Live Demo: Stop Mobile Attacks On Device with MobileIron Threat Defense
Webinar transcript - View the full webinar
Deepa: Welcome, everyone, to a webcast titled Live Demo; Stopping Mobile Attacks on Devices with MobileIron Threat Defense. We have with us Ellie Ruano, James Saturnio, and Ilya Geller, all senior members of the MobileIron Threat Defense product team here at MobileIron.
During this webinar, we will cover three things, top use cases of how bad actors conduct attacks on your business, the key to stopping mobile attacks on device even without Internet connectivity, and case studies that describe how organizations are stopping mobile attacks.
Before we get started, please direct your questions to the Q&A box as we will answer the questions at the end of the presentation. Also know that the session is being recorded and we will send you a link to it in the thank you emails after the session. Let's get started. Over to Ellie Ruano.
Ellie Ruano: Thank you. Thanks, Deepa. Welcome, everyone. Thank you for joining us today for a webcast.
As Deepa just mentioned, we're going to talk to you about mobile security and some research if organizations believe that mobile security is a problem, the use case demos to show you how bad actors can conduct mobile attacks, and how we can stop them with our MobileIron Threat Defense solution even when you don't have Internet connectivity.
We'll talk about some of the new features in our latest release and then some case studies of how organizations, as Deepa mentioned, just like yours, are stopping mobile attacks today.
As we get started, your data is everywhere. The world is changing. What was traditionally dominated by desktop and on‑premises data centers is today replaced by more modern endpoints and mobile devices. The data center is replaced with those services moving to the cloud infrastructure.
As a result of this transition from the desktop data centers to the mobile cloud world, organizations no longer have that safety net of the Enterprise on premises perimeter, where they enforce security controls and protect data that was always within IT control.
In today's world, there's a variety of endpoints and a variety of cloud services and infrastructure. It's often outside of the organization's control. The user has more control over when updates happen on their mobile devices.
The users are used to going to the Apple App Store, to Google Play, to get their apps. They expect easy and instant access to those apps and also to the cloud services that is offered by your organization.
Now you have a situation where the user is more in control and the company data could reside on those endpoints or in apps for which IT doesn't have control. The big question that most organizations ask is, how do I secure my data in this environment when it's outside of IT control?
When we talk about how this is changing in the world and the preliminary user has more control, we also look at research. People ask, is mobile security really a problem?
When we turn to the research, it tells us that the organizations are not fully prepared, if they could be, for the security challenges of this modern type of work style and caused by increasing of mobile connectivity and the access to all that information.
The research we look at was the Verizon mobile security index of 2018. This is to learn more about what organizations are doing today or not doing to mitigate the risks and protect their data, not just their data but also their customers' data.
It was conducted worldwide of those like yourself who buy and manage mobile devices for their company. 89 percent of those respondents said that they rely just on a single security strategy.
When we look at what are the four basic types, it's change all your default passwords, use strong dual‑factor authentication on the mobile devices, also restrict which apps the employees are downloading from the Internet, and then have a policy for public WiFi. Out of those four, 89, almost 90 percent of the organizations say they're doing just one of those.
In addition, the research is showing us that 51 percent of the respondents said that they're using public WiFi and they don't have a policy. They're not encrypting their data. 62 percent say that lack of user understanding is a security barrier that lack of user understanding of what exactly is a mobile threat. What do I click on? What do I download, what I don't?
When you combine the input that the organizations are relying just on a single security strategy, they don't have a public policy, a policy for public WiFi in encrypting the data, and you have a lack of user understanding, along with all the things we talked about with the cloud infrastructure, the perimeter's changing, and you're losing control from an IT department, we have a recommendation.
That recommendation is a layer of security strategy. As you are familiar, layered security model is about multiple types of security measures, each one protecting a different aspect for attack.
With MobileIron, you have your unified endpoint management and you're enabling those known internal users with that secure access to the apps, to the services, and to the network as well as you're protecting and blocking against the unknown external hacker that you're not familiar with and oftentimes can't see from attacking your device, your network, and your app.
