ID#12SS0040 Last Modified 06.20.2012

© 2011 FishNet Security. All rights reserved.

Securely Enabling Business

Enterprise Mobility

Corporate Headquarters | 6130 Sprint Parkway | Ste. 400 | Overland Park, KS 66211 | 888.732.9406

OverviewBusiness executives are driving the decision to utilize mobile devices throughout their enterprise due to the devices ability to provide greater productivity, availability, flexibility, and convenience. Such decisions are forcing IT professionals to quickly find solutions to protect their companies’ greatest assets. Mobile devices process and store large amounts of data, remotely access proprietary information, and perform most processor-intensive tasks. As the use of these devices increases so does the exposure to risks and vulnerabilities. In order to ensure the security and integrity of mobile devices, businesses must take adequate measures.

Offerings99 Mobile Security Roadmap

FishNet Security has worked with enterprise customers to develop a strategic direction as it relates to mobile security. FishNet Security mobile security strategic road map reviews the current state and provide recommendation based on compliance and industry standards for the following:

• Security policies as it relates to mobile security• Mobile security business and technical requirements• Mobile remote access and VDI integration• Strong Authentication

99 Mobile Security Policy Development

FishNet Security’s Mobile Security Policy Development is designed to help our clients meet the unique challenges posed by the evolving space of mobile device platforms. Organizations are becoming more reliant on mobile computing platforms every day introducing additional risk and considerations for security. FishNet Security’s consultants understand the business drivers and need for mobile computing platforms as well as the nuances to development and maintenance of mobile security policies, standards and procedures. FishNet Security can help organizations meet their mobile security documentation needs by:

• Developing, evaluating and enhancing existing policies, standards and procedures

• Maturing mobile security documentation lifecycle management

• Identify and document potential risks within security policy

Regardless of the current state of mobile security in your organization, FishNet Security offers several key services to help ensure that your documentation is established to enable your business and ensure regulatory or industry specific compliance.

99 Mobile Application Security

Mobile Design (Architecture) Review• High-level examination of application artifacts such

as security requirements, secure development standards, and specific application specifications to ensure security has been implemented throughout the development lifecycle of the mobile application.

• Identify weaknesses in proposed design, and recommend appropriate countermeasures to mitigate threats.

Mobile Application Threat Modeling

• Comprehensive threat assessment delivered with FishNet Security’s proven, STRIDE-based methodology

• Determine data flows and examine entry and exit points in the application, exposing opportunities to subvert security controls. Recommend countermeasures to eliminate threats and vulnerabilities.

Mobile Application Security Assessment

• Analysis of a mobile application’s security posture within a run-time environment on its native platform, focused on identifying security vulnerabilities, insecure configuration and other threats.

Mobile Application Security Code Review• Examine applications at the code-level, and

identify hard-to-find technical bugs that can be missed in run-time assessments.

• Identify logic flaws and other weaknesses that are impossible to locate and analyze without access to the application’s source code.

ID#12SS0040 Last Modified 06.20.2012

© 2011 FishNet Security. All rights reserved.

Enterprise Mobility

About FishNet SecurityWe Focus on the Threat so You can Focus on the Opportunity.Committed to security excellence, FishNet Security is the #1 provider of information security solutions that combine technology, services, support, and training. FishNet Security solutions have enabled 4,000 clients to better manage risk, meet compliance requirements, and reduce cost while maximizing security effectiveness and operational efficiency. For more information on FishNet Security, Inc., visit www.fishnetsecurity.com.

Corporate Headquarters | 6130 Sprint Parkway | Ste. 400 | Overland Park, KS 66211 | 888.732.9406

Offerings (continued)99 Mobile Vulnerability Assessment and

Penetration Testing

Mobile Architecture and Design Assessment• Analyze the infrastructure and security practices

within the architecture and design. Mobile Client and Server Penetration Testing

• Use various methods to test and evaluate the vulnerabilities of the mobile device and the backend servers that control them.

Mobile Vulnerability Assessment• Test the security of the mobile device from an end

user’s perspective to determine if the mobile device could allow leakage of confidential data, denial of service or other attacks.

99 Mobile Security Strategy Assessment

Mobile device management (MDM) is a technology that monitors, supports, and manages mobile devices, securing them from external attacks. MDM technologies are a first line of defense for mobile assets.

Properly deployed MDM enables IT professionals to optimize and protect complex, constantly-evolving mobile environments while minimizing cost and downtime.

MDM Design and Integration• Review current architecture and technologies

related to MDM/MDP for mobile devices• Identify technical and regulatory requirements

as it relates to mobile devices.MDM Technology Partnerships:

• Good Technologies• McAfee EMM• Juniper SSL VPN with Junos Pulse and SMovile for MDM• Mobile Iron

Mobile Device Remote AccessCustomers have the desire to provide connectivity to internal application through mobile devices. Often times these application have sensitive information that needs access through remote access solution. FishNet Security has an extensive product portfolio to support the mobile workforce, which consists of the following:

• F5 Edge SSL VPN• Juniper SA and JUNOS Pulse• Citrix• VMware VDI

99 Mobile Security Awareness Training

• Teach your work force “Mobile Security Best Practices”• Teach employees corporate security policy

for mobile devices on their handheld• Rich Expert Learning Content• Fingertip Compliance• Complete Quizzing and Metrics• Anytime, Anywhere Training Solution

99 Mobile Forensics

Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This includes data retrieval and data examination found on the SIM/USIM, the phone body itself, and memory cards. Data retrieved and examined can include images, videos, text or SMS messages, call times, and contact numbers

Once forensic investigation is completed, a formal report is provided. The final report summarizes the purpose of the engagement including, tasks requested, keywords provided, outline of collection methodology, details of analysis, and findings of the investigation.