Samsung KNOX is the comprehensive enterprise mobile solution for work and play. With increasing use of the smartphones in business, it addresses mobile security needs of enterprise IT without invading privacy of employees.
Samsung KNOX addresses platform security with a comprehensive strategy: Hardward baked in Secure Boot, ARM TrustZone based Integrity Measurement Architecture and Kernel with built in Security Enhanced Android Mandatory Access Controls to secure the system.
Secure boot ensures that only verified and authorized software can run on the device. Secure boot is one of the main components that forms the first line of defense against malicious attacks on devices with KNOX solution.
Security Enhanced Android
SE Android provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements. It isolates applications and data into different domains so that reduces threats of tampering and bypassing of application security mechanisms and also minimizes the amount of damage that can be caused by malicious or flawed applications.
TrustZone-based Integrity Measurement Architecture
TIMA runs in the secure-world and provides non-by passable, continuous integrity monitoring of the Linux kernel. When TIMA detects that the integrity of the kernel or the boot loader is violated, it takes a policy-driven action in response. One of the policy actions disables the kernel and powers down the device.
In addition to securing the platform, Samsung KNOX solution addresses enterprise application and data security require-ments. KNOX container provides security for enterprise data by isolating enterprise applications and encrypting enterprise data both at rest and in motion.
KNOX Container is an isolated and secure environment within the mobile device, complete with its own home screen, launcher, applications, and widgets. Applications and data inside the container are separated from applications outside the container. This enables a powerful solution for the “data leakage problem” associated with the BYOD model.
Encrypted File System
KNOX container uses a separate encrypted file system completely isolated from applications outside the container. The data is encrypted using an Advanced Encryption Standard (AES) cipher algorithm with a 256-bit key(AES-256).
Virtual Private Network
KNOX container offers on demand FIPS certified VPN client. KNOX VPN client profiles are pushed by enterprise. In addition, enterprise can also select which apps inside the container are required to use the VPN. The VPN automatically starts when a user launches any of enterprise designated apps. KNOX container VPN offers support for strong IPSec VPN encryption for most sensitive government agencies, including support for Suite B cryptography.
Mobile Device Management
Samsung KNOX works with enterprise preferred MDM vendor solutions and provides industry leading security and management controls.
Samsung KNOX for Enterprise
Samsung KNOX for IT Managers
Data leakage, malware & malicious attacks: comprehensive protection
Samsung KNOX is security hardening of Android from ground up and protects the enterprise data and applications. It prevents from system exploits and devi-ce compromise. Lightweight and compatible with the existing enterprise infrastructure such as MDM, VPN and directory services, KNOX provides reassurance and convenience for IT departments looking to implement and manage Bring Your Own Device (BYOD) strategies.
Samsung KNOX for Employees
Using personal mobiles for work
Samsung KNOX offers a seamless and intuitive dual-persona platform for at work and at home. KNOX container comforts users as their privacy and personal properties are in tact.
Samsung KNOX for Partners
Samsung KNOX – an easier way to manage mobiles
Samsung KNOX enables existing Android eco-system applications to automatically gain Enterprise integration and validated, robust security with zero change to the application source code. Samsung KNOX relieves application developers from the burden of developing individual enterprise features such as FIPS compliant VPN, on-device encryption, and Enterprise Single Sign On (SSO).