You combine the unified endpoint management with the threat detection together. You get protection for your operations, for your data, and your reputation. We're going to go through some examples of the different device networks in application mobile threats.
Just so that you're all familiar, we're going to start with some of those more recent ones that you might have seen, some of those mobility threats.
It's big business. They get cute characters. They're paid tons of money to get your data, sell your data. The great thing about MobileIron Threat Defense is that we can detect using machine learning. We can stop and remediate all three of these ‑‑ the device, the network, and the malicious app attacks.
We do that across iOS and Android devices. I'm going to turn it over now to James, who's going to walk you through some demos.
James Saturnio: Hey. Good morning, everyone. I'm James. I get the cool part. I get to show you some of the cool capabilities of MobileIron Thread Defense. This is the lineup that we're going to show you, five videos, basically, or demos.
These tend to be "bring your own devices" type of implementations, the first being a device sleuth detection demo that's also for jailbreak network detection, connecting to risky WiFi, unsecured WiFi network. The next being a man in the middle attack.
The fourth being, again, a network threat that...A little twist to that is that one of the cool features that the MobileIron Threat Defense is capable of is being able to connect or basically protect your device if it's not connected to the Internet. The last being apps, risky malicious app detection and mediation. Let's go and kick it off.
Ilya Geller: Really quick, just to expand on what James said. Again, most of these cases are for "bring your own device," which is a much more common use case these days because most companies...Yes, when you have a managed application or managed devices and a company is willing to take the risk and the cost, it's much easier to manage those devices.
What we see is that most Enterprises are now going to the "bring your own device" model, which makes it considerably harder to actually control what happens on those devices and actually adding security to those devices. Again, our solution actually focuses on those devices that the end users actually bring themselves and how they would typically use them.
James: It works also for company‑owned peripheral‑enabled devices. Across the board. The very first video I'm going to show you is device threat detection. In this case, it's the table stakes. It's the root and jailbreak detection on checking for device help.
The user in this case, again, it's their personal device. They're trying to access third‑party apps, trying to download some games, potentially. Maybe they also run Android Pay. The device in this case is an Android device.
Again, this shows the power or showcases the power of MobileIron Threat Defense and UDM working in tandem in a layered security strategy. Again, it's going to detect jailbreak and rooted devices. In this particular demo, I'm actually going to show you a system less root technique called Magisk, which is one of the more sophisticated rooting techniques. Just going to kick off the video here.
What you see is our MobileIron Go client installed on an Android device. I'm actually just registering myself to MobileIron Cloud, our username and password and the actual onboarding process. You see a message that says that we're going to collect some information from you. You're going to go and allow this information to be provided.
One of the first things that you notice is that a threat notification is received on the device. It says that your device is either jailbroken or rooted and your device will immediately be quarantined.
The good thing is MobileIron tech sends it activated, threat scanning is enabled. When I try to access the Enterprise App Store, there are no apps because I basically have a policy violation. Now I'm going to try evading detection by opening up the Magisk Manager do a quick safety net check.
I'm going to open up the Magisk hide capability, which I'm just going to choose the MobileIron Go client, and try to evade detection here. I'm going to fire up MobileIron Go. I'm going to check in. Magisk is still detected on the device. I'm still rooted. If I open up the app catalog, there are no apps that can be downloaded onto the device.
Very quick and simple demo on root and jailbreak detection. The next one is...It's a network threat detection and remediation. In this case, I'm connecting to an unsecured WiFi. The use case could be that a mobile worker is traveling, trying to connect to their hotel WiFi, or at the airport, or at a coffee shop.
In this case the device is an Apple iPad. The threat is detected. One of the mitigations or remediations for this particular threat that I'm going to show you is one of the more stringent ones, and that case is the quarantine capability of MobileIron...
Once the threat is detected, all UEM‑provisioned apps and content, connect apps, are removed from the device. Any VPN, any WiFi, any certificates, any email profiles that are configured by UEM are removed from the device.
The cool thing is once the threat has been remediated, all these UEM‑provisioned content, apps, all the configurations and policies are put back onto the device so that the user can continue to do their work. Let's kick this off. Here, I'm showing you that I'm connected to a secure WiFi.
