District Defend™

District Defend™


  • Multilayer encryption to protect sensitive data
  • Anti-tampering measures to prevent physical hacking
  • Manage access to multiple operating systems on one device, including permissions for specific hardware and software
  • Track assets within the district using integrated RFID technology, including alerts customized for multiple layers of security personnel and types of assets


  • As mobile becomes a part of the enterprise, District Defend gives administrators the ability to understand risk exposure and enforce end user policies automatically
  • Policies that rely on end users to enact can leave your network and sensitive data open to attack; by automating enforcement of security policies District Defend minimizes the risk of accidental data leaks
  • District Defend expands the flexibility of your workforce by providing the tools and data your users need where they need them


How is Booz Allen's District Defend™ location-based security solution different than mobile device management (MDM) solutions?

MDM solutions have one foundational flaw - they are installed on top of the user's operating system. If attackers want to defeat an MDM, they simply need to target the operating system. District Defend on the other hand, leverages a hypervisor to isolate both hardware and the user's operating system. This means that security is managed below the operating system, and attacks against the operating system do not compromise our underlying security controls. Additionally, this isolation prevents attacks that target individual hardware components from spreading to other hardware components.

Is RFID technology secure?

While traditional RFID deployments have generally not defended against sophisticated attacks, District Defend incorporates encryption and an enhanced security architecture to secure RF transmissions. Additionally, while no sensitive user data is ever transmitted over RFID (it's reserved strictly for communicating organizational policy actions), District Defend was built to meet the stringent requirements of the U.S. intelligence community.

Does District Defend give tagged devices a signature (making them vulnerable to sniffing or middle men wireless accounts)?

District Defend uses passive RFID, which means that the RFID tags have no battery. Instead, the tags draw power from RFID readers, which send out waves that induce a current in the tag's antenna. This solution ensures that devices will only respond when read. There are no active signatures (e.g., beacons, pings or pulses) that would identify protected assets or provide a trial of sensitive information.

Does the RFID used by District Defend work through walls?

Because District Defend uses passive RFID, the tags must be able to draw enough power from the reader to read the signal and send a response. Walls and most windows drastically diminish the amount of RF power available and will render tags on the other side unreadable. This solution provides an optimal solution for accurate and secure location awareness.

Does District Defend replace existing authentication schemes?

While District Defend does help automate security enforcement and provide device-level authentication, we do not attempt to replace user authentication to the device or network. This design means that deployed mobile solutions benefit from defense in depth, with both device and user authentication safeguards in place to secure access to sensitive data and networks.