Samsung KNOX / A New Solution for Work and Play
Samsung KNOX™ is the comprehensive enterprise mobile solution for work and play. With the increasing use of smartphones in businesses, Samsung KNOX addresses the mobile security needs of enterprise IT without invading the privacy of its employees.

Platform Security - Secure Boot / TIMA / SE for Android

Platform Security

Samsung KNOX addresses platform security with a comprehensive three-pronged strategy to secure the system: Customizable Secure Boot*, ARM® TrustZone®-based Integrity Measurement Architecture (TIMA), and a kernel with built-in Security Enhancements for Android (SE for Android) access controls.
Customizable Secure Boot*Customizable Secure Boot ensures that only verified and authorized software can run on the device. Customizable Secure Boot is a primary component that forms the first line of defense against malicious attacks on devices with Samsung KNOX. In addition, Samsung Knox's Secure Boot technology allows the switch of the secure boot root certificate in a secure manner after the devices are shipped. As a result, customers that have high security requirements can purchase regular consumer devices and switch the root-of-trust used for secure boot to better protected ones.
* Customizable Secure Boot availability varies depending on hardware specificationTrustZone-based Integrity Measurement ArchitectureTIMA runs in the secure-world and provides continuous integrity monitoring of the Linux kernel. When TIMA detects that the integrity of the kernel or the boot loader is violated, it takes a policy-driven action in response. One of these policy actions disables the kernel and powers down the device. ARM and TrustZone are registered trade marks of ARM Limited in the EU and elsewhere.Security Enhancements for AndroidSecurity Enhancements for Android provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements. Security Enhancements for Android isolates applications and data into different domains so that threats of tampering and bypassing of application security mechanisms are reduced while the amount of damage that can be caused by malicious or flawed applications is minimized.

Application Security

Application Security

In addition to securing the platform, Samsung KNOX addresses enterprise application and data security requirements. Samsung KNOX container provides security for enterprise data by isolating enterprise applications and encrypting enterprise data both at-rest and in motion.
Samsung KNOX ContainerSamsung KNOX Container is an isolated and secure environment within the mobile device, completed with its own home screen, launcher, applications, and widgets. Applications and data inside the container are separated from applications outside the container. This provides a powerful solution for the “data leakage problem” associated with the BYOD model.Encrypted File SystemSamsung KNOX container uses a separate encrypted file system completely isolated from applications outside the container. The data is encrypted using an Advanced Encryption Standard (AES) cipher algorithm with a 256-bit key (AES-256).Virtual Private NetworkSamsung KNOX container offers an on-demand FIPS-certified VPN client called per-app VPN. Per-app VPN provides enterprise IT administrators with the ability to configure, provision, and manage the use of VPN on a per-application basis. Samsung KNOX container VPN offers support for strong IPSec VPN encryption for most sensitive government agencies, including support for Suite B cryptography.

Mobile Device Management

Mobile Device Management

Samsung KNOX works with enterprise-preferred MDM vendor solutions and provides industry-leading security and management controls.

Samsung KNOX for Enterprise - Hacking / Virus / Data Leakage

Samsung KNOX for Enterprise

Samsung KNOX for IT Managers
Comprehensive protection of enterprise data from leakage, malware and malicious attacksThe advanced security and management features of Samsung KNOX make it the ideal Android platform for enterprise deployment. Furthermore, Samsung KNOX Container technology can be used to create a secure zone on the employee’s device for corporate applications and data. The user’s personal apps and data remain outside the secure zone and are thus kept private.Samsung KNOX provides reassurance and convenience for IT departments looking to implement and manage BYOD strategies.Samsung KNOX for Employees
Using personal mobiles for workSamsung KNOX offers a seamless and intuitive dual-persona platform for situations when a single Samsung device is used for both work and play. Samsung KNOX Container provides the user reassurance that their personal applications and data are safe and separate from their work environment.Samsung KNOX for Partners
An easier way to create enterprise grade mobile applicationsSamsung KNOX enables existing Android eco-system applications to automatically gain enterprise-grade security for data storage and transmission without any new application development. Samsung KNOX also relieves application developers from the burden of developing individual enterprise features such as FIPS-compliant VPN, on-device encryption (ODE), and enterprise Single Sign On (SSO).

via SAMSUNG