At the International Police Expo held in the national capital last week, one booth stood out among the national and international companies showcasing the latest innovations in cyber security and intelligence technology. The technology neither offered a surveillance solution nor a tactical weapon and yet managed to draw eyeballs of who’s who of India’s internal security and law enforcement apparatus. It was a mobile device protection technology that claims to have protected “every variant of the Pegasus attack” in the last five years.
Zimperium, a US-based technology firm that specialises in mobile phone security, has recently secured a contract with the United States Department of Defence (DOD) to deliver comprehensive Mobile Endpoint Protection (MEP) solution. Zimperium’s regional sales director Somesh Sawhney, who had flown all the way from Dubai for the event, told India Today that there was a lot of interest in the technology from the government as well as the enterprise sectors in India after the recent Pegasus episode came to light.
“We detected the first variant of Pegasus in 2016 and all our enterprise and government customers are protected even with the new variant as a zero-day. We are not a cloud-based solution, we are a complete on-premise solution, so even without any signature updates, even if your phone is not connected to the internet, they are still protected,” Sawhney explained.
How It Works
The program has a “Mobile Threat Defense” engine that uses machine learning to detect device and network behaviour as well as attacks in real time. Designed especially for mobile devices, it works on iOS, android, and Chromebook platforms. Explaining the process, the Zimperium official said the “on-device solution” sits on top of the operating system, identifies and alerts the users about the threats, and stops them.
While the technology sounds like an adaptive threat defence — also called heuristic detection — that anti-virus and anti-malware apps on mobile phones and computers have used for years, it is possible that Zimperium has some secret sauce that also protects devices from zero-day attacks often used by Pegasus or similar spyware programs. Though, it is worth noting that Pegasus like spyware use extremely sophisticated and completely unknown aka zero-day bugs to infect devices. Usually anti-virus and anti-malware apps are ineffective against them.
Speaking about the US defense department contract, Sawhney said, “We are highly privileged to receive this eight-figure contract from the US department of defense. We are protecting devices of US armed forces officials. They (US DoD) understand that this (mobile phone devices) is the most vulnerable endpoint, and they are looking to protect their officials from similar attacks like the Pegasus.
Zimperum mobile interface on an android mobile device.
Chosen by Google as one of the three technology solutions to scan apps on its Play Store, the Dallas-based technology firm has several Fortune 500 companies on its clients’ list. “This technology is being trusted by 3,000 enterprise customers globally and we have big references in every sector, including the financial sector, automobile, healthcare, pharmaceuticals, and the list goes on,” Sawhney told India Today. Since the Pegasus scandal came back to the limelight earlier this year, the company has received increased queries from Indian public and private sector clients.
Speaking about the India prospects, he said, “There is a lot of interest, especially we are seeing from the public sector, from large enterprises like pharmaceuticals corporates.”
The company has been offering its services to governments and large enterprises globally and claims that its services are affordable and cost much less than the risk, in case of an eventual compromise. “Today, the cost of an attack to an enterprise is I believe 20 or 50 times more expensive than this technology. It’s a very affordable technology compared to the kind of money any enterprise spends today on information security in today’s zero trust environmentI think this is just peanuts which can secure their one fundamental endpoint,” Sawhney added.
Phone manufacturing company Samsung is one of the investors in the company, along with the Japanese multinational conglomerate Soft Bank and several other venture capital and private equity firms.
According to some estimates, the mobile anti-malware market was expected to reach $12 billion in the next five years but the recent spotlight on the Pegasus scandal and increased remote working trend due to Covid might push the valuation of the market even further.