Mobile device event logging: A panacea for the digital endemic
November 8, 202112:44 pm
5 min read
This content is provided by Zimperium.
Malware, like ransomware and spyware, is rampant in federal networks. If agencies have learned nothing else in the last year, they have realized that they currently face a digital endemic. With mobile security as the Achilles heel of Zero Trust, mobile event logging can be a preventive care measure protecting federal network digital health. Just like cancer screenings can give preventative insights into physical health, mobile event logging acts...
Malware, like ransomware and spyware, is rampant in federal networks. If agencies have learned nothing else in the last year, they have realized that they currently face a digital endemic. With mobile security as the Achilles heel of Zero Trust, mobile event logging can be a preventive care measure protecting federal network digital health. Just like cancer screenings can give preventative insights into physical health, mobile event logging acts as a digital health screening to detect and prevent potential threats to federal networks.
Digital Device Health Screening by Maturing Event Logging
August 27, 2021, Office of Management and Budget (OMB) memorandum M-21-31 outlines a “Maturity Model for Event Log Management.”
The memorandum gives four maturity levels defined as:
EL0 Ineffective: Logging requirements of highest criticality are either not met or only partially met
EL1 Basic: Only logging requirements of highest criticality are met
EL2 Intermediate: Logging requirements of the highest and intermediate criticality are met
EL3 Advanced: Logging requirements at all criticality levels are met
At the EL1 Basic level, agencies need to ensure that they have mobile devices (smartphones and tablets) and Mobile Threat Defense (MTD) server log alerts.
Further, agencies need to collect active and cold data storage logs for mobile devices and MTD agents. Under the technical details section, the data collected includes:
Device policy settings
MTD agent information
The MTD agent information gets even more specific, pointing out that the event logging needs to include:
Agent Activation Status
Threat Detection of Variety of Vulns
Phishing Protection Status
Tampering of Agent, App, or System
Remediation Actions Taken
Last Time Device Synched with Enterprise Systems
All of this makes sense as mobile threats continue to increase exponentially. After all, mobile is often the most vulnerable endpoint, which makes threat actors want to target it. As an essential“highest criticality” logging requirement, every agency must include mobile device logging as part of the attestation and documentation process. No ZTA implementation is complete without mobile device security and logging as a preventive screening to protect themselves from the digital endemic they face.
Mobile Device Attestation and Documentation Challenges for ZTA
To comply with the ZTA Device pillar requirements, agencies need real-time analysis of mobile devices, ensuring protection against zero-day cyberattacks that include
phishing attacks and
This monitoring must be done across static and dynamic runtime environments. Without this “device attestation” capability, it is impossible to achieve a zero-trust posture since the device itself can be compromised.
While some “system of record” solutions such as Mobile Device Managers (MDM) provides data useful for device-trust assessments, many cannot provide near-real-time accounts of current risks and vulnerabilities on the device. In addition to detection, they are adding remediation to terminate unauthorized access to data or services, assuring that the device’s cybersecurity posture and trustworthiness are sound.
Attestation is the process of monitoring device security. Meanwhile, MTD logging is the assurance aspect that proves trustworthiness. A complete ZTA implementation must include both the device monitoring and the documentation as proof that the agency continuously manages device security, preventing critical mobile.
Secure All Mobile Endpoints with Zimperium zIPS
Zimperium zIPS gives you a way to implement an MTD solution with the logging necessary to meet the OMB maturity requirements. zIPS is the only mobile security solution with real-time, on-device machine learning-based detection for Android, iOS, and Chromebook. With zIPS, public and private sector organizations can protect against known and unknown threats.
Zimperium provides an MTD Maturity Model that accelerates agency compliance with the OMB’s memorandum. The models’ maturity levels offer guidance through threat focus areas, policy recommendations, milestones, and security scores. After determining a level of maturity, the MTD Maturity Model suggests the next steps, including measurements, metrics, and specific outcomes. Public and private entities can use this model to strategize, execute, and communicate mobile risks across the organization. While some “system of record” solutions such as Mobile Device Managers provide data useful for device-trust assessments, Zimperium’s zIPS goes further, giving near real-time accounts of current risks and vulnerabilities to provide the necessary critical logging resources to help agencies meet EL1 Basic maturity level compliance.
Zimperium zIPS runs locally on mobile devices, recognizing normal baseline configurations for operating systems and apps. It also recognizes normal web traffic activity, like safe websites. When it detects abnormal activity on a device, zIPS sends the user an alert and blocks malicious activity, like stopping a phishing link from loading.
With zIPS, organizations have continuous mobile device monitoring without requiring a persistent connection for signature validation. zIPS uses the Zimperium z9 zero-day detection engine, protecting the whole device whether connected to the internet or not. This advanced mobile security protects devices from threat actors disconnecting or redirecting traffic when connected to a cellular tower. Since zIPS is not signature-based or cloud-dependent, it supports holistic endpoint security by filling in the gaps created with mobile devices.
The Zimperium solution captures forensic and other events for real-time or near-real-time feedback on a mobile device’s security posture. As the only fully on-device machine learning-based detection engine, the zIPS z9 engine is the only solution to provide mobile threat defense for the entire device, having detected every mobile exploit over the last six years.
Preventive digital health screening starts with mobile security and threat detection. As the threat landscape evolves and compliance initiatives focus on mobile event logging, the public and private sectors need to complement their existing EDR with the Zimperium Solution for a complete approach to Zero Trust that protects Federal Networks.