Government

Mobile Security Solutions for Government Agencies

The First FedRAMP Authorized Mobile Threat Defense Solution

FR_logo_black
Free Consultation
Read More

Choosing a Mobile Security Management Solution for CDM Compliance

The Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) program provides updated and modern cybersecurity guidelines for fortifying government networks and systems.

CDM’s 2021 priorities seek to achieve more robust mobile threat defense positioning, securing the increased number of mobile devices connected to agency networks. This includes enhanced visibility, protections, and management of mobile assets, along with critical device attestation to support security incident response and monitoring. The current priority also looks to explore advanced mobile threat defense capabilities for the federal infrastructure.

The CDM compliance for mobile devices requires specialized solutions to address these evolving risks, while the Presidential Executive Order addresses the need for mobile implementations into advanced EDR, XDR, and Zero Trust security architectures, for a cohesive and progressive security strategy.

Zimperium supports all phases of CDM and the efforts established by the Presidential Executive Order, addressing the mobile security capability requirement through the advanced z9 machine-learning engine.

DISA Selects Zimperium

As you may have seen in the news, the U.S. Department of Defense (DoD), through its Defense Information Systems Agency (DISA) and Defense Innovation Unit (DIU), selected Zimperium to deliver comprehensive Mobile Endpoint Protection (MEP) to service members around the world. Our mobile threat defense (MTD) solutions will protect DoD mobile endpoints against phishing, malicious/risky apps, OS exploits and network attacks.

Read More

Mobile Security and Public Sector

Mobile devices are as pervasive in the public sector as they are in the private sector. According to the National Institute of Standards and Technology (NIST) Report on Securing and Growing the Digital Economy from the President’s Commission on Enhancing Cybersecurity explains, “The days of employees working only at an office using an organization-issued desktop computer fully managed by the organization are largely over.”

At all levels of government, though, mobile device usage poses the same IT security risks as usage in the private sector. In fact, mobile devices can pose even greater risk in the public sector.

The Department of Homeland Security’s Study on Mobile Device Security puts it this way. “The stakes for government users are high. Government mobile devices…represent an avenue to attack back-end systems containing data on millions of Americans in addition to sensitive information relevant to government functions.”

Zimperium was the first mobile threat defense (MTD) provider to be granted an Authority to Operate (ATO) status from the Federal Risk and Authorization Management Program (FedRAMP).

“Zimperium’s ability to detect man-in-the-middle attacks on device was a huge factor. Ultimately, it was Zimperium’s enterprise capabilities of integrating in multiple environments that impressed us the most.”

– CISO, US Federal Agency

Zimperium helps Defense contracts comply with NIST 800-53 CMMC Guidelines.

View Datasheet

Zimperium helps Government agencies comply with NIST 800-124 Mobile Device Security Guidelines.

View Datasheet

Zimperium helps explain MITRE ATT&CK for Mobile Matrix’s tactics and techniques.

govt_mitre_150px
Download Report
“Two converging factors help to create the urgent need for secure enterprise solutions. First, mobile solution use is rapidly increasing across the federal government. Second, mobile threats are increasingly common and more sophisticated, which puts data stored or processed on these devices at risk and exposes backend systems and networks to attacks via mobile malware.”

Department of Homeland Security (DHS) Science and Technology Directorate (S&T). 2018 Mobile Security Research and Development (R&D) Program Guide. April 13, 2018.

Whether working at a government office or remotely using GFE or BYO, mobile devices pose significant information security risks to government agencies. Through a variety of attack methods, such as compromising Wi-Fi connections, the use of malicious access points, attacks on mobile operating systems, side-loading of apps, and introduction of risky/non-compliant apps, cybercriminals can compromise devices to gain access to government networks and data.

Managing employee devices and data

The vast number of mobile devices used in conducting official public sector business creates a significant threat landscape. Government employees and contractors use mobile devices for basic tasks such as accessing email but also for other productivity and information gathering needs requiring government network access. As a result, government IT security professionals must manage not only each government employee’s primary PC, but must also attempt to manage employee and contractor mobile devices. This effectively doubles the number of endpoints that need to be secured.

Government agencies’ usage of Microsoft Office 365 and Teams has skyrocketed (over 900% for some agencies). Unfortunately, the cyber threats to the GFE and BYOD mobile devices that are accessing O365 has also significantly increased. Without implementing mobile threat defense (MTD) solutions, agencies and their “Zero Trust” initiatives are exposed and at risk.

This complex challenge is unique to mobile since IT lacks device administration access and remains a guest on mobile devices, as in the case of BYOD environments, and therefore cannot ensure timely updates of app and operating system security patches.

Preventing rogue network attacks

Rogue network attacks are problematic even for government entities that have robust network access policies and procedures in place. Rogue networks can be disguised to appear as official networks, so even employees attempting to comply with network-access policies can be deceived. Disguised, rogue networks make devices susceptible to man-in-the-middle (MITM) and other surveillance attacks.

Managing and mitigating the app threat

Mobile apps pose two kinds of threats. One relates to legitimate apps that nevertheless have code that makes them vulnerable to attack or leak data. Another type of threat is that from malicious apps, including apps that are deceptively named or contain deliberately malicious code in order to spy on users and compromise mobile devices.

Zimperium Makes it Easy to Secure and Procure Mobile Threat Defense

Protecting employee devices and data

With limited IT and security staff and resources available to government entities, protecting mobile devices and data poses a significant challenge. Similar to a configuration manager for laptops and desktops, organizations may have a mobile device management (MDM) in place to manage mobile devices from a central location. What is needed, is a MTD solution to detect and prevent mobile device, network, phishing and malicious app attacks. Zimperium’s easy-to-install MTD, zIPS™, secures today’s and tomorrow’s mobile devices. zIPS provides autonomous threat detection and remediation for Android, iOS , and Chromebook mobile devices against device and network-based attacks but also rogue application installs leveraging patented machine learning to ensure that detection and protection outpaces evolving threats.

On-device detection and prevention

Protecting against zero-day threats requires more than the ability to identify known malware. Our z9™ engine automatically detects and remediates issues on-device rather than requiring an Internet connection, admin privileges or tunneling to a cloud service. This approach keeps private user account data secure on the device without impacting performance. Threats and forensic details at the device, network, and app level are communicated to your InfoSec team for responsive issue resolution and compliance without compromising privacy regulations.

Availability

Zimperium solutions for government are available through partnerships under IT Schedule 70, CIO-CS, CIO-SP3, and SEWP V. Zimperium solutions are also available via sole source and direct acquisition. Contact us today for a custom evaluation to your specific needs.

Sign Up For Our Newsletter

Get the latest Mobile Security News and Updates in your inbox

Get started with Zimperium today