Ep. 22 Federal Endpoint Security

August 26, 2022

They stopped building castles with moats and walls when technology made them useless. Today, our notions of perimeter defense are being negated by technology as well. This time, the network has expanded the number of threat vectors to the point where it is almost impossible to even catalog the endpoints.

Because federal networks are being accessed from mobile devices, there is an increased federal focus on enhancing cyber defense. We don’t have to look further than the Office of Management and Budget to see them requiring Zero Trust Architecture. ZTA’s first pillar is identity; identity is increasingly dependent on edge devices like laptops and phones.

Facts about cybersecurity are fascinating. Recently, Verizon released its Data Breach Investigations Report, a well-respected study of cyber security concerns. They state that 62% of breaches were caused by partners to organizations, not from internal threats. This fact alone is an interesting twist on the concept of the supply chain. Federal information professionals now must worry about external threats on mobile devices of contractors.

"So we can we can see those jailbroken or rooted devices, we can see the behavior on the phone that gives us cause for concern"

Tony D'Angelo, Lookout Tweet

During the interview, Tony D’Angelo provides suggestions for increasing Mobile Endpoint Security. He suggests that humans may be more vulnerable with a phone because we typically drop our guard with something like a text message with a link.

Tony D’Angelo turns the table in the middle of the interview – he mentions a tool that is used to attack phones called “Pegasus.” It can embed on a phone without any user action. Lookout has become adept at identifying malicious code on phones. So good, they claim they can recognize a zero-day attack before it occurs.

If you enjoyed this podcast, you may want to listen to episode #20 A Breakthrough Network for Managing Federal Devices