Application security

The Mobile Device Management Saga: An SIEM (Security Information Event Management) perspective

Karthik
July 25, 2013 by
Karthik

Wikipedia defines Mobile Device Management (MDM) solutions as solutions that secure, monitors and supports mobile devices, deployed across various Mobile service providers and operators. This domain of technology sweeps its charms over Smartphones, Tablets, Tablet Computers, mobile printers and various other devices dependent on On-The-Air (OTA) technology. The primary intent of this model is to obtain optimum balance between functionality and security cost effectively. The technology focuses primarily on BYOD era where employees of an organization use Company owned devices as well as personal devices for office work. This story takes you through various features of MDM, and various platforms on which MDM's are deployed the top 5 providers of MDM solutions in the world, and lots more.

MDM solutions and its need

A survey conducted by Redshift assessed the human factor like attitude, fear and the future hope towards using mobile devices in the workplace. The summary of the survey revealed that the trend of using mobile devices has increased thus, creating a need for MDM solutions. The primary need for such management is securing corporate data. A new device (personal) in the network would call for stricter compliance rules and policies. Managing these tasks manually is a tedious in itself for the IT team. Cases of rising thefts of smartphones and tablets cause all kinds of businesses to deploy any kind of MDM solution within the workplace. Employees have shown that working remotely on smart devices can be done without any loss of productivity from their end. Thus management also feels that it's OK to allow smart phones, tablets and similar devices in the work network. The technology brings in various business advantages to think about, few of which to mention are as follows:

  1. Reduced operational costs (on equipment, office space etc.)
  2. Satisfied employees who provide more work efficiency with their devices
  3. The IT team has less burden in managing devices

When considering new technology/implementation, the risk factors associated with it cannot be ignored. Various risk factors that come wrapped with BYOD era are listed as follows:

  1. BYOD devices are not centrally managed by the IT team, thus having minimal compliance and policy control over them.
  2. All BYODs like smartphones and tablets don't come with pre-installed security solutions there by increasing the threat vectors to an organizations corporate network. Black-hat hackers have used this as a key to open the doors of an organization's network. The attacks can be sent over an SMS, MMS or even through email attachments.
  3. Locating lost devices/stolen devices will be a nightmare with little or no control over the data present in it.
  4. Tracking of applications installed on the device when accessing corporate network cannot be addressed.
  5. Monitoring of devices accessing the corporate networks remotely is impossible without any MDM implementation.

So, here we have seen various reasons why an organization would need a MDM solution on its premises. Solutions that are based on cloud technology would be welcome by potential clients, because of its operational nature. The organization needn't worry about regular updates which happen automatically to any cloud based service. Organizations would also prefer remote monitoring (remote wipe, lock, etc.) of devices, as well as configuring them according to various policies listed and keep them compliant to the corporate network. Solutions with security policy implementation like blacklisting and access controls are generally preferred over solutions which don't have these facilities. Enabling telemetry services on the device would help in the tracking of events and environment changes. Most importantly these devices have to be scalable in nature so when new users enrol themselves in the service, the service continues to serve the purpose seamlessly.

Data Loss Prevention (DLP) Technologies

DLP and MDM solutions go hand in hand because the former is a by-product of the latter. In this section we'll understand the concept of Data Loss Prevention (DLP) and its need in the MDM space. Before we start to discuss this, let's first remember the class of attacks which sends chills down the spine of every corporation. – Advanced Persistent Threats. APTs as we know them aim at data exfiltration. MDM space throws an open playground for APTs to play around and poke for more Data! DLP Technologies combined with MDM solutions would drastically reduce the vulnerability of MDM space to APTs. Understanding where DLPs play a major role in the organizational network; we now continue to understand more about DLPs. A typical DLP solution is designed to prevent any detected data exfiltration. This detection and prevention cycle persists when the information is at rest (file level), in motion (network-level) or in use (end-point).

What kinds of Data are under observation and why is DLP needed?

  1. Credit card information
  2. Private and confidential internal information
  3. Patents and research information about an organization
  4. Its true financial status
  5. Every data which is considered to have a major impact on business

Personal Information Manager (PIM)

Windows Platform: Since we are focussing on MDM space, PIMBackup is a mobile solution for Windows based pocket devices. The robustness of the application is independent of the device, and the version of windows running on it. The Backup is either Binary based or text based. While the latter is more readable and easy to use, the former is a bit complex to modify or view.

