DOD ramps up mobile security

The Defense Innovation Unit selected Zimperium’s mobile endpoint protection platform to help shore up security of devices accessing DOD’s unclassified applications and data.

To better protect mobile devices that warfighters use, the Pentagon’s Defense Innovation Unit (DIU) is readying a mobile threat application that analyzes for problems on Defense Department-issued devices and shares findings in the cloud.

“DOD must protect mobile devices from attacks such as phishing, malicious risky apps, operating system exploitation and network attacks,” Rick Simon, cyber portfolio program manager at DIU, wrote in an email response to GCN’s questions. “Previous methods aimed at addressing this gap in security had been minimally successful.” 

The department recognizes that warfighters’ mobile endpoints face the same threats consumers’ devices do, but the loss of confidential information and credentials at DOD could lead to a national security issue, Simon said.

DIU selected Zimperium’s mobile endpoint protection platform to help shore up DOD’s unclassified mobile offerings. It will monitor users of the Defense Information Systems Agency’s DOD Mobility Unclassified Capability (DMUC) when they access applications and data on Apple iOS and Android endpoints while on the move.

Zimperium’s app gets pushed to the devices and checks what networks they’re connecting to, what apps are being downloaded and the security of links users click on. Users must do an initial activation, and then the app is always on.

“If you’re connected through a Wi-Fi router and someone starts eavesdropping on it … it will immediately warn against that and disconnect it from the router,” said Zimperium CEO Shridhar Mittal.

Although detections are done on the devices themselves -- rather than being sent to the cloud for analysis -- in support of DOD privacy policies, “when we do find a threat, we do report it so that action can be taken to protect the device and to protect the DOD through the cloud connection,” Mittal added.

The solution uses Zimperium’s machine learning-based engine called z9 and its zIPS, which can detect and stop threats across the kill chain. What’s more, it can detect attacks in the absence of network access and allows for an on-premises management approach in addition to cloud, Simon said.

DISA approached DIU about prototyping a mobile threat defense solution about two years ago, Mittal said. Zimperium announced the contract in October 2020. It was awarded through DIU’s Commercial Solutions Opening and Other Transaction Authority.

“DISA is preparing to deploy the Zimperium agent onto selected DISA-issued mobile devices,” Simon said, and Mittal added that he expects it to be deployed on hundreds of thousands of devices.

Although the effort began before the pandemic hit, COVID’s impact of remote work has heightened the importance of mobile security. “Since the pandemic began, DOD employees have been accessing information and collaborating from outside the [DOD Information Network] in great numbers,” Simon said. “That remote access over the internet extends to both laptops and mobile devices. Everything that can be done to better protect endpoint devices and the information moving to or from them is helpful.”

Zimperium’s solution also supports the zero trust cybersecurity approach, which is gaining traction in government, including at DOD. Using it, devices trust no one without authorization and even then may allow access only to part of the network.

“We provide device attestation -- or in simple words, it’s basically the health of the device -- to the zero trust framework,” Mittal said. “If we detect there is something wrong with this device, it can cut off access or limit the amount of authority that this person has in terms of corporate data.”

In general, Mittal said, when people work remotely, they tend to use mobile devices, such as smartphones and tablets. “You need to be able to access all kinds of corporate data, and today, if those devices are compromised, the information on the device or the information that’s coming from the corporate network can be compromised,” he said.

This article first appeared on GCN, a Defense Systems partner site.