Thursday, September 26, 2013

APPLE’S SOFTWARE UPGRADE OFFERS IMPROVED ENDPOINT SECURITY


Apple’s new software upgrade includes new security features to improve endpoint security on the iPhone 4 and later versions, especially when utilized by employees as part of a BYOD practice.
According to Apple, iOS 7 patches 80 known security vulnerabilities, making devices running iOS 6 and earlier systems at risk for infection and other issues. These include addressing issues with certificate trust policies, plus data protection and security, among many other improvements.
ZDNet stated that if the upgrade is not installed on a device, existing bugs could execute malicious code, use applications to discover passwords, send tweets without user permission through sandbox apps and control or interfere with telephony capabilities. Additionally, unpatched devices could experience data leakage despite protection under IPSec Hybrid Auth.
Patches and benefits
SilverSky CTO Andrew Jaquith said in a CSO article that Apple already had a secure operating system with multiple lock down options available before iOS 7.
“With iOS 7, companies will find many of their remaining needs addressed,” Jaquith said. “It’s clear that Apple is listening to their enterprise customers.”
For example, Apple stated in a mailing list announcement that iOS 7 resolves a privilege separation issue where cybercriminals could sidestep authentication restrictions to figure out a user’s password despite a “Erase Data” setting through an app within the third-party sandbox. This patch will greatly improve endpoint security and control, especially where lost or stolen devices are concerned.
Additionally, Apple soothed data leakage concerns with improvements to data security. According to the notification, a hacker could seize credentials and other sensitive information from devices earlier versions of iOS if using a privileged network position. A recently revoked sub-CA certificate has been added to the operating system’s list of untrusted certificates.
CSO also stated that with previous Apple operating systems, a criminal could perform a reset and input their own preferences, allowing them to utilize the device for themselves. However, on iOS 7, once an application lock is activated, a thief cannot use the phone through a system reset.
The upgrade demonstrated Apple’s commitment to their devices being secure as part of BYOD policies. Jaquith said iOS 7 also incorporates additional policies to securely lock down devices, including restriction options for Siri, AirDrop and Dropbox. Furthermore, corporate applications have been restricted from communicating with personal applications.
“In my opinion, Apple appears to have significantly improved the controls which help separate work and personal information,” said Fiberlink marketing director Jonathan Dale, according to CSO. “Users and companies should feel more secure that their data will not go to unintended places.

Friday, September 13, 2013

WHAT MICROSOFT’S NOKIA ACQUISITION MEANS FOR ENDPOINT MANAGEMENT STRATEGIES


Mobile device proliferation has dramatically complicated the endpoint management strategies employed by many leading enterprises, and endpoint security and control may soon get even more difficult thanks to Microsoft’s recent acquisition of Nokia.
Earlier this month, Microsoft sent shockwaves throughout the business and IT worlds when it announced that it would spend $7.2 billion to obtain Nokia’s devices and services business, which includes its line of mobile hardware. With the move to get the second biggest cellphone maker in the world, Microsoft is now expected to be a far larger player in the already crowded device manufacturing market, the Los Angeles Times reported.
“Bringing these great teams together will accelerate Microsoft’s share and profits in phones, and strengthen the overall opportunities for both Microsoft and our partners across our entire family of devices and services,” Microsoft CEO Steve Ballmer said.
Expect further device proliferation
According to the Times, the move comes as Microsoft attempts to better position itself against rivals like Apple as consumers and enterprises further embrace handheld technology. A June report from the Pew Research Center found that 56 percent of all Americans over 18 now own a smartphone, and the rise in popularity of bring-your-own-device policies means that a fair number of these products were ending up in corporate environments for enterprise-related purposes.
However, prior to this deal, Microsoft has failed to capture a significant amount of this market. IDC earlier this month predicted that smartphone sales will grow 7.3 percent by the end of 2013, although devices running the Microsoft Windows mobile operating system are only expected to make up 3.9 percent of the approximately 1 billion cellphones sent out over the course of this year.
While device manufacturers like Apple and Samsung are currently dominating the marketplace, Microsoft’s recent announcement plus other industry happenings will likely create more market parity over the next five years. IDC predicted that between today and 2017, the compound annual growth rate of phones running the Android OS will drop slightly, but it will go up for Apple iOS and Windows phones.
Why endpoint management may never be the same
For consumers looking for more full-fledged smartphones, Microsoft’s recent announcement is welcome news. For enterprises already dealing with personal mobile device proliferation, however, this expected shift in the smartphone market may create more management and security headaches.
When it comes to data leak prevention, BYOD can create a nightmarish situation for IT departments. Many technology professionals are used to maintaining the security of one type of computer running one operating system. However, as more and more smartphones flood the market and enter business settings, these professionals are now tasked with securing more devices and OSs than ever before. With Microsoft making a bigger push into this market, the already complicated task of endpoint security and control just potentially got even harder.
To address this concern, IT departments should consider utilizing state-of-the-art endpoint protection software. Armed with this data leak protection tool, cybersecurity professionals are able to more easily oversee all devices accessing enterprise materials and more quickly alert decision makers should an issue be discovered.

ENDPOINT SECURITY MUST BE COMPREHENSIVE YET UNOBTRUSIVE


Thousands of new malware variants emerge each day, underscoring the considerable endpoint management challenges that IT departments face in securing devices and networks. Many organizations use patchwork solutions that appear effective, but in reality even one failure could result in catastrophic data loss or infection. With bring-your-own-device policies complicating the endpoint landscape, organizations need a centralized management console that can monitor what each endpoint is running, ensuring network security while not impairing company productivity.
InformationWeek’s Ankur Chadda recently examined the current state of network security, focusing on the simultaneous rise of sophisticated malware and the BYOD-enabled hardware that often carries it. Roughly 74,000 new malware strains are released each day, and so far organizations have fought back by using traditional tools like antivirus software and firewalls.
However, these tools may be becoming less effective in light of the proliferation of mobile threats like SMS chargeware, as well as the refinement of desktop trojans. For example, Infosecurity chronicled the evolution of the Taidoor trojan, which originally delivered malware via a classic email phishing scheme. However, it has since become more sophisticated, now employing a separate downloader that can install additional malware later on. It also links to an innocuous-looking Yahoo blog, rather than a standard command-and-control apparatus.
To deal with these threats, organizations should adequately test endpoint security solutions under realistic conditions, so that managers can discern whether tools identify anomalies as they emerge. Good endpoint tools will also be unobtrusive, coexisting well with BYOD initiatives.
“Companies that implement aggressive malware policies need to strike a balance between network security and organizational performance,” advised Chadda, later adding “Controls cannot be so restrictive that they get in the way of systems being efficient and workers doing their jobs.”