Technology Sectors

Market Sectors

Protecting the network from the threat in your pocket

Wed, 2011-07-06 05:28 PM
By: Patrick Bedwell

Patrick Bedwell

The weak links in today’s network security environment are mobile devices, such as smart phones and tablets. They represent the “next big thing” in attack vectors, not just as a target of an attack, but a source as well.

A top concern of many IT professionals in government agencies is how to prevent the compromise of smart phones and tablets by a botnet or other malware. Once compromised, these mobile devices could suffer data losses or infect other systems, thereby facilitating a wider breach of systems within the perimeter.  

Several factors contribute to this new concern over mobile devices and the botnet threat:

  • The wide range of models on the market means that the mobile devices used to access and store sensitive data are always changing. It is extremely difficult to manage agency-standard devices, let alone the “wild west” of user-owned devices.
  • The use of app stores and marketplaces, which facilitate the creation and distribution of new apps, has given rise to the easy distribution of malicious code within apps. Although device vendors try to prevent the posting of applications that harvest data or contain other malware, there are simply too many opportunities for users to download these apps.
  • Every smart phone operating system has malware written for it, and the new tablets are squarely in the sights of malware creators. Few devices in use today have anti-malware software installed to block these attacks.
  • Employees within government agencies are making it easier to be targets of attacks by posting professional information on social media sites, such as Facebook and LinkedIn. These posts give attackers knowledge of organizational structure and reporting relationships, making it easier to create sophisticated spear phishing attacks targeting specific groups or individuals.

To address these concerns, government agencies need to anticipate the emerging trend in the threat landscape and expand their definition of the perimeter to include mobile devices, such as smart phones and tablets. Including mobile devices in a true end-to-end network security strategy would extend the protection of essential network security technologies such as anti-spam, application control, data loss prevention, intrusion prevention and reputation-based policy enforcement. These technologies are essential to reduce the risk of a botnet compromising mobile devices, block any infected systems attempting to compromise other systems, prevent the communication of a bot with its command and control server and block data loss.

Patrick Bedwell is vice president of product marketing at Fortinet. He can be reached at:

pbedwell@fortinet.com

Tags:
 
  • Share/Save
  • Email this page
  • Printer-friendly version
 

Recent Webinars

Powerful Cyber Intelligence: Deep Analytics and Big IT Data
Thu, 04/26/2012 - 2:00pm - 3:00pm

Extracting real-time intelligence from Big Data with deep analytics is valuable but dif

Upcoming Events

Event Details Dates of Event
SANS Security West 2012 May 10 - 18
SANS Toronto 2012 May 14 - 19
SANS Secure Indonesia 2012 May 14 - 19
SANS at iTWeb Security Summit 2012 May 17 - 18
New Fire & Emergency Communications Codes Educational Seminar May 18 - 18
Managing Your Physical Security Program: Collaborate and Manage Smarter May 21 - 24
SANS Brisbane 2012 May 21 - 26
CEIC 2012 (Computer and Enterprise Investigations Conference) May 21 - 24
NERC CIP Compliance Training May 24 - 24
Symantec NetBackup User Group May 24 - 24
NESCO Town Hall: Security Risk Management Practices for Electric Utilities May 30 - 31
Advanced Hands-On CAMEO Training Jun 4 - 6
Security Program Design: A Critical Infrastructure Protection Model Jun 4 - 5
Facility Security Design Jun 4 - 6
SANS Rocky Mountain 2012 Jun 4 - 9
F5 Government Technology Symposium Jun 6 - 6
SEL Modern Solutions Power Systems Conference Jun 6 - 8
Second Annual Citizen Engagement Seminar Jun 12 - 12
ASIS Assets Protection Course: Functional Management (APC III) Jun 18 - 21
SANS Malaysia 2012 Jun 18 - 23
Data Center Brainstorm 2012 Jun 19 - 19
SANS Forensics and Incident Response Summit 2012 Jun 21 - 27
Vanguard Security & Compliance 2012 Jun 25 - 28
SANS Canberra 2012 Jul 2 - 10
SANSFIRE 2012 Jul 7 - 15
Executive Protection Jul 9 - 10
Military Vehicles Exhibition & Conference Jul 10 - 13
NERC CIP Compliance Training Jul 12 - 12
Security Force Management Jul 16 - 17
Physical and Logical Security: Advanced Applications and Economics Jul 16 - 19
Investigative Interviewing Methods Jul 18 - 19
SANS Thailand 2012 Jul 23 - Aug 4
SANS San Francisco 2012 Jul 30 - Aug 6
College & University Police & Investigators Conference Jul 31 - Aug 3
SANS Boston 2012 Aug 6 - 13
Radiological Emergency Planning: Terrorism, Security, and Communication Aug 20 - 24

Full 2012 Calendar