CIPHERWATCH

Solução robusta de segurança de celular com gerenciamento corporativo central

KAYMERA Technologies
Mobile Threat Defense Solution – SaaS Model

INTRODUCTION

This document describes Kaymera’s product portfolio of innovative mobile defense technology.

ABOUT KAYMERA TECHNOLOGIES
Kaymera was founded in 2013 by veterans in the cybersecurity industry with in-depth knowledge
and expertise in mobile cybersecurity and cyber-attack methods.

Kaymera’s solutions deliver the world’s most advanced mobile cyber defense technology, designed
to protect organizations, governments, and professionals against all mobile security threats with
military grade mobile cyber defense enhanced user experience.

Kaymera’s mobile defense solutions are already deployed globally both in governments and
commercial organizations.

OUR PRODUCT PORTFOLIO
Our product portfolio is the result of our extensive experience in the mobile security industry, and
successful relationships with customers. It is based on innovation and expertise in cyber defense
technology and constant updates of security threats.

Our products include:

  • CipherFort Secure Device Solution, a best of bread military-grade mobile security solution for data protection.
  • CipherWatch Adaptive Mobile Threat Defense (AMTD), a robust, enterprisecentric, risk-based, contextual and privacy aware mobile security solution, with secure communication application for iOS and Kaymera users for cross-platform support.
  • CipherBond, Kaymera’s secure communication application allows to communicate securely across platforms between users of Kaymera’s secured device and Android/iOS applications.
  • Cyber Command Center, Management Console that displays real-time information of the organization’s security status: usage statistics, devices risk level, system messages and real-time alerts and device attacks.

CIPHERWATCH AMTD OVERVIEW

The Kaymera Adaptive Mobile Threat Defence (AMTD) solution is an innovative solution for both
Android and iPhone devices that allow a high level of protection, perfectly fit for BYOD / CYOD.

CIPHERWATCH AMTD SOLUTION OVERVIEW

The Kaymera AMTD is a robust, enterprise-centric, risk-based, contextual and privacy aware mobile
security solution that aims to perfectly balance mobility and productivity. At the AMTD’s core is
Kaymera’s Risk Engine, which uses advanced machine learning algorithms, sifts through various
indicators in order to assess the risk of any action in real-time. When a meaningful risk is identified
– whether it is network or device related – the built-in elastic mitigation mechanism adjusts the
level of security enforcement.

The organization can apply effective protection and appropriate mitigation structures based on the
context in which the risky activity took place, as well as the sensitivity of the data or resource
accessed, against all types of mobile threats.

Adaptive Mobile Threat Defence features:

  • Powerful real-time threat detection
  • Context-aware, real-time risk analytics
  • Automated threat mitigation
  • Support for BYOD / CYOD
  • Increased employee adoption rates by maintaining employee privacy with rich un-managed mitigation.
  • Easy integration to existing IT estates

CIPHERWATCH AMTD SOLUTION PILLARS

Kaymera AMTD utilizes three pillars to dynamically alleviate all mobile security risks; Detection,
Augmentation, and Mitigation.

Detection
Rich in breadth and depth, the Kaymera AMTD employs multiple detection techniques for detecting
various types of attacks in real time.
The detectors list is described as part of section 4.3.
Augmentation
Analyses circumstantial data to determine individual-appropriate mitigation actions, minimizing the
number of incidents requiring a response. Risk assessment is based on the following parameters:

Mitigation
The Kaymera AMTD solution intelligently enforces restrictive security and compliance policies based
on the level of risk identified while taking into account both rich contextual information and data,
resulting in more accurate alerts and fewer unnecessary restrictive actions. The AMTD app enables
on-device security policy enforcement for devices that are managed by the organization using an
MDM/EMM solution for example, in high-risk environments, extreme security measures like secure
communications and always on VPN will be enforced. However, it is also designed to provide
effective, server-based security policy enforcement for devices that are not managed by the
organization, providing effective mobile threat defense capabilities in face of stringent end-user
privacy preferences. Users receive alerts with recommended actions, or in some cases, will have
their access to company resources revoked, based on the severity of the threat. Finally, the
Kaymera AMTD enhances existing mobile security management and compliance tools, reducing the
time it takes to deal with security and compliance incidents.

