Professional Documents
Culture Documents
GP MDM 100
GP MDM 100
CONFIDENTIAL
Agenda
Mobile Security Requirements
What is Aspen – GlobalProtect MDM
MDM integration with GlobalProtect
Demo
MDM Setup
GlobalProtect Portal
GlobalProtect Gateway
GlobalProtect MDM
Demo
MDM Landscape
MDM Selling Tips
GPaaS Concept Preview
Q&A
• Solution Requirements • Technologies • Roadmap
Device State
Personal or corporate MDM available end of year
Managed or unmanaged Extend MDM to include app store
Encryption
MDM APIs and other needed features next
Passcode year
Jailbroken
• Primary technology
• Secondary technology
1 RU appliance
①Tunnel
②Device State
② Mobile devices will send HIP data to GlobalProtect MDM so that it can enforce device policy based on
the state of the device
③ GlobalProtect gateways will receive HIP data from MDM so that firewall can enforce security policies
based on the state of the device
MDM technology partners can implement our protocol to send HIP Data to GlobalProtect gateways
Gateway via HIP report learns about devices that contain Malware
MDM and Gateway can react to presence of Android malware and enforce
policy.
Features Other MDM has Mobile OS Support iOS, Android iOS, Android(+ Samsung Safe),
Windows Phone, Blackberry
slightly more Options
Device Actions Lock, Wipe, Message Same + some Selective Wipe
Features we don’t End-user self service portal No (target next year) Yes
support but other MDMs
Enterprise app store & App No (target next year) Yes
do Management
Data Protection/DLP on devices No (target next year) Various approaches – App/Document
Containers, App Wrapping, Email
Control etc.
Roaming management & reporting No Yes
Features we do better Max # devices supported 100,000 Don’t Know; Cloud may scale but on-
premise most likely not
than other MDMs
Management Features Role based Admin, logging, Syslog, Yes but potentially not fully baked
Directory Integration, SNMP etc.
Malware detection Yes No , some soft claims
Mobile Security approach - Debate of MDM v/s Container - Should the whole device be
secured and managed or provide limited access via select secure app/s ?
Container approach assumes
Business data will be not created outside of those select app/s
User will not demand to use apps of their choice and enjoy the full native experience of their device
iOS 7 MDM enhancements provides data and app security that would have previously required a
container approach
malware exploits
botnets
• VPN connection to a next generation firewall that is performing the security work
• Automatic, always-on protected connectivity for users both inside and outside
• Unified policy control, visibility, compliance & reporting
Remote User
GlobalProtect as a Service (GPaaS) Concept
Gateways pre-deployed in key hubs around the world
Initial planned locations include: US (California and
Virginia), EMEA, Singapore, Japan, Brazil, and Australia
• Unprotected Internet
Secured Internet Access
Access
Remote User
Remote User
Remote User
Remote User
Better Performance with Distributed Gateways
Internet
Internet Traffic
fic
Internet Traf
PN Traffic
Corporate V Remote
GlobalProtect
User
Corporate HQ
Remote
GlobalProtect
User
Offload Traffic to Improve Performance and Reduce Branch Office Bandwidth
Expense
Internet
Internet Traffic
fi c
Traf
VPN Branch Office
te
p o ra Remote
Cor GlobalProtect
User
Corporate HQ
Q&A