I'm able to bring up my Web browser here. In this case it's Web@Work. I'm authorized. I'm able to browse the Internet if I wanted to. I'm bringing up a managed app. In this specific case it's Microsoft Word. I'm accessing a document that lives on OneDrive on a cloud storage.
I'm able to access it. I'm able to edit it. Everything is good. Now what I'm going to do is connect to extremity WiFi, an unsecured WiFi, which could be at a hotel. It's definitely an unsecured WiFi. It even said so [laughs] in the settings.
The first thing that you're going to notice is the managed apps, the Microsoft apps, are being removed from the home screen on the device. The user gets a notification that a threat has been detected ‑‑ an unsecured WiFi connection. If I try to bring up my Web browser, it says I'm out of compliance and unable to browse the Internet.
Now, what I'm going to do is reconnect back to my secure WiFi network. What you should see soon after is the managed apps that were removed earlier to protect the device and the user are being reinstalled onto the device so that the user is able to continue working after the threat has been remediated on the device. Again, really quick and simple.
The third demo is going to be, again, a network attack, more severe, more critical type of threat ‑‑ a man‑in‑the‑middle attack. In this specific case it's a man‑in‑the‑middle ARP attack. Again, the use case is I'm sitting at a coffee shop. I don't want to burn up essentially my [inaudible 15:00] minutes, so I'm going to connect to the free WiFi that's available there.
The device is an Android Enterprise‑enabled device with a work profile. The use‑case demo, really simple. Again, it's a man‑in‑the‑middle attack and how it's detected and remediated afterward. What you see to the left is my attack device. It's basically a rooted Android device that's running a PIN‑testing tool that's really downloadable off the Internet.
I've actually scanned and found a victim's device IP address. That's the device to the right here and happens to be running Android Enterprise. It's got a work profile. The cool thing is it's being protected by MobileIron Threat Defense. It's up and running. It's activated, and it's protecting the device. Here we're going to go ahead and tick off the man‑in‑the‑middle ARP attack.
I'm going to toggle the switch on to kick it off. The attack type is an ARP threat. The first thing that you notice on the victim device is the user gets a threat notification. It has detected a network attack on the device. The one thing you notice is the managed apps are hidden from the device, again to protect the data.
I'm going to go ahead and turn off the man‑in‑the‑middle attack, check the FTD console where it registered that there was a critical threat shown on the dashboard. What should happen on the device, once the threat has been remediated, is the managed apps are returned on the device for the user to continue working after the threat has been remediated.
As I mentioned earlier, this is one of the cooler features that tends to differentiate MobileIron Threat Defense from our competitors, is the fact that we can enforce a local action on the device when it is not talking to the UEM or the MTD management console.
In this particular use case, we have real mobile workers that actually could potentially go to an area that doesn't have Internet connectivity. They still have to connect to a private network to access some shared resources. In those shared resources there could be threats that are lurking in the background here. The device is an Apple iPad again.
In this case, the user is going to connect to an unsecured WiFi. Basically, an unsecured WiFi has no authentication, has no protection. What you guys see really quickly is that UEM will install what is called a VPN Sinkhole profile, which pushes all traffic to...Technically, it's a black hole router. It's a self‑protection mechanism.
In this case, the local action is triggered because the WiFi has been disabled. Immediately, the connection to the Internet is then disrupted. Let's go ahead and kick off the video. We have Mobile@Work installed here. I'm finishing up my registration onto MobileIron Core.
The immediate screen that you see is the fact that the user has to agree to installing the VPN Sinkhole. It's going to allow that traffic to be monitored. My PIN. I'm going to allow UEM to configure my device. I'm going to install the profile. It's going to go and generate a key and push down a certificate onto the device.
I'm going to push the connection between UEM and this device. First thing that you notice is the managed apps are being installed on the device, in this case Outlook, Slack, Salesforce. The user sees that the device is in compliance, threat scanning is enabled, MTD is up and running. I'm connected to a secure WiFi. Now I've been immediately connected to an unsecured WiFi.
