Mobile Security Solutions for
Government & Federal Agencies
Operationalizing CDM and Securing Mobile Assets Across the Federal Enterprise
Zimperium provides the most advanced mobile threat defense solutions, aligning with CDM goals.
Mobile Security Best Practices for Federal Agencies in the Post-COVID World
In a recent roundtable discussion hosted by ATARC in partnership with Zimperium, industry experts from various Federal agencies discussed the challenges that agencies encounter with mobile security and incorporating new technologies into a Zero Trust Architecture. Download our joint whitepaper to learn more.
Completing the Zero Trust Framework with Mobile Threat Defense
The disconnect between ZTA mandates, securing user-owned mobile devices, and remote working creates significant challenges as agencies seek to comply with the EO’s requirements.
Zimperium was the First FedRAMP Authorized (ATO) Mobile Threat Defense Provider
Mobile Security and Public Sector
Mobile devices are as pervasive in the public sector as they are in the private sector, but the potential repercussions of a cyberattack are often greater within the public sector. According to Verizon’s 2022 Mobile Security Index, 88% of public sector organizations said a mobile security breach could put people’s lives at risk.
Government employees and contractors use mobile devices for email, information gathering, productivity apps, such as Microsoft Office 365 and Teams, and more. Whether working at a government office or remotely using GFE or BYO, these mobile devices pose significant information security risks to government agencies. Cybercriminals can compromise devices to gain access to government networks and data by attacking any of the threat vectors:
- Phishing – On mobile devices, email, SMS, and even messaging apps are susceptible to phishing attacks.
- Device – OS/kernel exploits (Android/ iOS/ Chromebook), profile/configuration modifications, system tampering, and physical USB/SD card exploits can be used.
- Network – Hackers use reconnaissance scans, Man-in-the-Middle, SSL stripping, SSL decryption attempts, and rogue access points.
- Application – Mobile apps pose two kinds of threats. One relates to legitimate apps that nevertheless have code that makes them vulnerable to attack or leak data. The other relates to intentionally malicious apps, including apps that are deceptively named or contain deliberately malicious code in order to spy on users and compromise mobile devices.
Zimperium Provides Industry-Leading Mobile Threat Defense
With limited IT staff and resources available to government entities, protecting mobile devices and data poses a significant challenge. The Zimperium Mobile Threat Defense (MTD) solution, zIPS, provides continuous, on-device threat detection and enables security operations and incident response teams with the critical mobile threat and risk data necessary to support modern Zero Trust architectures. Additional zIPS benefits include:
- On-device detection eliminates the delays and risks of cloud-based lookups and ensures the device is always protected, even when not connected to a network;
- The only mobile threat defense solution available on any cloud and on-premises;
- Integrations with the leading unified endpoint management (UEM) and enterprise mobility management (EMM) solutions, and the only MTD solution that enables multiple UEMs/EMMs in a single console;
- Strict privacy functionality with no user information sent to the cloud; and
- Advanced integrations with the leading enterprise Zero Trust, security operations (SOC), and incident response (IR) solutions.
Availability
Zimperium solutions for government are available through partnerships under IT Schedule 70, CIO-CS, CIO-SP3, and SEWP V. Zimperium solutions are also available via sole source and direct acquisition. Contact us today for a custom evaluation to your specific needs.
Leverage Zimperium to Meet Government Mandates for Cybersecurity
NIST SP 800-124 | Government Guidelines for Managing the Security of Mobile Devices
Issued by the National Institute of Standards and Technology (NIST), Special Publication 800-124 offers guidelines for managing the security of mobile devices in the organization. First unveiled in 2013, a draft of a second revision of the standard was released in 2020. The standard details the technologies and strategies that teams can use to guard against evolving threats. The standard offers mobile security guidance in such areas as mobile devices, centralized device management, and endpoint protection technologies, and looks at both organization-provided and bring-your-own-device scenarios.
The NIST 800-124 standard specifically recommends the use of mobile threat defense solutions. With Zimperium’s advanced, comprehensive solutions, teams can establish strong defenses around mobile devices and mobile apps so they adhere to security standards like 800-124. Zimperium zShield hardens and protects mobile apps from attackers trying to inspect code and find vulnerabilities they can exploit; Zimperium zKeyBox leverages white-box cryptography to protect keys and secrets within mobile applications; and Zimperium zDefend enables apps to protect itself against evolving attacks.
CMMC | Cybersecurity Certification for Department of Defense Contractors
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB). The US Department of Defense (DoD) released version 1.0 on January 31, 2020 and version 2.0 in February, 2022. The CMMC Level 2 Assessment Guide references NIST SP 800-124r2, which explains that mobile security technologies have evolved over the past decade and details how these solutions work together to enable robust mobile device security. Further, NIST 800-124r2 specifically distinguishes MTD from EMM, MDM, and MAM. The CMMC Level 2 Assessment Guide’s “Discussion [NIST 800-171 R2]” references SP 800-124, which defines MTD’s capabilities for augmenting mobile device security technology stack specifically.
MTD is critical for companies seeking CMMC Level 2 Assessments because it ensures comprehensive threat mitigation and provides countermeasures for exploitation of underlying vulnerabilities in devices and credential theft via phishing. Zimperium zIPS is an advanced MTD solution for enterprises and government agencies in the DIB striving to meet current CMMC standards as part of their mobile device security controls. zIPS detects mobile threats, notifies security teams of incidents, and blocks access to the resources.
“Zimperium’s ability to detect man-in-the-middle attacks on device was a huge factor. Ultimately, it was Zimperium’s enterprise capabilities of integrating in multiple environments that impressed us the most.”
– CISO, US Federal Agency
Recommended Reading
Operationalizing CDM and Securing Mobile Assets Across the Federal Enterprise
Zimperium provides the most advanced mobile threat defense solutions, aligning with CDM goals.
Mobile Security Best Practices for Federal Agencies in the Post-COVID World
In a recent roundtable discussion hosted by ATARC in partnership with Zimperium, industry experts from various Federal agencies discussed the challenges that agencies encounter with mobile security and incorporating new technologies into a Zero Trust Architecture. Download our joint whitepaper to learn more.