Apple iOS Vulnerabilities

As BYOD (Bring Your Own Device) is incorporated into corporate environments, the risk profile of an organization must expand to include mobile devices. SecurityCenter supports collecting information on BYOD mobile devices through passive detection methods, and mobile device data from Mobile Device Management (MDM) solutions using Nessus. This dashboard helps the security operations team to identify threats from Apple iOS devices.

For many organizations, including mobile devices in their vulnerability management programs is challenging. Mobile devices can connect and disconnect from the network at any time, and scanning these devices for vulnerabilities and compliance violations can be very difficult. The result of excluding mobile devices as part of the risk profile makes for a less secure environment and less informed risk management team, which can lead to inconsistent security and compliance policies for mobile devices. To help address these issues, SecurityCenter has the ability to scan MDM solutions such as Apple Profile Manager, Microsoft ActiveSync, VMWare AirWatch, MobileIron MDM, and Good Technology MDM.

SecurityCenter Continuous View (CV) includes the additional feature of detecting mobile devices using the Passive Vulnerability Scanner (PVS). PVS can detect a wide variety of devices, such as those running Apple iOS. An advanced feature provided by PVS is OS detection using deep packet analysis. PVS includes a variety of checks, which look for Apple iPhones, iPods, and iPads that have not been updated with the latest security checks.

This report combines both collection methods into a single place to easily understand the risk associated with allowing Apple iOS devices to be used on the network. Several of the elements compare the MDM-collected data with data collected by PVS and stored in the Cumulative database. The Cumulative database is the location where SecurityCenter stores all vulnerability data that has been recently collected from Nessus, PVS and LCE. The MDM database is a specialized database populated by connecting to a MDM solution. Other elements list devices identified as Apple iOS devices and their users. Combined together, this report will provide a more accurate picture of Apple iOS device activities and risk.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

• SecurityCenter 5.3.2
• Nessus 6.5.6
• PVS 5.0.0
• MDM Repository

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. SecurityCenter CV shows risk across all systems, including cloud, virtual, mobile and traditional systems, enabling informed decisions. SecurityCenter CV provides tight integration and API extensibility with SIEMs, malware defenses, patch management tools, BYOD, firewalls, and virtualization systems. PVS is a sensor for SecurityCenter CV, an upgrade to SecurityCenter, and provides deep packet inspection enables discovery and assessment of operating systems, network devices, hypervisors, databases, tablets, phones, web servers, cloud applications, and critical infrastructure.

Chapters

Executive Summary: This chapter provides the executive with high level overview of the risk using Apple iOS products on the network. The chapter contains a comparison between the vulnerability data collected using MDM solutions, and the data collected using PVS. The chapter also provides and trend analysis over the past 25 days of passive vulnerabilities. When comparing the two data sources, the numbers should be relatively the same. If the numbers are dramatically different then there could be unauthorized mobile devices on the network.

Vulnerability Summary: This chapter provides a detailed list of the systems identified as using the Apple iOS via OS detection and Browser User Agent detection. The chapter contains two elements and sections to provide a high level summary of subnets where Apple iOS devices are detected and the vulnerability details of each device.

MDM Details: This chapter provides a summary of the users, devices, and vulnerabilities detected using the supported MDM solutions. The information displayed contains the device ID, which enables the analyst to detect when a user replaces a device, vulnerability counts, and models.