SEP Mobile offers the most comprehensive, accurate and effective mobile threat defense solution, delivering superior depth of threat intelligence to predict and detect an extensive range of existing and unknown threats. SEP Mobile’s uses a layered approach that leverages crowd-sourced threat intelligence, in addition to both device- and server-based analysis.
- Identification and protection from suspicious networks and malicious developers
- Public mobile app helps protect privacy and productivity
- Rapid on-boarding with native iOS and Android apps
- Automated IT policy enforcement via integration with existing enterprise EMM
- Superior visibility into mobile vulnerabilities and threats and attacks
- Defense against zero-day attacks
- Discovering high volumes of novel vulnerabilities and threats
- Proactive defense without third party integration
- Engines to detect no compliance situations on App and devices
- Rapid on-boarding with native iOS and Android apps
- Identification and protection from suspicious networks and malicious developers
- Automated IT policy enforcement
- Provide visibility into mobile vulnerabilities, threats and attacks
- Capability to detect no-compliant situation, make a correction action
- Proactive defense against threat without third party integration
- Minimum impact over device resources
- Device risk score based on inventory, patch level, vulnerabilities
- Detect and block vulnerabilities exploitation
- Automated risk and threat detection and remediation
£40.91 per device per year
- Free trial available
5 3 3 6 6 9 7 7 2 9 4 3 1 2 4
Symantec (UK) Ltd
07753 417 309
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||The service is supported from IOS 8.x and Android 4.x up to the last version|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
24x7 access to Symantec's technical support team are included with Essential Support
The respond time is going to depend based on the incident criticality and severity.
Critical 1: business hour* or less - High 8 business hours* or less - Medium 2: business days - Low 10 business days
Severity1: Target within 30 minutes.
Severity2: Target within 2 hours
Severity 3: Target response: by same time the next business day Severity 4: Target response: within the next business day
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||The product will come with standard support included as part of the services and includes online support via our portal. In addition, if purchased directly from Symantec a remote cloud specialist will be assigned to provide an account management style support. If purchased through a 3rd party the remote cloud specialist is not provided and this would need to be provided by the third party. For large (+10,000 users) and complex estates there is the possibility to purchase Business Critical Services. This level of services can be bespoke to customer needs and will start from approximately £20,000 per annum.|
|Support available to third parties||Yes|
Onboarding and offboarding
There is a specific team which main function is to help users to make the initial setup, configuration and deployment, ramp up, and get the end user satisfaction.
Additionally, professional services can help on-site in those complex integrations or those tasks that the Ebuyer would be not able to do by itself with the previous team support.
|End-of-contract data extraction||Users can extract data, incidents, events or assets, from the service using different secure ways or integrations during the service life. After 30 days of service termination, any user data will be deleted.|
|End-of-contract process||30 days after the end of the contract the user / buyer's instance and its data will be deleted. There is no additional cost.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||This service is designed to work on mobile devices|
|Description of service interface||The portal is a web based management console. As the administrator you can configure various security, risk and compliance settings.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Administered through a web based management console, the console provides role based access controls. Permissions can be set as full or viewer only. The console provides the ability to configure and manage the service, access report and make integrations.|
|What users can and can't do using the API||The service provides a REST API which allows services such as SIEM's to get information regarding security events, security incidents and risk situations.|
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||The buyer can customize End user message, alerts and interface to choose what information will show to the end user. Also the buyer logo could include on specific screens.|
|Independence of resources||SEP Mobile is elastic cloud service running on Symantec layer over AWS cloud infrastructure, which can satisfy end users demands. The service is currently provided to thousands of user without any performance impact, and escalating perfectly well for new buyers, or end users.|
|Service usage metrics||Yes|
|Metrics types||It provides information regarding enrolled users and devices.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||EU-US Privacy Shield agreement locations|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||There are several choices on the product console to export incidents or devices information through CVS file. Also a REST API, and third party integration - SIEMS, allows to export specific data.|
|Data export formats||
|Other data export formats||RESP API - XML|
|Data import formats||
|Other data import formats||EMM Integration which provides user and device data|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||SLA commitment for the service is an uptime of 99.5%. “Service Credit” means the amount of money that will be credited to Customer’s next invoice after submission of a Credit Request and validation by Symantec that a credit is due to Customer. Please check the following doc https://www.symantec.com/content/dam/symantec/docs/eulas/service-description/endpoint-protection-mobile-2-2018-service-description-en.pdf for extended information.|
|Approach to resilience||
It's available on request. Regardless, our SEP Mobile service is running on AWS datacenter which are designed to be resilient.
Each critical server in SEP Mobile's cloud environment is backed by either duplicate multiple instances or a slave node to which failover can be performed, ensuring minimal system downtime in case of a critical failure. The automatic failover process is triggered by Engine Yard infrastructure after it has been determined that a component is unable to reliably respond to requests.