I'm picking on extremity WiFi here. It could be at the hotel, coffee shop, you name it. First thing the user sees is that there's a notification that says I've connected to an unsecured WiFi. My Internet connection is disrupted. The first thing you notice is the VPN Sinkhole is enabled in the settings.
I bring up my Safari browser and try to connect to a website on the Internet. I am unable to connect because of the VPN Sinkhole profile being enabled. I bring up Mobile@Work. It says that I have no connectivity to UEM and the MTD management consul.
I'm going to reconnect this device back to a secure WiFi network. Hopefully, things will reconnect back up. The first thing you notice is VPN Sinkhole is disabled. I bring up my browser and I enable to connect to the Internet. Woo‑hoo! [laughs]
The very last demo is basically risky and malicious app detection and remediation. In this case, keeping in mind what I'd mentioned earlier and what Ilya actually stated also, is that this is a BYOD type of deployment, the users bringing their Android device and trying to install an unapproved app onto their device.
In this particular case it is the KingRoot APK, which is one of the first steps that an Android user takes to try to root their device. In order for me to be able to download this actual APK onto my device, I have to first enable unknown sources, which in itself is a threat.
Disable Google Play Protect, which is another threat, before I can download the APK file onto my device. You've got to go through a couple of hurdles first just to even download the malicious app.
Ilya: Can you touch on why a user wouldn't want to do that?
James: Yeah. The King Billy to root your device, have root privileges on your device. In the very first demo when I talked about Magisk and using a system with its root is I want to be able to play games on my device. It's my device. There are certain games that require root privileges.
Maybe I want to run Android Pay to pay for some of these games and so on. Android Pay in itself will not install on a rooted device. You would use something like Magisk to root the device to be able to install Android Pay in this particular case.
Let's go ahead and kick off the demo here. What you see here ‑‑ it's really quick ‑‑ is the MobileIron Threat Defense was already installed and it's already been activated on the device. I checked the device status and immediately it says that we've detected a suspicious app root, KingRoot, on the device.
We check the notifications. The user's instructed to delete the malicious app. It also says that the device is under quarantine. When I try to access the Enterprise App Store, no apps are available for me because the device is out of compliance.
All the managed apps that were previously on the device have been hidden from the user to protect itself from any data loss. That was five demos really quickly run through. I'm going to go ahead and hand it off now to a colleague, Ilya.
Ilya: Thanks, James. What I want to cover now is just briefly go over the product itself on a higher level, share what we've done over the last couple of quarters, and show some of the demos or overview of some of our features. What is Mobile Threat Defense Solution? It consists of three components. We've got the server, the client and the management console.
A lot of the remediation actions and notifications are done on the device. Again, we allow for the device to be protected even if it's not connected to the server, so essentially when it has no Internet connection, it's still protected and still can take remediation actions.
What have we come out with in the last couple of quarters? We're pretty happy with the functionality we've been able to develop. Some of the bigger ones would be the local compliance actions on the device.
That is the detection and notification and the remediation of threats. Again, it's available both on a server‑connected environment as well as, essentially, a device not connected to the external Internet. The MTD activation regardless of managed or unmanaged status and apps with 100 percent user adoption. Not too many competitors can make that claim.
The idea here is that you can actually make sure that everyone in your Enterprise uses this threat detection capability when they're using our products to your compliance step actions, and I'll touch on that in a couple of slides. Finally, adding the internalization and the 14‑language supports. Now, you can use it all over the world.
What you see on the right is what a typical threat notification would look like on your device. For example, if you've been notified that something is going on, if we determined some kind of threat. This is what a remediation actions would look like for DNA threats.
As you can see on the right, you have the mobile at work client installed, and you have actually the apps that are installed on a device through your Enterprise. A threat has been detected or has been identified on your device.
The first step would be to send notification to the user, letting them know that something happened and the device has been compromised in some way. Next would be to block the email and the app connect apps to protect the Enterprise to make sure that information does not get out the device.
