BETTER Mobile Threat Defense

Transcription

BETTER Mobile Threat Defense
BETTER Mobile Threat Defense
AirWatch Integration Guide
San Francis CA
Better Mobile
Security, Inc.Inc.
Better Mobile Security,
99 Madison
4th Floor,
Better Avenue,
Threat Defense
AirWatch Integration Guide
Version
2.01 Build 01212016
New York,
NY10016
1
TABLE OF CONTENTS
BETTER MOBILE SOLUTION....................................................................3
BETTER CLOSES MOBILE VULNERABILITY GAPS & MITIGATES RISK ..................3
STATE-OF-THE-ART MOBILE THREAT DEFENSE ...............................................4
BETTER THREAT DEFENSE COMPONENTS ........................................................5
SOLUTION OVERVIEW .....................................................................................6
INTEGRATION REQUIREMENTS ..............................................................7
INTEGRATION WITH AIRWATCH SERVER .............................................9
DETAILED STEPS TO BE CARRIED ON AIRWATCH SERVER .................................9
CONFIGURATIONS ON THE AIRWATCH SERVER ...............................13
DEPLOYMENT OF BETTER ACTIVE SHIELD ON MOBILE DEVICES..14
ZERO TOUCH -DEPLOY BETTER ACTIVE SHIELD ON MOBILE DEVICES ...............14
END USER SIDE INSTALLATION ...........................................................16
REGARDING ON-GOING IPA UPDATES ................................................17
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
2
BETTER Mobile Solution
Enterprise Mobility drives results, but it also introduces security risk & threats
Organizations increasingly rely on mobile devices for business operations. Because
employees can work from anywhere, at any time, use of BYO and corporate-owned
mobile devices significantly increases flexibility and productivity. Organizations can
respond more agilely to changing conditions, accelerate time-to-market, and increase
competitive advantage.
All the mobile devices and apps making their way into the enterprise present a new
avenue for hackers to attack valuable corporate data and resources.
Yet mobile management systems offer minimal security. Existing network security
solutions lack the visibility to safeguard devices outside the firewall. Signature-based
solutions fail to detect unknown or dynamic threats.
Organizations need a multi-layered approach that ensures that mobile devices and the
corporate data they store and access are secure.
BETTER Closes Mobile Vulnerability Gaps & Mitigates Risk
Better Mobile Threat Defense proactively and predictively protects BYO and corporateowned iOS, Android, and Windows mobile devices (managed and unmanaged
devices) from the full range of mobile threats. It dynamically detects and remediates
known and unknown mobile vulnerabilities including malware, network, and OS-level
threats.
Malware
Malware appears innocent enough. End users download it like any other app or open a
PDF. Then it runs in the background, making audio or video recordings or accessing
your cloud apps, data and other services. BETTER uses a multi-layered approach to
detect malware. Behavioral analytics, static/dynamic analysis, source origin, structure,
permissions, and blacklists all provide clues to the malicious intent of the app.
Network
Man-in-the-Middle (MiTM) attacks can hijack a session. Occurring when the mobile
device connects to a rogue Wi-Fi hotspot, MiTM attacks can steal credentials, deliver a
targeted exploit, or take control of the device. BETTER’s technology detects risks while
on-device remediation isolates the user’s communication from the compromised
network.
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
3
OS
OS-based attacks take advantage of weaknesses in the OS or in pre-installed software
to expose user passwords, encryption keys, or other private data—or even wipe the
handset and eavesdrop on calls. Indeed, 30% of devices are running an out of date OS
with severe vulnerabilities. Better research teams work tirelessly to keep ahead of
these attacks and deliver the most comprehensive protection
State-of-the-Art Mobile Threat Defense
BETTER Mobile Threat Defense protects your iOS, Android and Windows devices from
malware, network and OS-based threats 24x7. Our technology detects threats from
every attack vector and can even identify unknown, zero-day attacks. On-device
remediation instantly addresses any attacks and gets users back to work quickly. The
solution is user friendly, ensuring rapid adoption and use. A security management
console provides administrators with complete visibility, and integrates with other
enterprise MDM systems.
Monitor
BETTER continuously monitors mobile devices for malicious behavior to defend
against all mobile attack vectors, including malware as well as network and OS level
threats. The detection engine sits on the mobile device itself to provide comprehensive
protection for both private and company data and resources, around the clock.
Analyze
Our technology analyzes the behaviors and indicators and other system parameters to
accurately classify specific types of attacks and including detecting unknown, zero-day
attacks.
Remediate
Should an attack be detected, BETTER Threat Defense automatically remediates the
issue, taking local action to remove the threat instantly and reliably. It also works with
EMM, MDM, and SIEM solutions to proactively enforce security policies. Users get
back to work immediately.
