informa
4 min read
article

Agiliance Unveils Mobile Risk Control At Gartner Summit

Service lets IT and security operations teams assess and score mobile application and device risks before they connect to the network
SUNNYVALE, Calif. - June 10, 2013 - Agiliance®, Inc., the leading independent provider of Integrated Risk Management solutions for Governance and Security programs, today unveiled the new Agiliance Mobile Trust ServiceT at Gartner Security & Risk Management Summit 2013 (booth #95) in National Harbor, MD. The Agiliance Mobile Trust Service, an extension of the company's award-winning Agiliance RiskVisionT platform, enables organizations to address mobile and bring-your-own-device (BYOD) risks by allowing IT and security operations teams to assess and score mobile application and device risks before they connect to the network. It also provides continuous risk monitoring for BYOD and "here-is-your-own-device" (HYOD) after they are network-enabled.

To provide a comprehensive real-time view of an enterprise's mobile and BYOD risk posture, the Agiliance Mobile Trust Service identifies vulnerabilities at each layer of the mobile stack (infrastructure, hardware, operating system, and applications), correlates this data with existing threats, and scores risks within the context of an organization's security ecosystem (e.g., use of security controls such as encryption, role-based access control, etc.). It is composed of the following components and capabilities: [see the following URL for graphic.]

http://eon.businesswire.com/news/eon/20130610005494/en/Integrated-Risk-Management/Mobile-Risk-Management/Mobile-Trust-Service

. Mobile Entity Repository

Provides an inventory of mobile devices and associated attributes such as operating system status (version, jail-broken, etc.), device information (serial number, model, version, open ports, etc.), and current applications (version, hash, etc.). This information is gathered via connectors to leading mobile device management (MDM) and mobile application management (MAM) solutions.

. Mobile Threat Intelligence Feed

Contains threat and vulnerability data for millions of enterprise, public, or private mobile applications as it relates to malicious functionality (e.g., activity monitoring and data retrieval, system modification), vulnerabilities (e.g., sensitive data leakage, unsafe data transmission, unauthorized permission requests), and privacy behaviors (e.g., collection of phone or location data, request of data outside of application sandbox). This information is used as a baseline to correlation with data contained in the Mobile Entity Repository.

. Mobile Risk Score

Application-use risk for BYOD or HYOD is calculated based on mobile entity data, mobile threat intelligence feed, and contextual data (e.g., owner's organizational role, access rights, etc.). Risk scores can be used to determine whether or not to grant a device access to the network, and what, if any, limitations should be imposed. Once mobile access is granted, continuous monitoring can be used to maintain updated risk scores. Risk tolerance can be customized by the administrator.

"I believe the next cyber-crime windfall opportunity of enterprise hacking will be carried out via mobile attack vectors," said Robert Bigman, CEO at IT security firm 2BSecure and former chief information security officer for the Central Intelligence Agency. "As we improve defenses against direct networks attacks, hackers will move to a path of least resistance and exploit mobile applications to gain 'backdoor' access to enterprise networks through BYOD. In this context, it becomes essential to manage mobile application and device risks, and control their access to trusted networks."

The Agiliance Mobile Trust Service is designed for enterprise of all sizes as well as Managed Security Service Providers (MSSPs) already offering MDM or MAM services. A preview of the Agiliance Mobile Trust Service will be available at the Gartner Security & Risk Management Summit in National Harbor, MD, June 10 - 13, 2013 at booth #95.

About Agiliance

Agiliance is the leading independent provider of Integrated Risk Management solutions for Governance and Security programs. Agiliance RiskVision is automating how Global 2000 companies and government agencies achieve continuous monitoring of big data across financial, operations, and IT domains to orchestrate incident, threat, and vulnerability actions in real time. Agiliance RiskVision customers demonstrate automation use cases within 30 days on-demand, and within 60 days on-premise, made possible by a configurable platform and applications, broad library of technology integrations, and vast domain and regulatory content. Agiliance RiskVision scales with businesses, effectively managing assets, data, people, and processes to achieve 100% risk and compliance coverage. Its real-time risk analysis leads to optimized business performance and better investment decisions. For more information, please visit www.agiliance.com.