Mobile device event logging: A panacea for the digital endemic

This content is provided by Zimperium.

Malware, like ransomware and spyware, is rampant in federal networks. If agencies have learned nothing else in the last year, they have realized that they currently face a digital endemic. With mobile security as the Achilles heel of Zero Trust, mobile event logging can be a preventive care measure protecting federal network digital health. Just like cancer screenings can give preventative insights into physical health, mobile event logging acts as a digital health screening to detect and prevent potential threats to federal networks.

Digital Device Health Screening by Maturing Event Logging

August 27, 2021, Office of Management and Budget (OMB) memorandum M-21-31 outlines a “Maturity Model for Event Log Management.”

The memorandum gives four maturity levels defined as:

  • EL0 Ineffective: Logging requirements of highest criticality are either not met or only partially met
  • EL1 Basic: Only logging requirements of highest criticality are met
  • EL2 Intermediate: Logging requirements of the highest and intermediate criticality are met
  • EL3 Advanced: Logging requirements at all criticality levels are met

At the EL1 Basic level, agencies need to ensure that they have mobile devices (smartphones and tablets) and Mobile Threat Defense (MTD) server log alerts.

Further, agencies need to collect active and cold data storage logs for mobile devices and MTD agents. Under the technical details section, the data collected includes:

  • General
  • Device
  • Application
  • Device policy settings
  • Device configurations
  • Network configurations
  • Event/Audit/Crash logs
  • MTD agent information

The MTD agent information gets even more specific, pointing out that the event logging needs to include:

  • Agent Activation Status
  • Threat Detection of Variety of Vulns
  • Phishing Protection Status
  • Tampering of Agent, App, or System
  • Privilege Escalation
  • MITM Activities
  • Remediation Actions Taken
  • Last Time Device Synched with Enterprise Systems

All of this makes sense as mobile threats continue to increase exponentially. After all, mobile is often the most vulnerable endpoint, which makes threat actors want to target it. As an…