Adopt
An excellent user experience ensures adoption. Simple to download, BETTER has no
impact on the way users use their favorite apps and access data. Our solution runs in
the background with a minimal footprint to avoid draining power. Zero latency prevents
disruptions to productivity. It does not invade user privacy.
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
4
Manage
Security administrators can centrally manage and report on all BETTER protected
devices. A cloud-based security dashboard provides complete visibility and reporting
on mobile threats and risks across the enterprise. Actionable network, device and
malware forensics help security administrators understand each mobile security
incident. Administrators can even define and enact alerts and policies to protect the
organization from mobile attacks.
Integrate
BETTER Mobile Threat Defense can stand-alone or integrate with existing EMM/MDM
and SIEM solutions to upgrade reactive mobile security into proactive, multi-vector
defense to consolidate threat visibility and automate responses.
BETTER Mobile Threat Defense Components
BETTER Active Shield/Better Agent- A lightweight intelligent agent that’s gets
deployed on the end user’s device via AirWatch MDM with zero touch or from App
Store or Play store. The agent continuously monitors the devices and protects mobile
devices against both network and host cyber attacks wherever they go
BETTER Threat Defense Console/BETTER Server, centralized management
platform, tightly integrates with AirWatch MDM with REST API’s. Configurable
framework for risk and remediation. Organization can define risk weights and
remediation action. Threat intelligence can be fed to the SPLUNK.
BETTER AirWatch Integration- BETTER Mobile has integrated with AirWatch REST
API’s and made a seamless integration for customers. Please follow the steps
mentioned on page 8 of this guide. No coding is required to make the integration work.
AirWatch
Console
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
5
Solution Overview
1. BETTER Threat Defense Console will be installed in the AWS private cloud on a MS
Windows environment.
2. BETTER Active Shield will be configured on AirWatch server.
3. An API service account will be created for BETTER Threat Console to communicate
with AirWatch server via REST API
4. The deployment of Better Active Shield will be administered in the AirWatch console
using Smart Groups through REST APIs.
5. The below three user configurations will be pushed along with BETTER Active
Shield- so users will not have to put their name or email address to activate the Active
Shield Agent
•
•
•
better_server_url
better_udid {DeviceUid}
better_user {EmailAddress}
6. BETTER Threat Defense Console and Active Shield establishes a connection
a) AirWatch server and BETTER Active Shield establishes a connection
7. A policy is configured on BETTER Threat Defense console for on device
remediation.
8. Deployment of BETTER Active Shield will be deployed on the end user devices with
zero touch
9. BETTER Active Shield will perform a quick scan on the device in the background
without any user interference
10. Once a threat is detected:
a) User is notified with a notification message that the threat has been detected on
the device, with comprehensive details of the threat
b) Event is sent to the BETTER Threat Defense Console
For the integration
•
•
•
BETTER Mobile Threat Defense is hosted in AWS
Threat Defense will be integrated with AirWatch
Test mobile devices
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
6
Integration Requirements
The following resources must be available before you begin the integration process:
• BETTER Mobile Threat Defense version 2.0 or higher.
• AirWatch version 8.0 or higher with REST API access is enabled.
• For the admin account’s AirWatch Profile APIs to be used for the integration.
• For on premises deployments, Port 443 must be accessible remotely through your
firewall before trying to connect.
• For BETTER Active Shield communication to device on corp Wi-Fi https 443 and port
5223 to be opened (from Apple Push notifications/APNS)
• Username/password for user account enabled for REST API access and REST API
Key
• (Optional) If activating the mitigation action option in your environment, you will need
to contact AirWatch support to enable the appropriate access rights
If you have questions about these requirements, contact a BETTER Mobile
representative at [email protected] as well as AirWatch Support.
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
7
Network Requirements
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
8
Integration with AirWatch Server
Before you begin:
• Validate that no devices are defined in the BETTER Threat Defense Console. This
helps avoid issues related to the duplication of devices in the sync process. If a device
is defined in the dashboard prior to activating the integration, you will receive an error
message to delete the existing device before you can continue.
• For on premises deployments, validate Port 443 is accessible remotely through your
firewall before trying to connect.
• Port 5223 to be opened (from Apple Push notifications/APNS)
The deployment of BETTER Active Shield will be administered in the AirWatch console
using Smart Groups through REST APIs.
Detailed steps to be carried on AirWatch Server
To connect your AirWatch instance with the BETTER Mobile Threat Defense Console,
perform the following steps:
1. Log in to the BETTER Threat Defense Console
2. Click Settings on the dashboard menu.
3. Click the MDM tab on the Settings screen.
4. Select AirWatch from the MDM options.
5. Enter your AirWatch configuration details:
• Server: This is your AirWatch Server URL.
• Username/Password: The credentials of the AirWatch user who is enabled for API
calls. The system will use this user ID to perform the API calls to get the list of devices
from AirWatch.
• API Key: The code can be obtained from your AirWatch system. The key value is
available in the system Settings when REST API access is enabled. For more details,
see Appendix A.
