Today, Juniper Networks released its Trusted Mobility Index, a global survey of more than 4,000 mobile device users and IT decision-makers, which benchmarks current levels of trust in mobile technologies as well as examines how trends in mobile security and reliability influence attitudes and behaviors.

While there is a great deal of research into increasing mobile security and privacy threats – including Juniper’s own threat research conducted by its Mobile Threat Center – little attention has been given to understanding people’s current attitudes and confidence in their mobile experiences.

The total amount of known mobile malware has risen dramatically. From 2010 to 2011, Juniper Networks Mobile Threat Center identified a 155 percent increase in threats to mobile devices. However, no other category of mobile security threats is growing as quickly as Spyware.

In fact, in the first three months of 2012, Spyware targeting mobile devices has doubled. To put this in perspective, Juniper has discovered nearly the same amount of Spyware from January to March of 2012 as we have in the last eight years combined.

March 2012 Microsoft Patch Tuesday Summary

Welcome to another edition of patch Tuesday summary blog.  Last month’s patch Tuesday involved patching 21 vulnerabilities over 9 bulletins, while this month we are patching 7 new vulnerabilities over  6 bulletins.

Here is a list of the vulnerabilities fixed in today’s patches:

IT managers aren’t the only ones aware of the BYOD trend. Attackers are, too! Is your security strategy ready?

Bring Your Own Device (BYOD) and hacktivism: this is the language of today’s IT decision makers. Their challenge is architecting networks that can survive and thrive within these new market motions by enabling a highly mobile workforce.

Today, the Juniper Networks Mobile Threat Center (MTC) released its 2011 Mobile Threats Report, which shows evidence of a new level of maturity in security threats targeting mobile devices.  This past year saw a significant increase the amount of mobile malware, its sophistication, as well as new nimble social-engineering based attacks. As mobile users download more applications than ever before, they are turning out to be the “killer app” for hackers.

The Juniper MTC examined more than 790,000 applications and other vulnerabilities across every major mobile device operating system to inform the report. The MTC’s malware sample library contains over 28,000 samples, which is significant when compared with recent reports from other highly recognized mobile security vendors that disclosed the total amount of samples in their malware library as 400, 1400, and 2500 respectively.  

When looking across the many recent mobile security discussions, much of the attention focuses on threats posed by malware on Google’s Android platform, which has quickly risen to become the most popular operating system. Some would say this is because Android is an inherently less secure platform when compared to other mobile operating systems and that the openness of the Android Market can easily lead to exploitation. Others would simply state it is because Android has more market share leading to more attention by industry and attackers. Regardless of these differing opinions, looking at Android security in more detail is certainly worthy of discussion. 

Any examination of mobile security should holistically look at all of the threats to mobile devices and the means to address them. Regardless if the device is an Android smartphone, Apple iPad, or from other platform, the threats remain the same:

• Malware – Spyware, Trojans, Worms, Viruses
• Direct Attack – Browser-based exploits, attacking device interfaces, malicious SMS messages
• Data Communication Interception – Intercepting Data transmitted over Wi-Fi or other transport methods
• Loss and Theft – Devices left in taxis or actively stolen to obtain the device and its data
• Exploitation and Misconduct. – Employees leaking information, children behaving inappropriately or being maliciously targeted via cyber bullying or online predators

In its latest report, the Juniper Networks Mobile Threat Center found that mobile malware has reached a new level of maturity, with spyware, worms, Trojans and other malicious applications that target smartphones and tablets beginning to pose meaningful challenges to users, enterprises and service providers. You can view the full report here, and related blogs from our head of mobile threat research, Dan Hoffman.

Despite the report’s findings, the mobile threat landscape is far from ‘all doom and gloom.’ Mobile service providers and security companies are increasingly rolling out mobile device security offerings that extend secure connectivity and protect mobile devices from malware, loss and theft and even spam, as well as providing parental control of children’s devices and usage. With these new tools, safer mobile device practices and an understanding of the threats, individuals and organizations can confidently protect critical information on devices.

The wait is over! Juniper Networks vGW Virtual Gateway 5.0 R2, having passed VMware's rigorous testing, verification, and software signing process, now supports VMware vSphere 5.0. This not only highlights Juniper Networks’ longstanding collaborative relationship with VMware, but now gives joint customers a clearer path to the most secure virtualized data center or cloud possible. In fact, vGW is the first virtualization security product to have successfully completed the VMware analysis for the VMsafe kernel integration into vSphere 5.0.

Today, more than ever, companies have been adopting new open source tools to use in production. It seems like the NoSQL movement has opened up companies to adopting newer more cutting edge technology faster than ever. Tools like redis, CouchDB, MongoDB, and Node seem to be showing up all over the Internet in many new web applications. This is fantastic as the technologies behind these products are quite amazing. I use them everyday in the various tools that I have written and it is just a joy to work with. But I was thinking who tests this stuff for security issues. According to Linus’ Law most of these products should be fairly secure but how many eyes do you really need to ensure their aren’t potential security threats in these technologies? These tools have been adopted by thousands of organizations and they have them running naked on the Internet. I wondered what would happen if you tried to attack these services and what could be the potential impact.

Anytime, anywhere connectivity. Hyperconnectivity. Call it what you will, but what it equates to is we – me, you, and just about everyone in the worldwide workforce – are always connected to something.  We not only want, but many times need to be connected, wherever we are.

In their most recent quarterly report on today’s global, mobile workforce (The iPass Global Mobile Workforce Report), iPass, a worldwide leader in managing mobile connectivity for large enterprises and global carriers through mobility and cloud services, reported that 88% of those surveyed work from the road, including 84% from  coffee shops, restaurants or bars.

Our need to be always connected has taken many of our employers – and in a domino effect, their service providers – by surprise. This has caused a significant spike in mobility costs, which in turn has driven up the mobility expense incurred by many enterprises today, especially those with worldwide globetrotters. Since mobile workers must be connected all the time, Internet connectivity has become a mobile worker’s lifeline.

Now, Juniper Networks and iPass deliver simple anytime, anywhere trusted network connectivity and role-based, secure, mobile remote access through a single client over a myriad of worldwide connectivity, types and means.

In the IT Industry there is a topic that comes up on a regular basis and generates a lot of debate and that is Bring Your Own Device or BYOD as it is more commonly known. It seems that since the new wave of "smart phones" have come along the IT industry seems to have woken up to a threat that has existed since the early PDA's like the Psion or my beloved US Robotics Palm Pilot (which was released in 1996, its fifth generation sister has only just been retired from our household)



For as long as I can remember IT staff have been dumping data from corporate systems to their devices in one form or another. This data was unencrypted and unsecured and taken off the network and out of the building without considering data or security policies

Early on in my first career (i.e. childhood), I learnt about features. I would pore over the Argos catalogue with a biro - “got! got! want! want! got! - choosing the toys I was going to ask for at Christmas. I had a budget (roughly based on how good I’d been that year) and a deadline (Christmas shopping), and I then had to put forward a business case (Christmas list). I’d embellish this business case with facts about the toys I most wanted. This was made easier by Argos because they’d listed the features from the side of the toy’s box: “With realistic laser canon sounds”, “operating tipper wagons”, “TV AM’s resident rodent superstar” and so on. So, I was glad to discover that choosing and justifying a Juniper SRX is nearly as easy. 

Usually if a network device has its features written on the side of the box, you’d only ever want it on your broadband at home. But what if someone made an affordable device which could service your home or small office, runs Junos, has a stateful firewall, switchports and most of the protocols you’ve grown up with, wouldn’t you put that on your Christmas list?  “SRX100 - want!”