MDM solutions have one foundational flaw - they are installed on top of the user's operating system. If attackers want to defeat an MDM, they simply need to target the operating system. District Defend on the other hand, leverages a hypervisor to isolate both hardware and the user's operating system. This means that security is managed below the operating system, and attacks against the operating system do not compromise our underlying security controls. Additionally, this isolation prevents attacks that target individual hardware components from spreading to other hardware components.
While traditional RFID deployments have generally not defended against sophisticated attacks, District Defend incorporates encryption and an enhanced security architecture to secure RF transmissions. Additionally, while no sensitive user data is ever transmitted over RFID (it's reserved strictly for communicating organizational policy actions), District Defend was built to meet the stringent requirements of the U.S. intelligence community.
District Defend uses passive RFID, which means that the RFID tags have no battery. Instead, the tags draw power from RFID readers, which send out waves that induce a current in the tag's antenna. This solution ensures that devices will only respond when read. There are no active signatures (e.g., beacons, pings or pulses) that would identify protected assets or provide a trial of sensitive information.
Because District Defend uses passive RFID, the tags must be able to draw enough power from the reader to read the signal and send a response. Walls and most windows drastically diminish the amount of RF power available and will render tags on the other side unreadable. This solution provides an optimal solution for accurate and secure location awareness.
While District Defend does help automate security enforcement and provide device-level authentication, we do not attempt to replace user authentication to the device or network. This design means that deployed mobile solutions benefit from defense in depth, with both device and user authentication safeguards in place to secure access to sensitive data and networks.