what type of web traffic is taken and how it is analyzed.

By utilizing an agent, so much more can be done with the connection handling which can really boost performance.  Sometimes these performance gains can exceed your standard internet connection.  We’ll write more about how this is accomplished in an upcoming blog post.

Agents Analyze All Internet Traffic 

Since an agent is placed at the kernel level, it can proxy all traffic to a web gateway including standard protocols like HTTP, SMTP, IMAP, UDP, DNS and more.  Configuring just proxy settings often only covers HTTP (web traffic) which is great if you just need simple URL filtering and inspection, but there is so much more that happens outside of HTTP.  By only looking at HTTP traffic, you have an incomplete picture and also increase the surface area from which attacks can occur.  Email talks over other common protocols like IMAP and SMTP, Skype often leverages UDP, and almost all internet based apps use DNS to resolve IP addresses.

Furthermore, if any type of malicious attack knows that a proxy is in use, it can easily leverage another protocol like UDP to communicate with their server and the HTTP proxy would never know about it.

Agents Are Difficult to Disable

Proxy settings via PAC files are fairly simple for users to disable whereas an agent is much more difficult to disable without administrator access because it’s down at the kernel level.  Plus, an agent can add more logic to automatically check for being disabled and in that case restart itself or notify an administrator.

Conclusion

While just deploying proxy settings might be simpler from an initial deployment perspective, the benefits pretty much end there and from then on an agent is a much better choice.  If you’re interested in our agent based approach, sign up for early access today.

Join us at (ISC)2 Security Congress 2014

Our CEO Garrett Larsson will be at (ISC)2 Security Congress in Atlanta on September 30 to discuss mobile app security with Timothy Wilson of Dark Reading and others. More information about the session is below. We hope to see you there!

Mobile App Security: Myths and Realities

Mobile Security Session 3242

Presenters:

  • Timothy Wilson, Editor, Dark Reading
  • Garrett Larsson, CEO and Co-Founder, Mojave Networks
  • John Weinschenk, CEO, Cenzic, Inc.
  • Jack Walsh, Mobile Security & Special Projects Programs Manager, ISCA Labs

Date and Time:

Tuesday, September 30th at 1:45PM to 3:00PM

Background:

When it comes to mobile threats, most of the attention has been paid to the slow growth of mobile malware, but this is only part of the picture. Many mobile devices are running supposedly “safe” applications — such as browsers and social networking apps — that are potentially much more dangerous to the enterprise than current malware. In this panel, we examine the most immediate threats to mobile devices in the enterprise, focusing on real-world compromises and lesser-known exploits and dispelling some of the myths and hyperbole surrounding mobile security.

mojave_networks_logo

 

 

Announcing Data Caps for Mobile Devices

We understand how important it is for organizations to operate within the data limits established by their data plan. Overages can be the worst type of surprise for an organization working within a predetermined budget. That’s why we’ve developed a new feature that allows administrators to gain insight and control over mobile device data usage. With our new feature, administrators can now track carrier data usage, set notifications, and take action to terminate data access to any user who is close to exceeding their monthly allotment of data. For more about Mojave Networks can help you gain visibility, control and security for mobile devices and computers, see this 90-second demo.

mojave_networks_logo

Next up: Securing Macs and Windows PCs

The workplace isn’t constrained by a single device in a single location. Your security shouldn’t be either.

That’s why Mojave Networks is extending mobile security to include Macs and Windows PCs. The same web security that we’ve always had for smartphones and tablets now can protect Macs and Windows PCs with threat detection, visibility into cloud apps, data loss prevention, URL filtering and robust analytics. These innovative solutions block more threats, reduce IT complexity and mitigate the risk of data loss.

Our cloud-based secure web gateway is simple to deploy, requires no hardware and saves on total ownership costs. So no matter where or how your employees access the network, you can gain visibility into network activity and control over devices for comprehensive security that keeps sensitive data safe.

Sign up now for early access to Mojave’s secure web gateway for Macs and Windows PCs.

Beta Landing Page

Mojave Connect – Real Time Event API

We often hear from customers who have existing Security Information and Event Management (SIEM) tools, like Splunk or QRadar, and wish to leverage those investments in combination with the unique data that we can provide. And for our own part, we believe that security vendors should interoperate seamlessly to best protect enterprise assets. Therefore, we have been hard at work on an enterprise-integration initiative, and are pleased to announce the general availability of our real-time event API: Mojave Connect.

With this API, customers gain full visibility into the events flowing through Mojave as they happen, including,

  • Network Activity — Source (IP, port, user agent), Destination (IP, port, URI), bytes transferred, protocol, network type (carrier, wifi), category, action (block, audit, allow), and more
  • Device Activity — Event type (lock, wipe, locate, diagnostics, app installation, etc.), severity (alert, warning, low), device (make, model), user

Mojave Connect

Customers can then store and analyze these events as suits their needs. For example, companies can collate network events happening on devices outside of the corporate network with events happening internally. Having a single, homogeneous corpus of all network activity across the enterprise will make it easier to find anomalies and threats, and having it all centralized will make it that much easier for IT to manage.

So how does it work?

Mojave Connect consists of two layers, each providing different opportunities for integration:

  • Mojave Connect SDK — The SDK (currently available for Java; other versions forthcoming) is a low-level library for consuming our real-time event streams. Customers with proprietary applications might want to use the SDK directly so that they can customize the interaction to best suit their needs.
  • Mojave Connect Agent — These are higher-level software agents that wrap the SDK and are deployed onsite to provide integration with a specific third-party application:
    • The Syslog Agent for Mojave Connect reads events from the event stream and logs them to the local syslog daemon.
    • The Spunk Agent for Mojave Connect is a Splunk add-in (soon to be published to the Splunk App marketplace) that lets you add Mojave streams to your enterprise data as seamlessly as any other data source.
    • Many more to come…

Contact us today to take the Mojave Connect API for a spin.

Special thanks to Josh Bandur for helping write this post and more importantly writing the API!

Survey: What does the future of cloud security look like?

DeathtoStock_Wired2

Click Here

We’ve been thinking a lot about the future of cloud security lately. As workforces become more mobile, and work becomes anytime/any place/anywhere, companies have to think differently about securing their data and systems.

We want to get your feedback as we build the next-generation cloud security. Help shape our future product direction by sharing your thoughts in our two minute survey.

Stay tuned, we’ll share the results here on our blog!




[Webinar] “Beyond Permissions: The Truth Behind Mobile Application Risk ”

App Rep_webinar btns V3

Permission by proxy. That sounds pretty scary right?  It happens to any of us who use apps on our mobile devices, from official or unofficial sources. Simply by using an app, we grant permission to that app to access various areas of our mobile devices. Sometimes, those permissions are extended to data sharing with other applications via app-installed libraries.

Do you want to learn more about the hidden risks in your mobile apps? Join us on Wednesday, June 25 at 11:00 AM for our webinar, “Beyond Permissions: The Truth Behind Mobile Application Risk.”

Our presenter, product marketing manager Samer Baroudi, will discuss the hidden risks of your mobile apps and how to gain visibility into the apps installed on your organization’s corporate-owned and BYOD devices.

In this webinar you’ll learn:

  • Why app store apps have hidden risks
  • How to add visibility into the apps on your mobile devices
  • What data is collected by your apps and how it is shared

Webinar Details

Topic: Beyond Permissions: The Truth Behind Mobile Application Risk
DateJune 25
Time11:00 AM PST