• Sync time: Define how often you want the AirWatch server to be synced
6. Click Advance to test the settings. If the validation fails, follow the instructions
provided in the error message to update the settings. If the Organization Group does
not exist, you will get an error message.
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
9
7. Click Save & Sync to start device synchronization. This populates selected devices
(under the Organization Group selected) from AirWatch to the dashboard and sends
registration emails to end users with instructions for how to activate the client on their
devices
8. To test the communication has established between AirWatch server and Better
Threat Defense Console follow the following
9. Click on the Advance tab on Better Threat Defense
To test if the communication has been established perform the following test
• Click on the test API tab to see if the connection has been established
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
10
• Test Organizations
• Test Devices
10. Once the connection is established and tested, AirWatch Group hierarchy will be
visible on the BETTER Threat Defense Console
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
11
11. To configure the Event Notification on the BETTER Threat Defense Console.
Settings->Event Notification
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
12
Configurations on the AirWatch Server
The steps below describe how to configure AirWatch to distribute the BETTER Active
Shield
Log on to AirWatch Server and follow the following steps
1. Create the software payload. The server URL and Device UDID and app details
are defined here.
a) better_server_url
b) better_udid {DeviceUid}
c) better_user {EmailAddress}
2. Add configuration to application and distribute to user using AirWatch.
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
13
Deployment of BETTER Active Shield on
Mobile devices
Once the connection between AirWatch server and BETTER Threat Defense Console
is established, Active Shield will be signed by BETTER Mobile and ready to be
deployed on end users’ devices with zero touch
This section describes how to configure AirWatch to deploy the BETTER Active Shield.
Prevention agent, configuration, and registration without user interaction. When setting
up the iOS Agent, application distribution will be as an internal application, not from the
Apple App Store. App IPA will be uploaded to AirWatch and pushed to the device, you
will either get the IPA from BETTER Mobile for every new release or use the IPA you
created internally signing the IPA with your enterprise certificate.
You will also be able to manage on-going application updates, push & install new
release updates automatically from AirWatch. You can also use the "required app"
functionality in AirWatch to enable enforcement of Mobile Threat Defense on the
device, based on your organization’s compliance policies. Both capabilities can
streamline the deployment and enforcement of the agent on the device while providing
easy deployment with minimal effort.
Important note: This feature relies on AirWatch deployment capabilities. Contact AirWatch
support regarding any technical issues you may experience while using this deployment
method.
Zero touch -Deploy BETTER Active Shield on mobile devices
To deploy the BETTER Active Shield to mobile devices automatically, perform the following
steps:
1. In AirWatch, select Apps & Books then Applications and select Internal and Add
Application.
2. Upload the latest IPA file.
3. Select Devices for Assignment and select or define a Smart group for Device
Assignment for deployment. The deployment will be based on the device assigned by
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
14
the Smart Group. Please note that device assignment for deployment is set-up from
AirWatch and must be in-sync with devices that are synced with Mobile Threat
Defense. If the device process is not in the Mobile Threat Defense dashboard in status
of Provisioned or Pending, deployment will fail during registration.
4. In the Deployment tab, ensure the following Application Configurations exist:
• Configuration Key: “BETTER Threat Defense Console Server Address",
String, Configuration value: registration server Address (will be the string (with
HTTPS) from the registration email under "Server Address")
• Configuration Key: "Device UDID", String, Configuration value: insert lookout
value: {DeviceUid} (registration based on the device DeviceUDID).
• Configuration Key: "User email", String, Configuration value: insert lookout
value: { EmailAddress} (registration based on user email)
5. Finalize and publish the new application
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
15
End User side installation
Pre requisites- Ensure you have the mobile devices enrolled in AirWatch server.
Devices are communicating to the AirWatch server
Important Note: This integration requires the latest AirWatch software: Server 8.x.x and
above, AirWatch Agent: 5.0.4.1910 and above.
The process for setting up the BETTER Active Shield on mobile devices will be
automatic and invisible to the end user.
When the BETTER Active Shield is pushed to the device, the user will get a message
to install. Device push might take time based on AirWatch settings. In some cases, the
user will have to enter AirWatch app catalog to launch the app.
After the BETTER Active Shield is downloaded, the user will have to click it to begin
activation. The registration screen will be pre-populated with registration details.
BETTER Active Shield will be deployed on the selected devices with zero touch (End
users don’t have to put username or email or server address)
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
16
Regarding on-going IPA updates
When a new release of BETTER Active Shield IPA is available,
In AirWatch go to Apps & Books> Internal App then select the BETTER Active Shield
app and from the menu select Add version to upload the new IPA.
Once the new version is available, AirWatch will automatically identify devices that
require upgrade and will push and install the latest app on the target devices.
Better Mobile Security, Inc.
Better Threat Defense AirWatch Integration Guide
Version 2.01 Build 01212016
17