The impact on end user experience in cases of downtime is also minimal. There will not be any visible impact on the functionality of users’ mobile devices, rather, only a delay in some of the alert notifications in cases where the user experienced an attack during the downtime event.
Database backups of SEP Mobile's production system are taken daily and prior to any major upgrade or configuration change to SEP Mobile's production environment. Backups are stored in an encrypted format and allow, in the event of a disaster, the creation of a replica environment within a minimal period of time.
Disaster recovery scenarios are tested periodically by the SEP Mobile's operations team.
|Outage reporting||Email alerts and also Symantec Status page, https://sepm.status.symantec.com|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Access to SEP Mobile's production servers or their managing interfaces (e.g. Engine Yard’s management console) is restricted to SEP Mobile's operations and support personnel and a small number of SEP Mobile's R&D team members, who require this access to perform their duties.
Access to these systems is controlled via a two-factor authentication process. Access controls to production servers are reviewed every six months at a minimum.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ISO 27001 and FISMA certified data centers managed by Amazon|
|ISO/IEC 27001 accreditation date||Managed by Amazon|
|What the ISO/IEC 27001 doesn’t cover||SEP Mobile uses ISO 27001 and FISMA certified data centers managed by Amazon|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Uses PCI-compliant 3rd-party services (Stripe) to manage credit card transactions|
|PCI DSS accreditation date||Stripe|
|What the PCI DSS doesn’t cover||Skycure uses PCI-compliant 3rd-party services (Stripe) to manage credit card transactions, and does not store or see any credit card information. For more info about Stripe’s security, go to: https://stripe.com/help/security.|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
SEP Mobile has assigned Yair Amit, SEP Mobile CTO and co-founder as its Information Security Officer. The security officer’s main responsibility is protecting the confidentiality, integrity, and availability of SEP Mobile's data and computing assets. Other key responsibilities include:
• Product security architecture and strategy
• Vulnerability management
• Security incident response
• Risk assessment and audit
• Security awareness
• Periodic review of information security policy
SEP mobile's performs regular risk assessments.
Security policy can be provided if is needed.
|Information security policies and processes||
SEP Mobile has specific security policy which defined the following processes which are followed:
1) INFORMATION ACCESS CONTROL MANAGEMENT - which includes : Customer Environment Access, Access to Production Servers, Data Segmentation between Organizations, Network Access, Billing, Vendor Management
2) HUMAN RESOURCES SECURITY MANAGEMENT - which includes : Background Checks, Security Training, Off-boarding,
3) PHYSICAL SECURITY MANAGEMENT- which includes: Data Center and offices
4) OPERATIONS MANAGEMENT - which includes: Development and Testing, Malware Mitigation, High Availability, Disaster Recovery and Database Backup, Data Retention and Destruction, Data Archive, Network Security, Monitoring,
5) RISK ASSESSMENT AND MANAGEMENT
6) INFORMATION SYSTEMS SECURITY MANAGEMENT - which includes: Password and Authentication Controls, Laptop Security Controls, Mobile Device Security Controls, Vulnerability Management, Source Code Controls, Incident Reporting and Management, Exception Procedure, Disciplinary Action, Policy Review
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All code changes being deployed to production undergo a mandatory code review as well as an automatic inspection process. Configuration changes are managed and documented by the SEP Mobile DevOps team.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
SEP Mobile cloud servers use the Gentoo Linux distribution. The Gentoo Foundation demonstrates their security commitment by frequently updating their host operating system to address security issues. In addition, SEP Mobile's security officer receives periodic notifications from various information security resources and SEP Mobile's operations personnel runs a periodic vulnerability scan on SEP Mobile's production servers.
When a threat is discovered, an assessment of its impact is performed and mitigation steps are planned and implemented by the SEP Mobile R&D team. Critical vulnerabilities are mitigated within a period of 30 days.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
SEP Mobile uses multiple internal and 3rd-party tools for monitoring its production environment and protecting it against potential threats or errors:
• An internal notification mechanism is in place to alert SEP Mobile's operations and support teams on different anomalies detected in production.
• New Relic analytics tool is configured to continuously monitor SEP Mobile's production environment status
• An Airbrake error reporting tool is installed on SEP Mobile's production servers and alerts on different issues detected.
• An internal production monitoring dashboard aggregates information from SEP Mobile's multiple systems.
• SEP Mobile also operates a support ticketing
|Incident management type||Supplier-defined controls|
|Incident management approach||
Customers will be notified by SEP Mobile team once an incident that potentially impacts them has been confirmed. As the incident investigation proceeds, customers will receive proactive updates on the nature of the incidents and its impact on them.
If an actual security breach occurs, actions will be taken. Additionally, there is a pre-defined process to handle common events. Detailed information regarding the process can be provided if it is required.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£40.91 per device per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||The trial version is exactly the same as production one. The trial should be requested to Symantec sales rep.|