THE PROBLEM: CHOOSING BETWEEN SECURITY AND MOBILITY

WORKING WITHOUT MOBILITY MAY MEAN: MOBILITY WITHOUT SECURITY MAY MEAN:

• Increased costs

• Less collaboration

• Reduced efficiency & productivity

• Difficulty with recruiting and retention

• Weakened policy and compliance enforcement

• Threat of lost or stolen data

• Risk of physical hacking of devices

• Cost to remediate damage of breach

43% 37% 32%

have trouble securing and monitoring devices

enforce different security protocols at different locations

lack control – or even knowledge of – device location

ORGANIZATIONS FACE MANY SECURITY THREATS:

Remote Monitoring (Surveillance & Exploitation)

Keylogging and Persistent Firmware Threat

Air-Gap Jumping & Data Exfiltration

Insider Threat & User Negligence

Removable Media & Data Port Exploitation

Wireless Spoofing & Man-in-the-Middle

Lost & Stolen DevicesPrivileged Escalation Attacks

ENHANCED

SECURITY

DYNAMIC COMMAND

AND CONTROL

UNMATCHED

ASSET MANAGEMENT

DISTRICT DEFEND ADDRESSES THE ROOT CAUSE OF SECURITY GAPS AND

DELIVERS ENDPOINT HARDENING ACROSS COMPLEX MISSION NEEDS

• Configures endpoint security settings based on organizational policies, user role, location, and time-bound permissions

• Automatically powers off devices outside approved spaces and enforces data-at-rest encryption

• Executes remote data wipes if devices are stolen or left outside secure spaces

• Provides pre-boot validation of device presence and configuration within approved spaces

• Controls the security configurations of all enterprise devices, across all approved locations via a single management interface

• Enables the establishment of numerous user groups, which can each maintain unique security rules

• Supports access control decision frameworks for applications, VDI environments, and network resources

• Eliminates reliance on end-user compliance and manual system administration

• Provides real-time situational awareness of when devices leave authorized facilities and the duration of absence

• Ensures end-users maintain positive control of assigned devices

• Provides critical counterintelligence data on device movement/behavior for external analysis and trends

• Delivers endpoint device/server usage data, inventory management, and secure supply chain

Eliminates

Human

Error

Prevents

Advanced

Attacks

Allows

Enterprise

Mobility

Enforces

Data

Encryption

SEAMLESSLY SECURES ENTERPRISE MOBILE DEVICES ANYTIME, ANYWHERE, EVEN WHEN POWERED OFF

DISTRICT DEFEND ENABLES ORGANIZATIONS TO TAKE AN UNPRECEDENTED

LEVEL OF CONTROL OVER ENTERPRISE MOBILITY DEVICES

• COMMERCIAL SOLUTIONS FOR CLASSIFIED (CSFC) INTEGRATION: Help organizations automatically enforce data-at-rest encryption and manage mobile access data-in-transit protections

• DEVICE WIPE & DATA SECURITY: Dump sensitive cryptographic material and wipe the hard drive to minimize risk of lost or stolen devices and ensure compromised devices are not re-introduced to enterprise resources

• ENTERPRISE ASSET & INVENTORY MANAGEMENT: Integrated RFID capabilities provide situational awareness of an organization’s threat posture and increases inventory management effectiveness

• CONTEXTUAL SECURITY: Use user/device behaviors, environmental factors, and threat vectors to inform automated endpoint protection decisions

• PRE-BOOT SECURITY: Provide assurances the device is secure and in approved locations before the hard drive is decrypted and capable of accessing data on enterprise networks

• FIRMWARE-LEVEL HARDWARE MANAGEMENT:Quickly adapt to attacks, vulnerabilities, and policy changes by powering off devices of concern – ensuring unnecessary hardware is disabled at the lowest possible level

• GEOFENCING BOUNDARY ENFORCEMENT: Ensure enterprise devices can only be powered on in approved locations (network connectivity and/or RFID) and immediately power off devices removed from controlled areas

• ENTERPRISE INTEGRATION: Fully integrates into existing ecosystems, allowing organizations to get rapid results and return on investment

CSFC Wireless

Infrastructure

Asset Management

and Tracking

Endpoint Command

& Control

Secure VDI/

Zero-Trust Endpoint

CONTEXTUAL SECURITY TRIGGERS

Counterintelligence/

Insider Threats

Dynamic Access

Control Source

Environment RFID

User BehaviorNetwork

• Device Shutdown & Data Wipe• Firmware-Based Hardware Controls• CSFC Data-at-Rest Enforcement• Adaptive Threat Response• Secure Network Management• Anti-Tampering Mechanisms• Multi-Domain Access Controls

DISTRICT DEFEND PROVIDES THE FOUNDATION FOR SECURE END-TO-END

ENTERPRISE MOBILITY

PHYSICAL ATTACKS

CYBER EXPLOITS

HUMAN ERROR

INSIDER THREATS

THREATS DISTRICT SOLUTIONS

DISTRICT CAPABILITIES

Device Power On

Wifi Enabled

Wireless LAN

Personal File Access

USB Access

Wiper Timer

Camera Enabled

Microphone Enabled

Enable Disable

Security that automatically knows where devices are located, and how to adapt security controls

DYNAMICALLY UPDATES SECURITY PROTOCOLSAs your device moves from location to location or to different

“Districts”, it automatically updates security protocols and data access even when powered off.

ZONE-BASED SECURITY ALLOWS USERS TO BE TRULY MOBILE, USING ONE

DEVICE ANYWHERE WITHOUT SACRIFICING DATA INTEGRITY

SEAMLESS MANAGEMENT For the administrator, managing all

devices’ security configurations is as simple as flipping a switch.

