Daniel Dor

The 4 building blocks of Mobile Security

Discussion created by Daniel Dor Employee on May 10, 2017

I was recently asked by a prospect from the financial sector the following question: "how should I secure my corporate network from the mobile threats landscape". 

 

To answer this question, we first described the 4 Building blocks of Mobile Security:

    1. Building Block 1 - MDM – This component is crucial for policy enforcement, but it doesn’t protect from 4 vectors of attacks: (a) Infected apps (b) Network attacks (c) OS Exploits (4) SMS Phishing – Check Point doesn’t have MDM solution, but SandBlast Mobile (SBM) do have out-of-the-box integration with: (1) MobileIron (2) AirWatch (3) MaaS360 (4) BES. The combination between one of these MDMs and SandBlast Mobile delivers both Devices management and Security.
    2. Building Block 2 – A Container – The secure container will enable you to work in a secure environment, but it can be bypassed (This video explains how bypassing is being done) – Check Point sell the Capsule Workspace solution for this need, and also integrate with Good Container and other MDM containers.
    3. Building Block 3 – Detection of AV \ App reputation – This enables the detection of known threats – This is being done by SandBlast Mobile solution.
    4. Building Block 4 – Detection of Unknown Threats and Zero Day – which assist you to handle unknown threats and zero day attacks – This is being done by our SandBlast Mobile solution.

 

Then, we explored few options to deploy these building blocks:

    1. 1st option – SandBlast Mobile in a standalone mode
    2. 2nd option – SandBlast Mobile & MDM– In such case SandBlast Mobile will detect threats and will send API call to the MDM so the MDM can change the policy of the infected device.
    3. 3rd Option – SandBlast Mobile & 3rd Party Container– In such case SandBlast Mobile will detect threats and will tell the 3rd party container to disconnect whenever there is a threat on the device.
    4. 4th Option – SandBlast Mobile & Capsule Wokrspace – In such case SandBlast Mobile will detect threats and will tell Capsule Workspace to disconnect whenever there is a threat on the device.

 

Each one of the above options has it's own pros and cons, and fits for different status. In this case, the financial institute decided to implement SandBlast Mobile & Capsule Wokrspace to his BYOD environment.

 

 

Outcomes