Zimperium's Mobile Security Blog

What Truly Matters for Remote Workers Using GFE and BYOD Mobile Devices

What Truly Matters for Remote Workers Using GFE and BYOD Mobile Devices

The world has changed and we all know it. Mobile operations are at the forefront of every organization and so is mobile security. We’ve all seen attacks as simple as malicious apps, SMS phishing and man-in-the-middle attacks; to the more challenging, such as elevation of privileges, exfiltration of data and command and control manipulation. What you may not have read is the Anatomy of Mobile Attacks whitepaper, where you’ll learn what an actual attack looks like and what enterprises and government agencies can do to protect themselves.  

The threats have been declared by all relevant agencies including The Department of Homeland Security (DHS) and Department of Defense (DoD) and leading industry experts.  

The National Institute of Standards and Technology (NIST) has provided guidance via 800-124 and MITRE offers their ATT&CK Mobile Matrices, which describes the 13 tactical techniques and over 100 methods of exploitation that hackers employ against your mobile devices. 

You’ve been warned and now is the time to act. However, not all mobile security solutions are created equal.  

Here’s what really matters in this new era of mass teleworking using mobile devices:

  • Mobile device management (MDM) products, virtual private networks (VPN), and multi-factor authentication (MFA), do not protect your device from phishing, network, OS/device, or mobile application vulnerabilities and zero-day threats; 
  • Mobile devices are logically just another end-point, but they are also the new Perimeter and are very powerful computing platforms requiring protection against very real and imminent threats; 
  • Mobile Threat Defense (MTD) offerings exclusively dependent on a “cloud connection” are inherently sub-standard for continuous protection;
  • On-device and always-on is the only path for enabling zero-trust mobile operations;
  • Enterprises require robust administration consoles and features; and
  • Protecting mobile applications is integral to the overall security of the mobile device.  

You simply cannot have zero-trust unless your devices are continuously protected, even when disconnected from the Internet. On-device and always-on detections and remediations are absolutes in the realm of mobile security.  

Remember, the bad guys only need to get it right once, and you don’t want to rely on a cloud connection solution. Zero-day/zero click attacks are now common, and signature based defenses along with cloud “calls” are obsolete.  

Advanced Persistent Threats (APTs) and newly found Common Vulnerabilities and Exposures (CVE) from nation sponsored attacks continuously test the new perimeter. Current mobile technologies, like MDMs, VPNs, or MFAs are not sufficient against these attacks.   

We are here to help

Future-proofing and protecting your data and your investment should be an important consideration, given how missions can change quickly.  

Zimperium is the global leader in mobile device and app security, offering real-time, on-device protection against Android and iOS threats.  What differentiates Zimperium from other MTD providers is the following:

Whether you deploy On-Prem, FedRamp, GovCloud, Azure, AWS, Google, Oracle, your VPC, or our commercial cloud, only Zimperium can meet the demands in flexibility, required by government agencies and their industry mission critical partners. 

Contact us

All of this enables you to future-proof your investment in mobile security. To learn more, please contact us. We are here to help. 

Jim Kovach is Vice President of Public Sector for Zimperium, supporting Federal, State and Local governments.