Android/IOS Platform: EssentialPIM is the android/IOS version of the PIMBackup for Windows. The features remains the same as PIMBackup on EssentialPIM.

Players in the MDM Space:

Vendor Vendor Specific Details

Absolute Manage (By Absolute Software)

Platforms Supported: Android, Windows Phone, iOS, Mac Desktop

Packaged as: Software (WIN, MAC) , Virtual Machine

Enrolment: Web portal only

Authentication: AD, Open Directory and User Upload

Administration: Desktop Application

Maintenance: Regular releases

Air-watch (By Airwatch)

Platforms Supported: Android, Blackberry, Symbian, Windows, Mac Desktop

Packaged as: Appliance, Windows, Mac, SaaS, Virtual Machines

Enrolment: Web Portal, iOS, app, APIs and User Upload

Authentication: AD, LDAP, User Upload, Open Directory

Administration: Web based, API-SDK

Maintenance: Regular Releases

MaaS360 (By Fiberlink)

Platforms Supported: Android, iOS, Blackberry, Symbian, Windows, Mac

Packaged as: Appliance, Windows, Mac, SaaS, Virtual Machines

Enrolment: Web Portal, iOS, app, APIs and User Upload

Authentication: AD, LDAP, User Upload, Open Directory

Administration: Web based, API-SDK

Maintenance: Regular Releases

Good EMM (By Good)

Platforms Supported: Android, Symbian (End of Life), Windows, iOS

Packaged as: Windows, Virtual Machines

Enrolment: Web Portal, iOS app, APIs and User Upload

Authentication: AD, User Upload, Open Directory

Administration: Web based, API-SDK

Maintenance: Regular Releases

Zenprise (By Zenprise, Citrix)

Platforms Supported: Android, Blackberry, Symbian, Windows

Packaged as: Windows, SaaS, Virtual Machines, Unix Software

Enrolment: Web Portal, API-SDK and User Upload

Authentication: AD, LDAP, User Upload, Open Directory

Administration: Web based, API-SDK

Maintenance: Regular Releases

Other vendors like Afaria (By SAP), McAfee EMM, FancyFon etc. are also available.

Some of the Best practises for MDM space

Wireless Network Assessment

This assessment majorly focuses on scaling more than 2 devices per user on a network. We should also consider the impact of rogue networks that are hanging around nearby. It's ideal to have an upper cap on the number of devices a particular user can register to a particular network, so that the service can guarantee scalability and timely service.

Access Provisioning

Providing right kind of provisioning helps in isolation of personal devices from the company assets. Personal devices need stricter control over them, when inside corporate a network. Personal devices need to comply with certain rules before allowing access to the corporate networks.

Management of Devices

With the exception of BlackBerry based devices all other vendors like Android, iOS and Windows provide the device's owner the administrative privilege. Which enables them to back out from compliance rules any time. This is where solutions from vendors like MaaS360 by Fiberlink, Airwatch and MobileIron come in to play.

Implementing policies

Common BYOD policies that an enterprise would require, are enforcing the use of passwords, remote lock facilities, denial to rooted devices, selective remote wiping and so on. For example; a policy could look like – "When the device is logged into the corporate network, disallow all the blacklisted services".

The Future of Mobile Device Management Solution

John Girard, the VP of Gartner was found quoting – "Mobile Device Management is in chaos right now, and I think its market is going to die." The need for the day in many MDM solutions are: re-structuring mobile application management and providing effective shielding around the applications. Few vendors realized this and are working towards developing a container wrapped around their apps. What is interesting to see is who will have a foothold on the market and continue to innovate and grow. On the other hand, not far ahead in the future, the entire workplace would be filled with personal and smart devices. Which shows that the potential for the market still exists, and integrating early MDM checkpoints towards bridging the gap between perimeter security and operations is the key to success of this huge market!

Karthik
Karthik

Karthik is a cyber security researcher at Infosec Institute and works for Cyber Security and Privacy Foundation (a non-profit organization) as a researcher, in India. He finds deep interest in Information security as a whole, and is particularly interested in VA/PT and serving to the cause for Nation's Security.