KEEP YOUR
INFORMATION YOURS

1. User Experience

2. Data Leakage

3. Data Encryption

4. Device Access and Control

5. Policy Configuration, Deployment & Enforcement

6. Integration and Interoperability

7. Device Constraints & Performance

8. Device Loss or Theft

ISSUE: Device Access and Control

DESCRIPTION

The proliferation of mobile devices with increasing memory, processing, and storage capacity has created a new range of potential breaches of sensitive information. The challenges are how to best detect and register devices, authenticate users, as well as restrict and manage the access to corporate networks. 

There is mounting pressure from executives, professionals and other mobile workers to embrace the productivity gains promised by such applications as Customer Relationship Management (CRM), Business Intelligence (BI), financial, medical and email.  However, mobile devices connecting to corporate networks and the presence of sensitive data on remote end-point devices can expose corporations to data leakage, malware, spyware, theft and other threats.  To date, due to the lack of satisfactory security solutions, organizations have tended to deny mobile devices access to corporate networks.  This often serves to restrict the productivity gains promised by a mobile workforce.

When mobile devices are allowed to connect through Virtual Private Networks (VPN), it establishes a secure channel for information to flow through.  However, it can also establish a false sense of security.  A VPN tunnel does not protect information on the endpoint device; nor does it protect corporate networks against malware entering the corporate network through the end point device. 

Measures to control remote devices and contain the impact of device access typically require a multi-layered approach involving:

• Device detection, authentication, and management
• Policy deployment, management, and enforcement
• Ad-hoc override commands with remote application and process control that are particularly applicable to protecting data on a lost end point device

Security policies may stipulate that access is not permitted. Nevertheless, without strong detection and enforcement capability, security effectiveness remains uncertain. The changing laws and regulations surrounding privacy and security place a new urgency on resolving the exposures associated with uncontrolled access.

 

PacketDNA Solution

Secure Receptor™’s ability to automatically implement an alternative policy on the fly helps to ensure that the most appropriate security policy is always implemented. Based upon the status of a device (stand-alone, or connection type) a more restrictive policy can automatically be pushed to a device to establish a higher level of security. This can help to minimize unauthorized access.

Secure Receptor™ may be configured so corporate systems will only allow access by authenticated users with registered devices. Upon the authentication of a user, any new device will be detected and sent a request to download or reject the Secure Receptor’s B.A.S.E. (Background Agent Security Engine). PacketDNA™’s B.A.S.E. software would then be installed on the device followed by the downloading of a default policy that would establish limited security policy settings and restricted access. Thus, no unregistered device could access corporate systems outside of policy controls and new or guest devices can still be provided limited access.

The Device Manager component of Secure Receptor™ allows the configuration and enforcement of the following:

• Access or restriction of devices through wireless or other connections may be configured under policy
• Access or denial of USB or other ports. For example; with a wireless connection, USB ports could be blocked, yet function as usual when connected in the office
• USB and other storage devices can be registered with the system. If policy is configured so that only authorized devices will run on the system, then the extraction of data to an unregistered external device or system would be denied. 
• Processes such as cut, paste, as well as copy permissions can be specified as part of policy. Similarly, moving files from internal to external devices or the reverse can be specified along with restrictions on the size of devices to which the files can be moved.
• Applications or executables that are not registered with the system can be prevented from running. Thus, malware, Trojans, etc., can be prevented from running or installing.
• Email applications can be prevented or the files, contacts, appointments encrypted

All of the functionality described above for security policies can also be undertaken on the fly with override remote ad-hoc commands from the central console. Secure Receptor™ gives administrators a tool to centrally configure, deploy, manage and enforce all security policies. Users have no ability to alter or circumvent policies.

 

COMMENTS / BENEFITS

To be effective, a mobile security solution must dynamically detect network access attempts and manage authorized and unauthorized devices. This needs to be done even when attempted by an authenticated user.

PacketDNA’s Secure Receptor™ resolves access issues in a direct, effective, easy to administer manner. Access permissions are driven by policy at all times.