Next step would be to remove the configuration including the WiFi settings. Here again, we're trying to protect the Enterprise to make sure that information is not being shared. Removing the managed apps and content, again, this is the next step to try to secure and make sure that this information is being protected.
Finally, selective wipes. We can actually hide or remove the applications from the device. Again, this is the final step of what it would take to completely secure your device to make sure again if it gets stolen or if it falls into the wrong hands, they can't decrypt the device and try to find some of that information.
What I went over and what I touched on was the tiered‑compliance threats. One of our major drivers here is to keep the end users productive while also protecting the Enterprise. We do that by essentially giving you a graduated set of compliance actions that can be configured from the management console.
For use cases this would be something like connecting to an unsecured WiFi, detecting suspicious apps, out of policy applications, possibly a vulnerable OS, where the user hasn't upgraded their device to the latest OS and the existing OS is vulnerable to known threats, maybe not using the latest patch. Finally, using a weak authentication passwords.
Our way of keeping the users still productive while also warning them that they're out of compliance is a step process. First, we'll notify the user. This is all configurable from the console. You can have a gap of anywhere from several hours to 24 to 48 hours.
It's customizable any way you want in‑between each action. The user first will be notified letting them know they're out of compliance. They need to bring the device back into the compliance. If we're using an unsecured WiFi as an example, we can say...This match is customizable by the administrator.
They can say, "Look, you need to disconnect from the unsecured WiFi, otherwise you're going to lose ability to connect to your Enterprise apps within the next," let's say, "24 hours." Now, if the user still hasn't complied, you have the ability to block the communication with some of these applications or usage of these applications. Quarantine those applications as a following step.
You can set time intervals between each one. Finally, what I showed a couple of slides back, you can wipe those applications from the device. The user loses ability to use any of the Enterprise applications or even have access to them.
This is done to protect the Enterprise to make sure that if the device was stolen or if the device was maybe taken by [laughs] an employee that decided to go to a competitor or to leave the company and share some of the secrets, that you have the ability to control all of that through the management console.
At this point, I'm going to hand it back to Ellie. She's going to talk about the differentiators.
Ellie: OK. Thanks, Ilya. As you just heard us talk about from the demos that James shared as well as the new features that we just heard about and those capabilities ‑‑ and I love the tiered compliance ‑‑ one of the key differentiators is the single app with the threat protection that is integrated with the Unified Endpoint Management.
You have a single app of this technology for this solution. You don't have to go about managing multiples. There's no user action required so you've got multiple steps removed from your organization in which you don't have to track down users and try get them to deploy, activate another mobile security app.
There's no user action required. It can detect both known and zero‑day unknown apps and using the machine‑learning algorithm technology that we have to detect and remediate the threats. It's on device. You heard and saw in some of those demos in which we have that great ability with the local actions of the detection, notification, and the remediation.
What I'm going to do now is, I'm going to talk to you about what some of your peers at organizations across the world from different countries and what they're doing to stop mobile threats today.
We're going to start with the City of Stockholm. The City of Stockholm, the headquarters, the capital in Sweden, they have 930 citizens in Sweden. The employees of the City of Stockholm there's 30,000 mobile devices.
The City of Stockholm wanted secure mobile access of the city data by their employees in virtually every sector of its jurisdiction. They wanted it for the smooth delivery of the government services to their citizens.
The reason that they chose MobileIron Threat Defense is so that that they could provide that automatic security across their entire mobile fleet. That automatic deployment that I just talked about, the no user action required, is one of the reasons that they're selecting MobileIron Threat Defense.
There is no need to track down the users over a month upon month and keep the spreadsheet to determine if they've deployed the mobile security app. They want to be able to detect the device, network, and app threats that we were talking about earlier in the webcast.
They want to be able to go across all three vectors using machine‑learning algorithms that we offer and then provide that invisible security across iOS and Android devices.
"With this," the City of Stockholm, Constantinos Amiridis is the solution architect who said, "we can give our employees a peace of mind to safely use their devices without any data being compromised." This is across support for their 930,000 citizens in Sweden.
Our next customer is a health care trade union in Australia. They needed a better way to protect their highly confidential client information on the mobile devices. As you can imagine, health care information is private. They also needed to follow and comply with the regulation such as the mandatory data breach notification law.
