The United States National Security Agency (NSA) recently released a Cybersecurity Information Sheet, “Securing Wireless Devices in Public Settings,” outlining the risks and recommended security best practices for users accessing public WiFi networks. The document provides reasonable recommendations for users in organizations that have not taken proactive measures to detect and mitigate risks via mobile threat defense (MTD) solutions. Indirectly, the infosheet also reinforces the value and necessity for MTD to protect mobile endpoints, users, and access.
As a security professional dedicated to protecting the federal and local governments of the United States, I wanted to share my thoughts about key messages and recommendations contained in the infosheet. Overall, I would break those thoughts down into these:
While I applaud the NSA for recognizing that mobile threats are real, I believe the solution should go beyond educating users to provide the same caliber of automated protection of mobile devices as we have for traditional endpoints.
Before diving into a few details from the infosheet, I want to ensure that no one misses the NSA’s key point about the macro threat landscape. When it comes to network-based and other attacks against mobile devices, the NSA clearly states, “The risk is not merely theoretical; these malicious techniques are publicly known and in use.”
According to the infosheet, “Accessing public WiFi hotspots may be convenient to catch up on work or check email, but public WiFi is often not configured securely. Using these networks may make users’ data and devices more vulnerable to compromise, as cyber actors employ malicious access points (Masquerading [T1036]1), redirect to malicious websites, inject malicious proxies, and eavesdrop on network traffic (Network Sniffing [T1040]).”
The infosheet goes on to state additional details about the risks and threats, including but not limited to:
NSA provides reasonable recommendations for users in agencies that have not adopted mobile threat defense (MTD), but they are very manual and hard to scale. While the intention is excellent, I believe that putting the responsibility squarely on users will not succeed in the long run.
“This infosheet gives National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users the best practices for securing devices when conducting business in public settings. It describes how to identify potentially vulnerable connections and protect common wireless technologies, and lists steps users can take to help secure their devices and data. While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks.”
The infosheet has a nice table of “Do’s and Don’ts” that has numerous recommendations for users, including:
While the recommendations are excellent and pragmatic, they are only the first step in real protection. For as long as cybersecurity has existed, human beings have created the most risk in organizations. Users fall for phishing attacks, download malicious apps, open unsafe attachments, and the list goes on. Training users is a pragmatic step, but advanced and automated attacks need advanced and automated prevention. In this case, organizations need MTD solutions. And no one offers a more proven enterprise-grade MTD solution than Zimperium.
As the NSA has made clear, the threats are real, so the solution should be too. Agencies need an automated solution that does not depend on users to combat mobile attacks and attackers. No MTD provider protects more governments and enterprises than Zimperium. Please take a moment to read how we were selected to protect mobile users of the U.S. Department of Defense. Using my lists from above, here is a snapshot of how Zimperium zIPS addresses some of the threats the NSA is warning agencies to address:
| Threat or Issue | How zIPS Automatically Addresses (Examples) |
| WiFi that does not require a password | Detects unsecured networks, alerting user with proactive recommendations |
| Unencrypted WiFi network | Creates on-demand VPN |
| Decrypting encrypted traffic | Detects attempts to strip SSL and alerts the user and security console |
| Fake access points | Detects fake (rogue) access points, alerting user with proactive steps |
| Malicious apps | Detects known and unknown malware, alerting user and preventing exploit, and reporting to security console |
| Vulnerable devices | Identifies devices on outdated/vulnerable operating systems and alerts user and security console |
Please contact us today for more information on how Zimperium zIPS can bring advanced, on-device detection and protection to your agency.
ABOUT ZIMPERIUM
Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against the device, network, phishing, and malicious app attacks. For more information or to schedule a demo, contact us today.