Carl Weinschenk spoke to Mark Patton, general manager of GFI’s Security Business Unit and Jong Purisima, the product manager for GFI’s VIPRE AV Labs. On Nov. 13, GFI introduced VIPRE Business Premium 6.0.
The next big thing in security in general and BYOD security in particular may be the ability of malware to travel between operating systems, according to Mark Patton, general manager of GFI’s Security Business Unit and Jong Purisima, product manager for GFI’s VIPRE AV Labs. Purisima told IT Business Edge blogger Carl Weinschenk that the OS makers haven’t been clamoring for a dialog aimed at preventing that from happening. Patton said that good technology and restrictive policies are key to secure BYOD operations.
Weinschenk: Who is your client base?
Patton: At Vipre the market we talk to is smaller SMBs. We don’t do too much in the enterprise. We are talking about shops of 150 to 250 end points. They’ve got particular challenges that are not in the bigger enterprise space. They typically have less staff, less training and less IT budget. They require the simpler MDM and BYOD scenarios.
Weinschenk: What do you tell them about BYOD security?
Patton: There are probably eight or 10 MDM scenarios. The ones that bubble to the top are familiar. The first is centralized management — the need for a single pane of glass if at all possible. There is the need for visibility into devices on their network.
I guess first of all you have to support bread-and-butter MDM functionality like tracking or sounding an alarm so you can find it. There is the need for integration with GPS so you can track it down. When all else fails you need the ability wipe the devices. You need software in place that will give you the ability to enforce the policy. And the fourth thing is securing the device itself. Having the ability to block malicious websites and the ability to keep the devices as locked down as you can but still let the user do what he needs to do. That will vary from organization to organization.
Weinschenk: What is the next big threat on the landscape?
Patton: I think now we are venturing into my own conjecture of what the future will hold. The biggest risk is the next generation of sophisticated malware will be able to cross the boundaries of mobile devices into corporate network. [If I am a bad guy] I am looking to simulate the same worm-type behavior that has the spreading dynamics of, say, conficker. The malware out there is very clever and the people writing it are well funded and this opportunity is too enticing. It’s a technical research problem that they need to solve. How they can jump between platforms: Android to Windows or iOS to Windows or vice versa?
Weinschenk: Is it happening?
Purisima: I think we have seen flashes of these capabilities in malicious sites where they are basically smart enough to know what kind of OS and browser and computer people have and based on that information serve you malware with the same capability but serve it to you based on your connecting device.
Weinschenk: These seem to be general security issues, not something specific to BYOD.
Patton: True. It is my opinion this will drive the next set of technical advances that you will see in BYOD solutions.
Weinschenk: How must security change to protect BYOD?
Patton: I think that right now the policies don’t limit the connected devices in any real, material way. There will to be more sophisticated antivirus technologies and they will be accompanied by more restrictive access policies. If we see this new breed of malware, it will drive improvement in antivirus products and companies will adopt more restrictive access policies.
Weinschenk: Can steps be taken to protect against malware — and especially tools that enable that malware to jump between OSes — before the deluge hits?
Purisima: Most of the time a virus must exist before we create a solution. That traditionally is what happens. But based on our experiences as an industry that is 25 or 30 years old, we now see flashes of the behavior in malware that can be analyzed before the big one hits to make sure we have protection.
Patton: We feel tremors before the big one.
Weinschenk: So preparatory steps can be taken?
Purisima: In this case it is a little tough. Like a princess looking for a frog to kiss, it’s a hit-and-miss thing. Finding the problem and solving it and hoping [the real problem won’t be something else] is a struggle.
Weinschenk: Do the vendors cooperate?
Purisima: For example, Microsoft has an initiative called the Microsoft Virus Initiative, which I believe is now called the Microsoft Active Protection program. AV vendors and Microsoft engage in discussion on upcoming features or AV products to find issues, mostly with the OS. It is a channel for these parties to connect. We tried to connect with Apple and Google but they are not responding to our requests to open communications … This is the AV industry, not just GFI. So far we have had more success in reaching out to Apple, but if you look at it from the ten-thousand-foot point of view, both companies have not really entertained the notion of having an open discussion or channel to communicate between the AV security vendors and the BYOD companies.
Weinschenk: And Microsoft?
Purisima: Even Microsoft and their mobile team have been similarly aloof in these discussions. I am trying to say that the antivirus community has reached out, but I don’t think these guys are ready to communicate. For whatever reason open communications not happening.
Weinschenk: Are you saying this in relation to the issue of malware jumping between OSes or in the larger, general area of cooperating on security issues?
Purisima: In general. It is not just about how to strengthen security, but early access to information about release of products and firmware updates [and other things].
Weinschenk: I was under the impression, however, that the OS companies are getting a bit more proactive in security.
Patton: They are doing better. Most of the malware we see is social engineering. We are seeing in most BYOD IT has implemented a locked-down-type approach in their architecture, which limits privileges or access to applications, which was why malware proliferated in Windows. They have done a good job as an industry. But no matter how high you make a wall, it can always be breached.
Weinschenk: In general, what should organizations do to protect themselves if they support BYOD workers?
Patton: Definitely you should have access policies that are defined and enforced. I think that the successful IT departments enforce least-privilege access. It’s basically a need-to-know approach. I think the IT admin still need to provide the BYOD people with a way to protect their data in a secure manner. But you can’t lock them out. One thing that is important is to have a procedure in place for what happens when there is a breach or a device is lost. The IT guys have to practice that, drill that routine. You want to avoid a situation where you lost the device and find that you actually can’t wipe it.
Weinschenk: BYOD takes some of the focus away from the devices and puts it where it should be.
Patton: It does focus on the fact that you are trying to secure data and apps and not hardware. The hardware is a throwaway.