The organization wanted a way to greatly simplify the workflows and the security for those health care providers who are non‑technical savvy users.
The reason that they chose MobileIron Threat Defense is because they wanted to protect the users against ‑‑ you'll hear this repeatedly ‑‑ for the device, network, and app threats, that broad range there including the known and the zero‑day threats. This is an advantage to them.
They want to be able to provide the continuous on‑device protection that will help them meet those compliance requirements even without network connectivity so they can have with or without network connectivity on the device with Threat Defense.
Then they wanted to eliminate the invasive security checks and device scans that could disrupt that user productivity while they're, obviously, providing health care services.
The next company is a professional services property surveyor. This is in England. They're one of the UK's largest property surveying firms. They've helped shape some of the country's biggest commercial, residential, and mixed‑use development projects.
The company's mobile employees often need to connect through unsecured networks such as a public WiFi whether they're at a building site, or a shopping center. The company needed to make sure that that highly sensitive customer information was not going to be intercepted or compromised.
The reason that they chose MobileIron Threat Defense was help those employees, those workers, to work anywhere in the world. As their customers took them to different locations in different cities and as they were on a building center, shopping center that they would be protected in all of those situations.
They wanted to make sure that they had 100 percent user adoption. We've talked about how Threat Defense can do that. They get that mobile security adoption from day one.
In addition, this organization wanted to be able to simplify their business processes in the future as they were moving to a cloud infrastructure without putting any mobile productivity at risk. Their mobile users who were at the site in shopping centers could still be productive and innovative.
Then we have a semiconductor manufacturer. This is a global organization that is headquartered in the United States. This semiconductor manufacturer has mobile devices which were vulnerable because they didn't have visibility into the mobile threats. The devices are used to access corporate information that's highly sensitive.
They access it through the network or through the email or through apps that their users add from their mobile devices. They wanted to be able being a global organization support the multi‑operating systems being the iOS and the Android, as well as all of the language capabilities given that they are global.
The great thing with MobileIron Threat Defense is they get immediate and instant visibility into their security threat as soon as they turn it on, plug it in so they get that deeper visibility.
They wanted to be able to leverage the threat forensics to help determine that security level of the threat. Is it a minimum risk or is it a high‑security risk? Be able to coordinate the appropriate response level given they now had the visibility in their dashboard to be able to see the threats. Then making sure it was available globally which is offered in 14 different languages.
This concludes...Oops, not yet. Now, we've talked about all the great things with Threat Defense and shown you the demos. We've talked about customers who have taken the steps to stop mobile threats.
If your organization chooses to take a different strategy and if you choose to do nothing, one of the data points, if you're not already familiar, is that from the 2018 Ponemom Institute study, it costs on average per data breach $3.9 million
In addition to that financial impact, there are other situations that will take place. You will have loss of not only your business data but possibly your customers' information as well. You'll have damage to your reputation as it will become public knowledge that there was a breach.
Given that public knowledge, customers will find out about this and they will potentially jump ship and go with other vendors and other solution providers.
You could have fines. There could be GDPR or other regulatory fines for not taking proper steps for securing your mobile devices and loss of resources, in which you may have attrition and companies could leave the company due to the negative press. In some places, we've seen organizations where the top management team has lost their bonuses as a result of losing profits in the organization.
There are options here for you with MobileIron Threat Defense and we are making it easy for you in the IT department. It is a single app with the threat protection built into the unified endpoint management which is making it easy for your users that don't have to download or deploy anything.
There's no user action required. It's 100 percent adoption. Who doesn't want 100 percent adoption of a security app? I know I would. It's insightful. You get that immediate instant visibility. You have the analysis to determine. If it's a minimal high‑risk, you've got reports, you've got a dashboard, and it's on device.
You have the machine‑learning algorithms that are helping you detect and the local remediation actions with the detection and notification remediation steps that we heard, along with that period compliance that Ilya was showing.
We would love to share more about MobileIron Threat Defense. It's available on‑premises and in the cloud across iOS and Android devices.