6

DISTRICT ASSET TRACKING AND MANAGEMENT ADDRESSES KEY SECURITY VULNERABILITIES TO SAFEGUARD ENDPOINTS, DATA, & INFRASTRUCTURE:

BENEFITS OF PASSIVE RFID ASSET TRACKING: BENEFITS OF CONTEXT-BASED MANAGEMENT:

✓ Situational awareness of all devices’ current location, regardless of power state

✓ Collect information on device movement and user behaviors for counterintelligence audits/analytics

✓ Support CSfC-Approved Capability Packages and Location-Based security

✓ Automated device wipe of lost or stolen devices to ensure exploited devices are not re-introduced into the environment

✓ Ensure Wi-Fi is disabled if devices are in unapproved locations and enabled only in approved locations

✓ Control boot management and ensure memory is cleared when devices is taken outside

8

Networking PASSIVE RFID

CONTEXTUAL TRIGGERS WILL EXPAND TO PROVIDE ADDITIONAL FLEXIBILITY AND ENHANCED SECURITY PROTECTIONS ACROSS EVOLVING USER SCENARIOS

Benefits of Multiple Contextual Triggers:

• Significantly complicates an attacker’s approach to replicate contextual triggers that enable “privileged” device behavior

• Provides protections against lost or stolen devices, as well as, prevents re-introduction of compromised devices into enterprise networks and resources

• Delivers flexibility to support a variety of work environments and user bases with divers mission needs

• Allows for the use of one or many contextual triggers based on organizational security requirements

8

Passive RFIDENVIRONMENTALNETWORKING USER BEHAVIOR TAILORED SCRIPTS

Establishes virtual RF curtains that serve as organizationally-defined boundaries for end user device usage and configuration settings. Provides the ability to track assets and communicate policies even when devices are powered off.

Uses the end user devices’ connection status to enterprise networks to determine policy configurations. Supports either binary or multi-network configurations and allows requirements for always connected or “time to live” after disconnect.

Allows organizations to create a baseline of expected conditions (e.g., should only see certain Wi-Fi SSIDs or should always see certain RF beacons). Automatically enforces organizationally-defined actions if the device falls outside the baseline.

Enables organizations to establish a whitelist of expected behaviors or a blacklist of impermissible behaviors. When a user’s actions do not align with the baseline established then organizationally-defined actions will automatically be enforced.

Organizations’ needs and threats/ vulnerabilities both constantly evolve and demand new security triggers and corresponding actions. Customized scripts allow organizations to create their own library of policies that can be integrated and enforced.

“DATA-FULL” ACCESS (I.E., DATA ON DEVICE)

CURRENT WEAKNESSES:• Data security highly relies on the Operating System

and end user• Difficult to implement data wipes and often relies

instead on data delete

DISTRICT ENHANCEMENTS:

• Automates policy enforcement at firmware level• Utilizes pre-boot data wipe with built-in wipe

timers to establish “time to live” rules• Enforces Data-at-Rest CSfC protections to ensure

the device is considered “black” when removed

DISTRICT DEFEND SUPPORTS AND HARDENS A VARIETY OF END-POINT DATA

ACCESS METHODOLOGIES

VIRTUAL DESKTOP/ZERO CLIENT

CURRENT WEAKNESSES:• Lack secure, hardware-based key/certificate

storage (i.e., TPM 2.0)• Not configured to support multiple IPSec tunnels• Lack robust mobile device options

DISTRICT ENHANCEMENTS:

• Provides the hardware-level security protections to safeguard keys/certificates

• Prevents re-introduction of compromised devices into environment

• Supports establishment of CSfC IPSec tunnels

9

District continues to evolve to support both data on device and virtual desktop approaches, as well as, providing a combination approach on a common platform

To see District Defend in action, we will show you an example of how some customers have deployed District.

11

• Power On• USB Off• Front Camera Off

• Wireless LAN Off• Speakers Off• Microphone Off

• Docking Off• Wipe Timer Off

ZONE 1: LOBBY & EXTERIOR

• Power On• USB On• Front Camera On

• Wireless LAN Off• Speakers On• Microphone On

• Docking Off• Wipe Timer Off

ZONE 2: HALLWAY AND OPEN CONFERENCE ROOMS

• Power On• USB Off• Front Camera Off

• Wireless LAN On• Speakers On• Microphone Off

• Docking On• Wipe Timer Off

ZONE 3: TYPICAL USER WORKSPACE

• Power On• USB On• Front Camera On

• Wireless LAN Off• Speakers On• Microphone On

• Docking Off• Wipe Timer Off

ZONE 2: HALLWAY AND OPEN CONFERENCE ROOMS

• Power On• USB Off• Front Camera Off

• Wireless LAN Off• Speakers Off• Microphone Off

• Docking On• Wipe Timer Off

ZONE 4: SENSITIVE INFORMATION ACCESS POINT

• Power Off• USB Off• Front Camera Off

• Wireless LAN Off• Speakers Off• Microphone Off

• Docking Off• Wipe Timer On

ZONE 1: LOBBY AND EXTERIOR

EXECUTE MISSION OBJECTIVES WITHOUT SACRIFICING DATA SECURITY.

WITH DISTRICT DEFEND SECURE MOBILITY,

YOU’RE FREE TO DO MORE

For further information please contact:

Jeff Van Horn, TriCIS Ltd, jeffvanhorn@tricis.co.uk, Mobile: +44 (0) 7761-514-558

WITH DISTRICT DEFEND,

YOU’RE FREE TO BE TRULY MOBILE