How to Leverage MTD Solutions to Comply with NIST 800-124r2 Guidelines
Prior to the global pandemic, we were beginning to see a shift in companies realizing the need for mobile device and app security. Private and public sector organizations alike, began to see how hackers were breaching and compromising mobile devices and – in turn – putting their employees and the companies themselves at risk.
And then came COVID-19. And that understanding became even more apparent.
COVID-19 created a situation unlike anything many of us have ever seen; yet one that will likely leave permanent changes in how we protect our workforce. With the overnight switch towards entire workforces working remotely from home – on all variety of corporate and personal (bring your own) devices – IT and security teams turned to triage mode from a security and risk perspective.
We observed an immediate change to the mobile threat landscape related to COVID-19 which reinforced the need for mobile threat defense (MTD) solutions as a critical way to protect your users, devices and organization.
We weren’t alone in noticing significant growth in coronavirus-related attacks. Our partner – Google – and others reported:
- More than 18 million daily malware and phishing emails related to COVID-19 scams were seen by Google just in one week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus;
- FBI urged vigilance during the COVID-19 pandemic due to increased financial and health-related fraud campaigns, specifically identifying that children who are home from school and spending more time online may be at increased risk for exploitation; and
- Wall Street Journal warned of a significant rise in phishing, robocall and “smishing” (text-message scams sent to your phone) schemes involving stimulus checks, airline refunds, charities, fines for breaking social-distancing rules, “mandatory” COVID-19 preparedness tests, unproven treatments and sales of in-demand supplies like masks or thermometers.
The National Institute of Standards and Technology (NIST) is providing guidance through its Guidelines for Managing the Security of Mobile Devices in the Enterprise.
Within the report – known as 800-124r2 – NIST talks about the importance of mobile threat defense (MTD) and mobile device management (MDM) solutions when protecting mobile devices. MTD solutions detect and prevent mobile device, network, phishing and malicious app attacks. An MDM is a management tool. It allows compliant devices to access corporate email, apps via the corporate app store, and data, and it secures data-in-transit between the mobile device and the corporate network.
The latest NIST 800-124 draft says:
- MTD systems provide real-time, continuous monitoring, assessing apps after deployment to a mobile device as well as during runtime;
- MTD can detect and protect the mobile device, apps and end-user against attacks via the wireless network;
- MTD systems also may detect attacks against an app or OS software;
- Side-loaded apps may be special-purpose, enterprise-loaded, or whitelisted apps specified by the enterprise;
- MTD systems monitor the on-the-fly behavior of mobile apps within the current mobile environment, such as when the app navigates to known malicious URLs or phishing sites;
- Unexpected interactions among apps or use of data on the user device (e.g., the app accesses a device owner’s “contacts” or “location”) also may alert an MTD system to potentially malicious or risky behavior; and
- Mobile app vetting to detect software or configuration flaws that may create vulnerabilities or violate enterprise security or privacy policies.
Importance of choosing the right MTD
Zimperium is the global leader in mobile device and app security, offering real-time, on-device protection against Android and iOS threats. What differentiates Zimperium from other MTD providers is the following:
- We are the only MTD vendor who can deploy On-Premises;
- We were the first FedRamp Authorized MTD vendor with an authority to operate (ATO);
- We are the only mobile security solution offering on-device, machine learning-based detection of device, network, phishing and malicious app attacks on Android and iOS devices;
- Zimperium is the only MTD vendor supporting Microsoft ATP Defender, Microsoft Endpoint Manager, and Sentinel in the Azure Cloud;
- We are the only provider with a complete suite of solutions that protect mobile apps from development through running on end-user devices; and
- We have value-added distinct integrations with MobileIron, McAfee, and VMware AirWatch/Workspace One.
What about VPNs and MFAs?
You simply cannot have zero-trust unless your devices are continuously protected, even when disconnected from the Internet. On-device and always-on detections and remediations are absolutes in the realm of mobile security.
Remember, the bad guys only need to get it right once, and you don’t want to rely on a cloud connection solution. Zero-day/zero click attacks are now common, and signature based defenses along with cloud “calls” are obsolete.
Advanced Persistent Threats (APTs) and newly found Common Vulnerabilities and Exposures (CVE) from nation sponsored attacks continuously test the new perimeter. Current mobile technologies, like MDMs, VPNs, or MFAs – which are not designed to perform threat detection – are not sufficient against these attacks.
To learn more about how Zimperium can address your mobile device security needs, please contact us. If you would like to learn more about actual mobile attacks and what enterprises and agencies can do to protect themselves, please download our “Anatomy of a Mobile Attacks” whitepaper. We are here to help.