As we've mentioned, I've probably said it a couple of times now, the device network across the three threat vectors ‑‑ device, network, and apps. We saw a couple of those demos from James as well.
If you have any questions, give us a call at 1‑877‑819‑3451 or to visit our website mobileiron.com/threatdefense. James and Ilya, thank you so much for joining us today and back to Deepa.
Deepa: Before we sign off, I can see we've received several questions in our chat box. Some of which have been answered. However, there are a couple of few ones that perhaps if anyone on our team would like to comment on, Ilya, or James, or Ellie.
Ilya: Sure. There's been a couple of questions we just wanted to touch. I think there was a couple of questions regarding what DNA stands for. Again, this is device, network, and app threats. The idea here is that we provide a layered security strategy to cover all three of those. There was another question...
Deepa: Another acronym, MTD that's MobileIron Threat Defense. We try not to put so many acronyms in there. [laughs] Thanks for asking that one.
James: UEM, Unified Endpoint Management.
Deepa: UEM, Unified Endpoint Management, yup, thank you.
Ilya: Let's see what else. Is there any other question? I think there was something about how a secured WiFi might not be that secure. James, you want to talk about that?
James: Yeah. Certainly, there are secured Wi‑Fis that are out there that does ask for some type of authentication that can host malicious app and malicious content. Again, the idea of having a multilayered security strategy is if it's able to evade a WiFi with threat detection, a device threat, or an app threat would be also detected.
If the app tries to get out of its sandbox, MobileIron Threat Defense will detect an escalation of privilege. If the device opens up a command and control connection to the mother ship on the dark web, then a network threat detection would be triggered. If the system files are tampered with, then a device‑level threat detection will be triggered.
With each threat that's detected, there is a compliance action that's applied. To this case is what Ilya has described earlier also. Some notification block email, block apps, [inaudible 42:23] apps, remove any UEM provision configuration, WiFi VPN certificates, and so on. Hopefully, that answers your question.
Ilya: Yeah. Thanks, James. Part of the question regarding the Mobile@Work browser. Again, our solution will actually block any external WiFi communication. It doesn't really matter what browser you're using. If that was the policy that was set, the user is not going to be able to actually externally connect it with any browser on their device.
James: There was also another question. I apologize, I probably stepped on Ilya's feet here since he's the PM for this product.
One of the questions was the fact that for an unsecured WiFi, one of the defined actions could be to actually trigger for our VPN. The answer is that's coming as the compliance action trigger for an unsecured WiFi, a VPN connection, which will encrypt your traffic at that point.
Ilya: Yes. All these features that I just listed are already available in MobileIron Core and they'll be coming. Most of these are available on cloud as well or will be coming very shortly to the cloud and again, for MobileIron Core 10 plus.
James: I think there's a couple more questions that came up. "Is this available in MobileIron Core?" Yes, indeed. Starting have the specifically Core number six and later, MobileIron Threat Defense is supported.
Let's see. One app, Mobile@Work is already installed on a device, right? Mobile@Work on‑premises deployment on the Core, yes, and then MobileIron Go on a cloud product, also. Again, yes. Both of these clients have MobileIron Threat Defense built into them. That's one of the cool things with MobileIron Threat Defense.
Increased battery usage, there is some battery usage. There's a lot of factors to that. What we've noticed is...Maybe Ilya, I think you have the specific when it comes to battery usage on having MobileIron Threat Defense running in the background. There is negligible battery usage.
Ilya: Yeah. There's definitely a little bit of uptake because we're constantly scanning the mobile device to make sure there's no new threats identified. There's a slight uptake in battery usage, but in our testing it's not been significant to where it actually causes problems for the end user.
Again, we're constantly working on ways to improving this. We have, in fact, other updates for our products and for our clients that will actually improve that even further.
Deepa: Thank you, gentlemen and Ellie. This concludes our session today. We will be sending out a recording after the session. If you'd like any additional information, please feel free to visit our website, www.mobileiron.com or email us at email@example.com. Have a terrific day and we look forward to seeing you again. Thank you.