For example, the following capabilities are available as part of the AMTD app mitigation:

  • Notify EMM that a device is compromised, for further Risk-based conditional access
  • User/guided remediation – configuration directive and textual guidance on how to resolve the issue.

CIPHERWATCH AMTD APP DETECTION CAPABILITIES

The following table describes the detected attack vectors capabilities of Kaymera’s AMTD app for
both iOS and Android OS.

Detetor

Descrição

Android

iOS

 

Alertas de detecção baseada em rede

Conexao insegura de rede móvel

Detects connection to 2G networks

which can be easily intercepted and

monitored by tactical interception solutions.

No

Yes

Rede Wi-Fi insegura

Detects Connection to unsecured Wi-Fi network

Yes

No

User's based classification of

trusted/private access-points vs. public hotspots to optionally trigger VPN connection on public networks.

No

Yes

Ponto de acesso malicioso

Indicates that the device is connected to a malicious/rogue access point.

Yes

Yes

Ataque Man-in-the-middle de rede Wi-Fi (ARP Spoofing)

Indicates that a Man-in-the-Middle

(MITM) attack is occurring on the Wi-Fi network that the device is connected to.

ARP Spoofing allows the attacker to manipulate target’s traffic, run phishing schemes and monitor all traffic.

Yes

Yes

Ataque Man-in-the-middle de rede Wi-Fi (SSL Split)

Indicates that a Man-in-the-Middle

(MITM) attack is occurring on the Wi-Fi network that the device is connected to.

SSL Split allows the attacked to collect

and monitor encrypted content and run phishing schemes.

Yes

Yes

Detetor

Descrição

Android

iOS

 

Alertas de detecção baseados no aparelho

Jair Break/Root

Detects if the device has been jailbroken or rooted.

Yes

Yes

Versão OS

Verifies that the devices run the latest version available, with the latest security patch installed

Yes

Yes

Criptografia de dados

Detects whether the device is not set up to use device encryption.

Yes

Yes

Proteção de senha

Detects that device login is secured with a predefined PIN code

Yes

Yes

Developer status

Verifies that developer mode is disabled, and alerts when it is switched on, as it might compromise the devices.

Yes

Não relevante

ADB Enabled

ADB Enabled is an advanced

configuration option intended for

development purposes only. By enabling ADB, a device can accept commands from a computer when plugged into a USB connection.

Yes

Não relevante

Recursos Desconhecido Enabled

Detects that the user has enabled

application downloads from unknown sources.

Yes

Não relevante

Timeout de Lock Screen

Verifies that a lock screen timeout is set.

Yes

Não relevante

Aparelho com Safety - Net compromissado

Uses Google’s safety-net feature to

identify compromised/unlocked devices.

Yes

Não relevante

Detetor

Descrição

Android

iOS

 

Scanning de aplicações

Reputação de aplicativo instalado

Detects whether a known malicious app has been installed on the mobile device.

Yes

Com MDM

Analise estático de aplicação instalado

Performs static analysis on installed

applications

Yes

Com MDM

Analise Dinâmico de aplicação instalado

Performs dynamic analysis on installed applications

Yes

Com MDM

Unknown or repackaged App

Repackaged Applications is a tactic used by malicious authors to get their apps published in the mobile stores and then later push down malicious updates.

Yes

Com MDM

Detetor

Descrição

Android

iOS

 

Alertas de detecção baseadas em localização

Áreas restritas usando BT Beacon

Alerts when a user accesses a restricted area, based on proximity to Bluetooth beacons.

No

Yes

Países de alto risco

Alerts when the user relocates to a highrisk country, per IT admin configuration.

Yes

Yes