Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Dell Secure Mobile Access solutions Mobile Connect app E-class Secure Remote Access appliances Colin Wu [email protected]
2 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Agenda
• Mobile Devices Usage and Future • BYOD challenge and hidden costs • Evolution of SSL VPN • Dell SonicWALL SMA Solution & Modules • Demo (Per-app VPN for Mobile Devices) • Q&A
3 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
41% of smart phone users use personal devices for business*
*IDG Mobile Survey 2013
Mobile Devices Usage and Future
4 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Gartner predicts by 2017, half of employers will require employees to supply their own device for work purposes
Mobile Devices Usage and Future
5 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
1. Data loss from lost, stolen devices
2. Information-stealing mobile malware 3. Data loss, leakage through 3rd party apps
4. Vulnerabilities with devices, OS design and 3rd party apps
5. Insecure wifi (data loss)
Mobile security pain points*
Data Loss
Big Data Loss
6 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
The Mobile Devices challenge
Personal Business
Increased business risk:
Corporate data loss Malware attack Personal data privacy compliance
7 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Mobile Devices hidden costs Corp Issued PC
• Multiple solutions from different vendors required for a complete service • Each new device type or application requires new specialist technology and skill • Managing users access and protecting corporate data involves new assessments
$ $ $ $ $ $ $ $ = + + +
Corp Issued Mobiles
BYO Mobiles BYO Desktops
Future Devices and applications
8 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Evolution of Access The Remote Access Service
o Dial Up – RAS – Remote Access Service o Complex telephony and un-reliable modems o White gloves managed service
9 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Evolution of Access – Full VPN
SMA
Locked Down Perimeter
o Tunneled internet connection over IPSEC o Extends corporate network to mobile laptops o Perimeter protection around network edge and laptop
10 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Evolution of Access – SSL VPN
SMA
User Device Port Subnet
a b x y
ACL : Access Control List
Routing table 1.1.1.x 10.15.x.x 10.20.30.x
Granular selective access
11 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Evolution of Access – App Level VPN
SMA
o Core plumbing provided by the OS vendor o Perimeter reduced to the application o Only corporate apps allowed to access data over the VPN
12 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Evolution of Access – App Access Control VPN
SMA
User Device Port Subnet
a b x y App
z
Granular selective access refined with application variables
13 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Evolution of Access – App Instance VPN
User Device Port Subnet
a b x y App
z
SMA
Instance
c
o Containers provide DLP instance of user normal productivity apps o Normal user workflows maintained
14 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Trusted user? Trusted device? Trusted mobile apps?
Trusted user Trusted device Trusted mobile apps
Secure access – personal device
Dell Secure Mobile Access (SMA) Solution
Web Apps Client/Server Apps
File Shares Databases
VoIP VDI Infrastructure
Applications Directories
Corporate perimeter
LDAP AD
RADIUS
LDAP
Authenticate user Validate device and mobile app integrity Enforce BYOD policy acceptance Connect only authorized apps to VPN and resources
15 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Device Profile Attribute Types
Device identity • Mapped directory • Domain membership • Watermark/certificate • Any resident file • Device ID
Device integrity • Anti-virus • Registry key • Windows O/S level • Personal firewall • Anti-spyware • Jailbroken/rooted
Device profile • Android • iOS • Windows • Windows mobile • Macintosh • Linux
With data security • Cache control • Secure desktop
16 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Defining EPC Zones Connectio
n request
Any Deny
zones
matched?
User
placed in
Deny
zone
Any
Standard
zones
matched?
User
placed in
Standard
zone
yes
User
placed in
Quarantine
zone
no User
placed in
Default
zone
no
yes
17 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
End Point Control for iOS Devices
End Point Control • Determine Jailbreak status
• DeviceID
• Certificate enforcement
• OS version control
18 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
End Point Control for Android Devices
End Point Control • Determine if the device has been “rooted”
• DeviceID (Enforced based IMEI of the Android device)
• Certificate enforcement
• OS version control
• Enforcement of Anti-Virus (Requires Aventail 10.6.1)
19 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Simplify per app VPN access control • Restrict VPN access to mobile apps authorized by
IT to reduce threat risk.
