Fed to Fed

Shattering the Silo: A Unified Approach to Mobile Device and App Security

GOVTECH CONNECTS Season 3 Episode 8

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 13:14

As government organizations accelerate IT modernization and Zero Trust adoption, the need for greater visibility, efficiency, and coordination in cybersecurity has never been more critical. Join us on today's episode of the Fed to Fed podcast as host Susan Sharer discusses the evolving mobile security landscape with Mike Damiano of Zimperium. 

Explore the risks associated with third-party applications on mobile devices including:

  • AI-driven phishing
  • zero-day exploits
  • "shadow AI" integrations

Learn how fragmented security approaches increase exposure to threats compared to a unified mobile security platform. We also examine how AI can be used to defend against cyber threats using practical strategies to help federal agencies and their partners stay ahead of an increasingly sophisticated threat environment.

Thanks for listening! Would you like to know more about us? Follow our LinkedIn page!

Welcome to the Fed to Fed podcast, where we dive into the dynamic world of government technology. In this podcast series, we'll be joined by current and former federal leaders and industry trailblazers at the forefront of innovation. Here, we speak openly and honestly about the challenges and opportunities facing the federal government and the Department of Defense and its partners in the modern age, driving innovation and the incredible capabilities of technology along the way. Whether you're a federal leader, a tech industry professional, or simply fascinated by IT modernization, just like us, this podcast is for you. And we're so happy to have you tuning in. Welcome everyone. And thanks for joining us today. Across government we're seeing a strong push to enhance visibility and efficiency in cybersecurity to gain a clearer picture of every endpoint and streamline how agencies defend against threats. Mobile devices are now a critical part of that landscape, but many organizations are still managing mobile security through separate tools and disconnected processes. That fragmented approach can limit visibility, slow response make it harder to protect sensitive data. Today, we're joined by Mike Damiano to discuss how bringing mobile threat to fence and mobile application vetting together can help agencies achieve a more unified, efficient and transparent approach to mobile security. Mike, we're thrilled that you're here today. And I'm very excited about talking with you about mobile security. So let's start with the first question. What do you see as the biggest challenge facing mobile security today? So I think the biggest challenge that facing mobile security today is about the ever evolving changing of of the attack vectors, of how the attackers are going after it. I think that we're getting to that point. We see the from the executive order 14,028 and next, 801 24. We can see where a lot of the agencies have gotten the MDM as part of the the 801 24. We can see that as part of that, the the the the requirement is going to be for also MTD which a majority of agencies have. It's also been coming this this problem where we see a lot of the threats are coming from from applications. And those applications are causing risk. And so as part of the most recent revisions of missed, when 801 24 mobile application vetting is a big part of that. And so what we're seeing is the agencies are inherently just based off of trying to fill the void. They're creating silos. They're creating where we have, MTD and device related threats kind of pulling in and being analyzed from an MTD perspective, but a different whole silo that's taking care of the applications that are running on those devices and what risks those pose. And, and not being able to kind of get a clear vision of what is happening in those two pieces, or those two silos that are kind of being created to fill the void of protection. Thanks for that, Mike. So, Mike, what are the consequences of the gap being created? So it's about the full visibility of the attack chain. What we see when we're what we're spotting, ongoing attacks, we're looking at from the beginning of the entire attackers chain they're looking for. How can they exploit the device? And traditionally, it has been fishing. And fishing is still very prevalent. But as application threats are coming through, as we see additional, exploits from leveraging the vulnerabilities and applications to help pose exploits on the system of the application, as much as there are sandboxes that are created for each one of these apps. Misuse of permissions, misuse of entitlements, poses a risk to be able to to infect or to, to exploit the actual OS themselves. The way that I kind of look at this, that we're doing things with Siloing is kind of taking it back to an example of cruise control. We go from long back, remember cars, cruise controls was always the feature that we would set it to an exact speed in the human would be the silo. That would make the decision when we need to slow down and make those changes. As we've evolved with, with, dynamic cruise control, we've now set a speed, but based on analyzing risk. And that's kind of what a full platform is able to do. It's able to allow you to still function on your device, while also ensuring that any of the risks that are posed by, anything on the device level, the app level, are all being correlated and put into the overall protection to make sure we slow down, make sure we kind of provide that protection. So I just look at it as an evolution and trying to evolve it to be better. Like we're at the point where we have all these things like cruise control in the car. We want to advance that we want to bring to the dynamic version. And that's what a full platform would really kind of play into. That's great. My thanks for using that example as well. So when agencies integrate MTD and Mab within a single platform, what kinds of improvements to they actually see? And can you share some examples of how this unified approach enhances visibility across devices and applications, while also improving efficiency? So I'll go back to you know, what the what the efficiencies ends up breeding and causing as outcomes is the ability to kind of look at where the attackers are coming from. They're