Feds move to secure mobile devices with machine learning, biometrics

As mobile device use increases among U.S. government workers, IT and security officials are scrambling to better secure devices, leaving behind traditional anti-malware tools in favor of mobile threat detection and role-driven access rules.

mobile security endpoint protection
Thinkstock

Amid the growing use of mobile devices for work by federal employees, U.S. defense and intelligence agencies are fast adopting biometrics and other alternative ways of  computers, smartphones and tablets, according to a new report.

More than 90% of federal agency IT officials in an online survey said their organizations provide secure mobile access for work-issued devices, but less than 20% support workers' personal devices to access most agency systems. Forty percent of those same officials voiced concern about securing personal devices, according to the online survey of federal government IT and cybersecurity officials.

The survey found that among federal workers: 33% rely on personal laptops, 49% rely on personal smartphones and 74% rely on personal tablets for work – even though federal agency IT managers don't support most of those devices.

federal mobile security Cyberscoop/Fedscoop

Additionally, only 25% of federal officials surveyed said they have fully implemented ways to secure endpoints (such as using endpoint detection and response, network access control, end-to-end encryption and application control).

Even so, the U.S. government is outpacing the private sector in deploying the latest endpoint mobile security technology, a study of the survey revealed.

The survey of 167 respondents was funded by Samsung and conducted by online publications CyberScoop and FedScoop. Responses showed more than half of federal agency IT officials worry about cyberattacks using mobile devices as a means of accessing agency networks.

While 6 in 10 IT officials said that securing government-issued or personal mobile devices is a top concern over the next 12 to 18 months, many may be overlooking technology they already have to address security concerns, such as modern consumer mobile devices that support biometrics, containerization and derived credentialing.

Derived credentials refers to personal identity verification (PIV) card or common access card (CAC) technology embedded on a mobile device instead of a physical card.

federal mobile security Cyberscoop/Fedscoop

One top need indicated by those surveyed is the ability to centrally manage and configure mobile devices and remotely lock down devices and recover data if a breach occurs.

Federal mobile security Cyberscoop/Fedscoop

"And they need greater guidance on emerging security threats, meeting federal security mandates and technical support for securing devices," the report said.

One problem with relying on consumer-based security measures is that it simply doesn't meet government standards, according to Patrick Hevesi, a Gartner research director.

Consumer biometrics, such as fingerprint readers and facial recognition technology on mobile devices, do not typically meet the federal government's higher hardware and software standards.

"To try to get government-grade biometrics into a smartphone, the costs would be astronomical," Hevesi said. "So the ones in the iPhone, the Android phones are still not government level."

Federal agencies also face a variety of barriers to securing endpoint devices; budget funding, a cumbersome approval processes, lack of internal expertise and the need for greater guidance on emerging threats and technical support were among the most often-cited obstacles.

federal mobile security Cyberscoop/Fedscoop

End point protection has traditionally focused on Linux, Windows or macOS desktops and laptops and mainly came in the form of anti-malware software. That, however, only scans for known bad files or apps and blocks them. Because mobile devices are architected differently, anti-malware has not been an effective security measure, Hevesi said.

"Now, because so much is happening on these iPads, iPhones and Androids, the need for additional [threat defense] capabilities is important," Hevesi said.

Mobile threat detection software adoption on the rise

About four years ago, mobile threat detection (MTD) software and services began to emerge as a way to detect insecure Wi-Fi networks, alert users to security vulnerabilities associated with a mobile OS version and even restrict network access based on user behavior. (MTD uses machine learning and relies on on-device software and crowdsourced threat intelligence and behavioral anomaly detection.)

Behavior analysis algorithms in MTD can detect if an employee suddenly turns off the encryption or passcode function on their smartphone or turns on USB debugging when they're not a developer. The MTD software would then shut off the employee's access to a corporate network until they're again cleared.

federal mobile security Cyberscoop/Fedscoop

To detect insecure Wi-Fi networks, such as those in a restaurant or airport, MTD software may use crowdsource databases that aggregate information previously reported – or it can detect nefarious-looking connections, such as a pineapple Wi-Fi router. That device is a small, inexpensive router that can surreptitiously connect smartphones or other mobile devices to a different network than the Wi-Fi network a user means to join.

MTD software can also detect unwanted applications or so-called "leaky apps" that might not be insecure themselves but may request access to other mobile tools, such as location. For example, many flashlight apps, which turn on a mobile device's LED light, often request permission to access file systems, network info and contact lists.

"So, it's not necessarily malicious, but it could do something bad with that data," Hevesi said.

The adoption of more sophisticated endpoint security tools is evident with traditional enterprise mobility management (EMM) vendors such as McAfee, MobileIron and Symantec who are partnering with MTD vendors such as Skycure and Zimperium to add the technology to their own products.

For example, Microsoft has been working with MTD vendors to add risk-based conditional network access to its Intune mobile application management (MAM) tool.

"So, before I allow access to Office365 on a mobile device, if they have the MTD installed on it, it can detect the state of health of the mobile device," Hevesi said. "You're definitely seeing more interest in having advanced techniques for protecting mobile devices. Not only government agencies, but all enterprises are beginning to think more about this."

Today, most EMM vendor software can integrate with various MTD agents running on a mobile device, and the software can automatically determine if that device risk is high, medium, low or at no risk at all of being compromised.

Mobile attacks continue to grow

While Android is the largest target for mobile malware and unwanted applications, iOS mobile attacks continue to surface, according to a recent Gartner report, "Advance and Improve Your Mobile Security Strategy in 2018."

"Mobile security products are becoming increasingly important as the rate of mobile attacks continues to grow, though these attacks are still not at the levels of traditional endpoint attacks," the report said.

Gartner suggests IT professionals involved in endpoint and mobile security:

  • Use MTD solutions on both iOS and Android devices as there are real-world attacks against both OSes.
  • Deploy stand-alone (agent-only) MTD to better target unmanaged or bring-your-own-device (BYOD) scenarios.
  • Leverage MTD solutions integrated with EMM/MDM solutions for managed scenarios. This will provide additional enforcement capabilities, especially on devices requiring access to highly sensitive data.
7 questions to ask your EMM provider about GDPR compliance
  
Shop Tech Products at Amazon