• Support any mobile app, secure container or MDM solution.
• Validates mobile app integrity with app signature
20 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Mobile device policy enforcement protects from BYOD business risk
• End-user required to accept policy terms to gain access
• Administrator can customize policy
• Support for per group policy
• Policy acceptance reporting
21 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
WorkPlace access: Access to web-based and client/ server applications from virtually any device.
WorkPlace Portal Easy-to-use clientless browser based access
22 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Global Management
What is it? Centralised management of SMA Known as: CMS Customer Benefit: Lower TCO Central view of their global service
23 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
License Distribution – Normal Operations
Normal operations
- Fairly normal distribution of users across 3 managed appliances - Shanghai, Bangalore and Seattle
- Alerts panel: No Alerts
- Appliances panel: Table view shows appliances statistics
- Current users panel: Pie chart view shows distribution of users
24 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
License Distribution – Normal Operations
Normal operations with different view selections
- Appliances panel: Geographic view of CMS and appliances
- Current users panel: Dial gauge view of users on appliances - relative to max licensed setting (5000) for each appliance
25 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
License Distribution versus Consumed
Dynamic distribution of leased licenses depends:
- Number of users on the appliance
- Appliance capacity
- Max license setting
NOTE: All available licenses (10k total) are made available. CMS does not hold back any licenses.
26 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
License Distribution – Snowstorm in Seattle!
High usage of Seattle appliance
- Leased license distribution adjusts accordingly as more users connect on the Seattle appliance
- Alert generated as Seattle appliance’s max licensed capacity is close
- Alert generated as CMS pooled license consumption is close to max
27 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
License Distribution – Snowstorm in Seattle!
Dynamic distribution of leased licenses:
- More licenses are made available on Seattle appliance to cope with the demand
28 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
SMA v11.0 Feature Benefits
• Per-app VPN for Android
• Per-app VPN for iOS and MAC OSX
• Dell vWorkspace integration
• EMM integration with MobileIron and Dell DMM
• Hyper V support • Pooled licensing
• HTML5 new clients….
29 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Enable efficient administration with centralized access policy management
Object-based policy management: easy to setup and manage access control rules
Access rules
Users/groups
Device security posture Allowed mobile apps
Corporate resources
30 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Secure Mobile Access appliances
SMA 7200 SMA 6200 Virtual Appliance VM Ware, Hyper-V
SRA EX9000 Simple, policy-enforced per-app VPN access to corporate data and resources without
compromising security
Secure mobile access for all users, devices, apps and resources
Spike License
Secure Virtual Assist Advanced Reporting Native Access Modules Mobile Connect
End Point Control
The Product Range
New New New
31 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Secure Remote Access (SRA) Appliance Comparison matrix
32 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Dell secure mobile access solution
• Only per app VPN solution that can support any mobile app or container without modification and support iOS, Mac OSX, Android and Kindle Simplify per app VPN
• Mobile device policy enforcement and management Achieve BYOD compliance
• Per app VPN access controls, mobile app and device integrity validation and user authentication Protect from threats
• Scalable, network-level access to more resources including web, client/server, hosted virtual desktop and back connect such as VoIP
Access more resources
Enable mobile worker productivity while protecting from threats
33 Dell Mobility Solutions
Dell - Internal Use - Confidential - Privileged
Demo (Per-app VPN for Mobile Devices)
• Android – Use Chrome access internal HFS service. – Use RDP-2x apps Connect Remote Desktop. – UC Browser cannot access internal HFS Service. – RD client apps cannot Connect Remote Desktop
• iOS – From EMM Server Push Chrome app and Use Chrome access internal HFS service. – Use RDP-2x apps Connect Remote Desktop. – UC Browser cannot access internal HFS Service.
Thank you