Thursday, April 11, 2013

Blog on BYOD Security: The Art of detecting unauthorized devices in the network!!

Did you know that more than 1/3rd devices go undetected and hence unmanaged and more than 50% of these are the source of all network and data compromises in an enterprise?

You know what you know and you have no idea of what you don’t know and worse you cannot manage what you don’t know. This very well applies with the mobile world too especially in the BYOD world of the enterprise. Today pretty much every one carries at least two smart devices (a smart phone and a tablet) if not more and people changing devices or carrying different devices over a period is highly probable and one can end up using at least 5 to 6 devices over a period of time of as short as an year and can even reach 10. In fact Microsoft allows max 10 devices per employee in their Redmond office.

Many of the MDM (Mobile Device Management) vendors including Microsoft EAS (Enterprise Active Sync) and Microsoft System Center (MS SC) all provide ways to track all the devices and manage them (of course by provisioning these devices and putting an agent on it) but they end up managing only 2/3rd of all devices that are plying in the corporate network, and more than 1/3rd devices goes undetected and for various reasons including they did not install an “agent” that was prescribed by the vendors to they did not register on a portal suggested by the vendor. Even in MS world, you connect to AD and get into the domain and you are recognized and this happens to most company given laptops and desktops. This is the first of the three levels where all these devices gets classified. Second one is not with the domain but those, which connect only to the EAS. Second level, which mainly applies to BYODs, is knowing and managing when they connect to the EAS (not necessarily to domain). Even SC has the stack of both AD and EAS managed devices and those who have SC know that it takes quite a while to know completely about the devices they manage. Then there is the third level where more than 1/3rd devices belong and are on the network but AD and EAS (and MDM tools for that matter) have no idea about their existence. They have not installed any agent nor connected to the EAS either (or would have rooted or jailbroken the device and connect to EAS and EAS cannot track it) they can easily logon and connect to the Internet and do what they can, and all goes unchecked.

Another trouble with unmanaged devices is that we don’t know to what level their security is checked and whether they are vulnerable or not (having older OS) or whether they have malware present or not. According to many popular surveys more than 1/3rd devices go undetected and end up being unmanaged and more than half of them end up being source of all vulnerabilities, security holes and malwares and will end up being the source of network and data compromises, malware attacks, and cyber espionage. It is not that the owners of these unmanaged devices intend to do this but they circumvent these mainly to get some other privileges, which otherwise they will not be. Few examples are that companies don’t allow android devices into corporate but people like me love android and we will find a way to get into the enterprise undetected and without our knowledge we will be source of all network and data compromises in the enterprise.

Here is where we @ i7 play a crucial role. Our tool PeregrineGuardtm using patent-pending sophisticated algorithms and finger printing techniques, goes over multiple protocols and huge knowledgebase of all these devices and OSes behaviors and facts clearly identify and fingerprint each of these devices and we do all of it without putting an agent or a client on the device and completely non-intrusive and transparent to the employee. We pick up all these devices and via AD/RADIUS or LDAP we even know to who it belongs and hook into MDM and EAS database and find out which are all managed and which are all not managed and give IT a list of all such devices, what OS and OS versions are they running, what is their vulnerability rating (DVItm or device vulnerability index) and alert the IT to bring the to the safety net of the enterprise or allow them to ply the way it is but at least help make a informed decision.

Deployment is even more easier, just plug in a server or even a laptop with PeregrineGuard behind Wi-Fi aggregators into the mirror port and not even in-line and immediately you will start seeing all the devices that are there and the reports about their existence, belonging, usage etc., and if you have AD or RADIUS, it even tells to who these devices belong to; Just plug it and in and start seeing the reports!!

Once you have a control on these unmanaged devices, you reduce the risk of cyber attacks/data leak in the organization by more than 80% and hence helping enterprises securing their network while reaping the rich benefits of the BYOD. Another interesting statistics I read is that those companies who have banned or barred any BYOD into their enterprise has still more than 30% of employees using devices in one way or other to do something within the organization which IT is completely unaware of. In my opinion, BYOD is a juggernaut that cannot be stopped.

BTW when I say BYOD it is not just your smart phones and tablets but can also include employee owned laptops too as distinguished from company given laptops, which I feel, is also the need of the hour and many companies have allowed this option already!!

Manjunath M Gowda
i7 Networks, “Agentless BYOD Discovery & Control”
LinkedIn, @i7networks

Reproduced with the permission from the author of blog.

No comments:

Post a Comment