Automated, secure mobile device management and threat detection can help agencies thwart attacks targeting employees' mobile phones.
Recently, the Department of Homeland Security said that while federal agencies are improving their cybersecurity protections and access controls, nation-state threat actors and cyber attackers are focusing even more attention on spear phishing attacks.
These attacks target specific individuals within an organization to gain an entry point. Spear phishing attacks are not focused on just high-profile or senior executives, rather they target individuals for whom the attacker has or can gather sufficient information to tailor an enticing, individualized phishing email. And because attackers are casting a wide net, they only need to be successful a fraction of the time to launch their attacks.
Malware can also target federal agencies through employees' mobile phones. Unauthorized applications or software from an unauthorized app store, sometimes referred to as “side-loaded” apps, often contain malicious code or spyware.
This is precisely why all government agencies, and all businesses and organizations, should be using a mobile device management solution. Ideally, this MDM solution will have an automated integration with mobile threat detection that can be deployed either on-premises or in a cloud environment.
Before permitting a mobile device to access an agency’s enterprise network, an MDM solution should act as a policy decision point that validates numerous contextual attributes to determine the risk of granting access to the applications or services requested. The solution should consist of two components — one that runs on the device (Android, iOS, MacOS or Windows10) and one that runs as an enterprise server component. Together, the components ensure compliance with the agency’s policies for security, user authentication, device compliance a risk/threat detection and remediation.
An MDM solution registers the user’s device and pushes security policies, configurations and an agency-managed profile to the user’s device. It also tracks and manages the device’s OS, network, app versions, security patch compliance and encryption status. The software then validates the user’s identity (on-device authentication), the device’s identity and the user’s credentials (including PIV/CAC-derived credentials) and binds those attributes together as a part of the strong identity, credential and access management policy compliance requirement. The MDM solution should also ensure that the mobile device is in compliance with all of the agency’s policy requirements before allowing the device to connect to the agency’s network. This allows the agency to whitelist and blacklist applications and networks and provide dynamic contextual access control based on attributes from the device, network, user’s context and environment.
If the device is out of compliance with any of the agency’s requirements, the device-side component can function as a policy enforcement point, even when it’s not connected to any network or if it’s in airplane mode. A mobile threat defense solution can also evaluate the threat posture of the device by detecting malicious code, or phishing attempts, while the MDM solution detects man-in-the-middle attacks and other threats. The MDM can then mitigate any threats on the device before allowing it to connect to the enterprise network. If the device is out of compliance, the MDM can mitigate the risk by blocking access to enterprise applications and data on the device, blocking access to the agency network and VPN, disabling Wi-Fi, or wiping the managed applications and data. Once the device is back in compliance, these actions can be reversed, and the applications and data restored.
A secure conditional access gateway can also help agencies address who is on the network. This gateway uses the above contextual attributes along with strong multi-factor authentication to provide conditional access controls to enterprise applications and data as well as to cloud-based applications. This is critical because traffic to those cloud-based apps goes directly from the device to the cloud and typically does not transit the enterprise network. Therefore, any perimeter security controls are bypassed entirely, which can put agency data at risk. A secure gateway also ensures strong authentication by leveraging PIV/CAC-derived credentials, other certificate-based authentication or identity federation standards including SAML and FIDO2.
Since 2020, mobility metrics are being reported to the DHS as a part of the Federal Information Security Management Act scorecard, and as of 2021, the percentage of devices covered by a mobile threat defense solution is also being reported.
Federal agencies must address the significant risk posed by modern mobile endpoints. Fortunately, there is a solution that addresses all the risks and provides an automated, secure mobile device management and threat detection solution.
NEXT STORY: Think twice before scanning that QR code