I know we’ve been quiet for some time and that’s been due to us being heads down integrating the best of Mojave into Sophos Cloud. The other day we released some of the initial pieces of that hard work. You can read more on the Sophos blog here. Keep a look out for more to come soon!
Today we’re very excited to announce that Mojave Networks is now part of Sophos. Sophos has a long history of making world-class security products and by joining Sophos we’ll be able to accelerate our goal of bringing cloud web security to all mobile workers.
For our current customers, there will be little change as our services will keep running as is. Over time though, you’ll see an even faster pace of development as we’ll have the benefit of Sophos’ resources. Eventually the goal is to provide a comprehensive, easy to use security suite for companies of all sizes.
We truly believe that combining the best of both products will deliver incredible benefits for our customers and look forward to sharing our plans with you in the coming months.
Finally, we’d like to thank all of our customers, partners and everyone else that helped us get to this point and we’re really excited for the next stage of our company!
The Mojave Team
As we’ve been developing our web security solution for Macs and Windows, the question often comes up if we use an agent/client or just configure the native proxy (often done via PAC files). We’ve chosen the approach to distribute a smart agent for several reasons.
Agents Can’t Be Ignored by Applications
Since an agent is at the kernel level, an application can’t choose to bypass it. Applications do have the option though of ignoring the proxy settings. This means that potentially sensitive data or a malicious app can bypass the proxy without the IT administrator ever knowing. Firefox is a good example of an application that by default ignores proxy settings. Any piece of smart malware would obviously choose to ignore the proxy so there’s one less possibility of being detected.
With it being relatively trivial for any type of app or program to bypass proxy settings via a PAC file, it renders this approach fairly insufficient if being used as a security solution.
Agents Are Intelligent
The proxy settings are inherently very static and leave little room for dynamic configuration. With the growing concerns around privacy, you want a solution that can change with the times and the context of the situation. Maybe this means only taking certain traffic for some employees, or changing what traffic is analyzed depending on the context (location, behavior, application, risk, etc). An agent allows for so much more intelligence in what type of web traffic is taken and how it is analyzed.
By utilizing an agent, so much more can be done with the connection handling which can really boost performance. Sometimes these performance gains can exceed your standard internet connection. We’ll write more about how this is accomplished in an upcoming blog post.
Agents Analyze All Internet Traffic
Since an agent is placed at the kernel level, it can proxy all traffic to a web gateway including standard protocols like HTTP, SMTP, IMAP, UDP, DNS and more. Configuring just proxy settings often only covers HTTP (web traffic) which is great if you just need simple URL filtering and inspection, but there is so much more that happens outside of HTTP. By only looking at HTTP traffic, you have an incomplete picture and also increase the surface area from which attacks can occur. Email talks over other common protocols like IMAP and SMTP, Skype often leverages UDP, and almost all internet based apps use DNS to resolve IP addresses.
Furthermore, if any type of malicious attack knows that a proxy is in use, it can easily leverage another protocol like UDP to communicate with their server and the HTTP proxy would never know about it.
Agents Are Difficult to Disable
Proxy settings via PAC files are fairly simple for users to disable whereas an agent is much more difficult to disable without administrator access because it’s down at the kernel level. Plus, an agent can add more logic to automatically check for being disabled and in that case restart itself or notify an administrator.
While just deploying proxy settings might be simpler from an initial deployment perspective, the benefits pretty much end there and from then on an agent is a much better choice. If you’re interested in our agent based approach, sign up for early access today.
Our CEO Garrett Larsson will be at (ISC)2 Security Congress in Atlanta on September 30 to discuss mobile app security with Timothy Wilson of Dark Reading and others. More information about the session is below. We hope to see you there!
Mobile App Security: Myths and Realities
- Timothy Wilson, Editor, Dark Reading
- Garrett Larsson, CEO and Co-Founder, Mojave Networks
- John Weinschenk, CEO, Cenzic, Inc.
- Jack Walsh, Mobile Security & Special Projects Programs Manager, ISCA Labs
Date and Time:
Tuesday, September 30th at 1:45PM to 3:00PM
When it comes to mobile threats, most of the attention has been paid to the slow growth of mobile malware, but this is only part of the picture. Many mobile devices are running supposedly “safe” applications — such as browsers and social networking apps — that are potentially much more dangerous to the enterprise than current malware. In this panel, we examine the most immediate threats to mobile devices in the enterprise, focusing on real-world compromises and lesser-known exploits and dispelling some of the myths and hyperbole surrounding mobile security.
We understand how important it is for organizations to operate within the data limits established by their data plan. Overages can be the worst type of surprise for an organization working within a predetermined budget. That’s why we’ve developed a new feature that allows administrators to gain insight and control over mobile device data usage. With our new feature, administrators can now track carrier data usage, set notifications, and take action to terminate data access to any user who is close to exceeding their monthly allotment of data. For more about Mojave Networks can help you gain visibility, control and security for mobile devices and computers, see this 90-second demo.
The workplace isn’t constrained by a single device in a single location. Your security shouldn’t be either.
That’s why Mojave Networks is extending mobile security to include Macs and Windows PCs. The same web security that we’ve always had for smartphones and tablets now can protect Macs and Windows PCs with threat detection, visibility into cloud apps, data loss prevention, URL filtering and robust analytics. These innovative solutions block more threats, reduce IT complexity and mitigate the risk of data loss.
Our cloud-based secure web gateway is simple to deploy, requires no hardware and saves on total ownership costs. So no matter where or how your employees access the network, you can gain visibility into network activity and control over devices for comprehensive security that keeps sensitive data safe.
Sign up now for early access to Mojave’s secure web gateway for Macs and Windows PCs.
We often hear from customers who have existing Security Information and Event Management (SIEM) tools, like Splunk or QRadar, and wish to leverage those investments in combination with the unique data that we can provide. And for our own part, we believe that security vendors should interoperate seamlessly to best protect enterprise assets. Therefore, we have been hard at work on an enterprise-integration initiative, and are pleased to announce the general availability of our real-time event API: Mojave Connect.
With this API, customers gain full visibility into the events flowing through Mojave as they happen, including,
- Network Activity — Source (IP, port, user agent), Destination (IP, port, URI), bytes transferred, protocol, network type (carrier, wifi), category, action (block, audit, allow), and more
- Device Activity — Event type (lock, wipe, locate, diagnostics, app installation, etc.), severity (alert, warning, low), device (make, model), user
Customers can then store and analyze these events as suits their needs. For example, companies can collate network events happening on devices outside of the corporate network with events happening internally. Having a single, homogeneous corpus of all network activity across the enterprise will make it easier to find anomalies and threats, and having it all centralized will make it that much easier for IT to manage.
So how does it work?
Mojave Connect consists of two layers, each providing different opportunities for integration:
- Mojave Connect SDK — The SDK (currently available for Java; other versions forthcoming) is a low-level library for consuming our real-time event streams. Customers with proprietary applications might want to use the SDK directly so that they can customize the interaction to best suit their needs.
- Mojave Connect Agent — These are higher-level software agents that wrap the SDK and are deployed onsite to provide integration with a specific third-party application:
- The Syslog Agent for Mojave Connect reads events from the event stream and logs them to the local syslog daemon.
- The Spunk Agent for Mojave Connect is a Splunk add-in (soon to be published to the Splunk App marketplace) that lets you add Mojave streams to your enterprise data as seamlessly as any other data source.
- Many more to come…
Contact us today to take the Mojave Connect API for a spin.
Special thanks to Josh Bandur for helping write this post and more importantly writing the API!