How Lookout Secures Fairfax County’s Mobile Infrastructure

Fairfax County has deployed Lookout’s mobile security solution across its device fleet since 2018, addressing what Tim LeMaster describes as a “blind spot” in the organisation's security infrastructure. Tim, who leads solutions engineering for Lookout’s public sector team, says the county recognised the need for visibility into mobile threats before many other organisations understood the scale of the risk.

The partnership began after discussions between Lookout and Fairfax CISO Michael Dent. “They [Fairfax County] recognised the need for better visibility into mobile and were looking for a way to address the blind spot,” Tim says. “A lot of organisations don’t recognise that mobile visibility gap so it was impressive that they not just understood the risks but were intent on finding a solution.”

Charles Gore, incoming CISO at Fairfax County, says mobile devices represent a persistent vulnerability. “As mobile devices continue to evolve in their use for both productivity and data consumption, they will continue to represent a vulnerable attack surface in any organisation,” he says.

More than 90% of Fairfax County's iOS devices now run Lookout's security software, which addresses malicious applications, operating system compromises including jailbreaking and rooting, and network threats such as adversary-in-the-middle attacks.

The company’s focus reflects the shift in how attackers target mobile users. “Social engineering is really the most common threat we see today, so we spend a lot of time on issues like mobile phishing, executive impersonation and other social engineering threats that are so prevalent on mobile,” Tim says. The company has developed capabilities that target these attack vectors, including AI tools that detect executive impersonation and SMS phishing attempts.

Fairfax County integrates Lookout telemetry into SIEM

The county has moved beyond using Lookout solely for device protection. Fairfax County now feeds telemetry and event data from Lookout into its security information and event management system, where analysts correlate mobile threats with activity from traditional endpoints and network infrastructure.

“They’ve gone beyond just protecting the devices. They’re using the telemetry and events from mobile to ingest into their SIEM, correlating it with event data from traditional endpoints and network devices,” Tim says. “This gives them a better understanding of the overall cyber threat and strenghtens their security posture.”

This integration provides the county’s security operations centre with a view across mobile, endpoint and network layers. When a phishing attempt reaches an employee’s mobile device, analysts can trace the attack through multiple systems and identify whether other vectors have been compromised.

Charles says the capability matters for protecting both county staff and citizens. “The ability to proactively analyse suspicious links, messages and app behaviors is essential in helping protect our employees – and more importantly, the citizens we serve – from malicious actors,” he says.

Lookout adapts platform as threat actors change tactics

Lookout has operated in mobile security for more than 15 years, accumulating data that informs its threat detection models. The company uses this experience to identify emerging attack patterns as threat actors modify their techniques and as new vulnerabilities appear in iOS and Android operating systems.

Tim says the threat landscape shifts continuously. “The cyber threat landscape constantly evolves. Threat actors and their motivations change, they change their TTPs, new vulnerabilities are exposed, and devices themselves change and evolve,” he says. “The threat protection solutions must evolve also, and Lookout does.

“We will continue to work with Fairfax County to leverage the new capabilties in our roadmap to help them secure their mobile devices and users.”

To read the full story in the magazine, click HERE.