looking at not only the the application and the risks that are posed on to that, but how can they get down to the actual device? And so how can we leverage some, and some vulnerabilities that are in an application to also connect us with an operating system that has vulnerabilities that allow us to penetrate and create that that exploitation. I think a lot of, where we get those efficiencies is following that full attack chain. How how did things happen? What was the events? Obviously, if it's if it's a entry level app that that's ending up causing the initial exploit, we can then see with a full platform I can see okay, app inventory. We added that app. After we added the app, we started seeing some escalation of privileges based off of the entitlements that were already built into the app. When that happens, then we can trigger on MTD side and escalation of privileges based off of the risk that we know is associated in the app to be able to provide the protections to lock the device down before, to actually do the prevention pieces and, before actually actions are taken to ensure zero trust compliance. So, Mike, that is a great example in terms of how you respond to a threat. Can you tell us a little bit more about the reporting or compliance requirements that align with this as well? Yeah, I mean, compliance is a big portion of MTD. We want to ensure the, the, the the risks and the vulnerabilities that are that are residing on the endpoint over time are are dealt with. We don't want to have them dwell for too long. So it's about collecting the forensic data associated with this. It's a it's about being able to say for certainty that this app has a ChatGPT or a Lem built into it. That's posing risk to me. How can I take action? It's it's about being able to provide the compliance data of all the CVEs associated with the vulnerabilities exploited on to the operating system I am running. And not only that is, which ones are that have been exploited in the wild. That's great. Thank you for that. So, Mike, that's a great view of the benefits for today. But of course the threat landscape is always evolving and so are the expectations for agencies to stay ahead of it. So as mobile threats continue to evolve from AI driven phishing to zero day exploits, how should agencies be planning for the next phase of mobile security? Well, it's a really interesting question. I know AI is very top of mind to a lot of people. The advantage of of some of the MTS that are out there is they've been doing AI for years and years. They've been using classifiers specifically. I've been using classifiers to be able to, to collect, forensic data and make correlations using AI to to what those, you know, actions on, on, on the actual kernel level actions from, maybe a network connection. How can we collect that data to try to tie it back to, to an actual attack so we can try to prevent it? And so there's always the use of AI to prevent attacks. And of course the attackers are using AI to try to go after us. But there's also what we're very focused on is the what we call shadow AI. And it's how is AI posing risks to the to the device, to the applications and to the user? And so what we've found is a lot of, applications kind of follow the same pathway that we saw. With the TikTok ban. And so with TikTok ban, we block the apps, we block the websites. And so TikTok started creating alliances and saying, hey, put the TikTok SDK in your app. And unknowingly, people were sharing data to to the TikTok SDK by, you know, asking a questions, posting things to what would seem like a normal application. But the integration is what they didn't realize. So we see this a lot with AI and how many AI platforms are being integrated into applications, and how much that will pose risks to say, sending data to to deep seek or to the hugging face and, cohere. These are all there's so many of these I, I learned models that are out there, and you don't know where you're ending up sending your data. When you're connecting with these, with our our solution, with a lot of what we see in the, in the field is that we need a way to actually be able to enforce policy on characteristics like is deep seek embedded into there is TikTok embedded into there is is any of these risks associated with. And that's kind of where where we're going with this is what we call automated mobile app vetting. How can we set a set of characteristics like unsanctioned AI or like unsanctioned social media feeds to never, ever be in my, my ecosystem and automatically use AI out of compliance, the application based off of characteristics and applying policy and applying zero trust all and call it one. That's awesome. So Mike, how can that unified platform help them maintain both visibility and efficiency as they adapt to future challenges? So I do think that that today we can get a clear picture of, of both the visibility and the efficiencies built into both, you know, the MTD and the Mab Siloing that we've kind of been seeing. I think that there are platforms particularly like ours that are able to bring those two together and provide the context of, what's happening from both a device vector perspective and from an app, vector perspective, and bringing those all into one, unified, solution. That's fantastic. Mike, thank you. So much for walking us through this today. It's clear that achieving both visibility and efficiency isn't just a technology goal, it's becoming a mission requirement. for agencies. Balancing limited resources with growing mobile risks. Breaking down silos between MTD and MAV can help create a clearer, faster and more coordinated defense to everyone joining us. We hope this conversation gives you ideas and how to simplify your mobile security approach, strengthen visibility, and drive greater efficiency across your mission. This concludes today's episode of the Fed to Fed podcast. If you enjoyed this episode, please don't forget to subscribe, rate and leave a review. Your feedback helps us continue bringing you thought provoking sessions with the brightest minds in government, technology. Stay tuned for our next episode, where we will continue to explore opportunities to harness the power of technology and explore what's next in developing a more innovative and efficient government. Until then, this is the Fed to Fed podcast by GovTech Connects. Thank you for joining us.