The Department of Homeland Security (DHS) confirms International Mobile Subscriber Identity (IMSI) catchers, like StingRay, is a problem and the detection must be done at the infrastructure level because IMSI catchers spoof legitimate networks.
Christopher Krebs, a DHS official and top leader of the The National Protection and Programs Directorate (NPPD), said use of IMSI catchers by malicious actors to track and monitor cellular users is "unlawful and threatens the security of communications, resulting in safety, economic and privacy risks."
Protecting the data is critical across all data phases – whether personal, government or corporate information. Data in Use, Data at Rest and Data in Transit security must be addressed by
appying a solution that allows business-as-usual, support business processes and is complaint.
Technology to detect IMSI’s, like Stingray, exists. However, developments are in the infancy stage (more here). Specifically, Data in Motion security is often neglected but paramount to the overall security of the mobile environment (therefore, a proverbial the weakest link).
As a MDM/EMM and device agnostic mobile business solution and service provider ISEC7 addresses security risk and regulatory compliance issues.
Integrating leading solutions, such as the following, provide some immediate steps to address these issues:
- ISEC7 MDM Assessment – provides recommended EMM actions to take based on the clients environment and business needs.
- ISEC7 STIG Assessment – a service to federal agencies to ensure their environments are in compliance with the STIG recommendations.
- ISEC7 Healthcheck – a service for ISEC7 team to complete a comprehensive review of the client environment and provide recommendations to address issues.
- ISEC7 Practical Cyber Defensive Training – a training course for practical cyber defensive training (essentially, dos and don’ts specific to cyber security).
- Certified Mobile Device Security Professional Certification (CMDSP) – a certification that promotes knowledge of mobile devices, securing devices, and securing environments for mobile devices for the mobile IT administrator role.
Media Contact ISEC7 Group
Amy K. Mininger
ISEC7 North America