September 23, 2020

Digital Workspace Mobile Threat Detection & Response with Workspace ONE & Zimperium - Integrating zConsole

Around the globe, people are accessing sensitive resources using all kinds of devices from every location. Likewise, the importance of mobile threat detection and response is also increases. One way to meet this challenge is with a Workspace ONE UEM and Zimperium's zIPS integration. These two solutions in conjunction can address mobile threats head-on. They provide controls specifically designed to detect threats that you might otherwise not be aware of, let alone mitigate. Read this blog to find out how to integrate and up your threat detection ante.

Mobile threat detection and response is an area of ever-growing importance, as the world finds itself accessing sensitive resources on devices everywhere. Application, identity, or device management only offer so much protection against the assortment of threats users face.

Digital workspace products like VMware Workspace ONE and Zimperium's zIPS complement each other, and offer compensating controls specifically for mobile threats. These capabilities allow your organization to detect threats that you might otherwise not have the ability to detect, let alone to mitigate.

Zimperium focuses on being best-in-breed in mobile threat detection (MTD), and it shows. In 2019, Zimperium was the first MTD product to be FedRAMP authorized, partnered with VMware to join the Trust Network, and selected by Google to join the App Defense Alliance.

To make these controls possible, you need to integrate the Zimperium console (zConsole) with Workspace ONE UEM. In this blog post, I'll go through all the requirements for integration. Requirements like...

  • Obtaining an API Key for integration
  • Setting up MDM integration with zConsole and Workspace ONE UEM
  • Testing integration
  • Mood-lifting background picture
    Mood-lifting background picture screenshot
    Grand Hyatt Kauai, not included in Workspace ONE. But a great place to treat your team, hint, hint...

How to Integrate the zConsole with Workspace ONE UEM

  1. Open the Workspace ONE UEM console and go to Groups & Settings > All Settings.
    Workspace ONE UEM console screenshot
     
  2. In the Settings window, go to System > Advanced > API > REST API.
    Settings window screenshot
     
  3. In the General tab, click Add.
    Note: Ensure Enable API Access is set to enabled. This is required.
    Ensure Enable API Access screenshot
     
  4. Name the service, for example, zConsole. Ensure the Account Type is set to Admin. Copy the API Key to your clipboard or Notepad. You will use this in the zConsole.
    Name the service screenshot
    This API key is just for example.
     
  5. Log in to your Zimperium zConsole.
    Zimperium zConsole screenshot
     
  6. In the left navigation pane, locate Manage.
    Left navigation pane screenshot
     
  7. Click Manage.
    Click Manage screenshot
     
  8. In the top of the Manage window, click the Integrations tab.
    Integrations tab screenshot
  9. Click Add MDM.
    Add MDM screenshot
    In this example, an existing environment is seen integrated already. Currently, you can have multiple environments associated with a single Zimperium SaaS VPC tenant or on-premise environment.
     
  10. Depending on your console version, select AirWatch by VMware, or Workspace ONE. Once selected, click Next.
    Console version screenshot
     
  11. Enter the following information:
    • URL: This is the URL for your Workspace ONE UEM API Endpoint.
      Note: This needs a DNS A record, publicly resolvable, with 443 inbound/outbound TCP/UDP traffic allowed. You can create this public DNS A record in whatever service manages your public-facing DNS, such as AWS Route 53, Cloudflare DNS, GCP Cloud DNS, Azure DNS.
      In this example, I have a DNS A Record created for the URL: https://ws1.<mycompany.com.
      The proper firewall and IP routing table configuration are required to support inbound and outbound communication.
    • Username: A Basic user, or LDAP user in Workspace ONE UEM.
      Note: The account must have permissions to make API calls for the smart groups, users, devices, and applications for the organization group(s) being managed. This example uses a directory account of vmware\ws1.
    • MDM Name: There is no incorrect value for this field. It is strictly to label the MDM environment in zConsole. Name it something appropriate, such as Hawaii Retirement Provider, or: Molokai Bank - Workspace ONE UEM - 1903 – Prod.
    • Background Sync: Ensure that this box is checked.
    • Mask Imported User Information: Check if you prefer the data to be anonymized. There are other unique identifiers that are not anonymized, and additional ways to limit data returned for other scenarios (such as GDPR compliance). In my lab environment, I leave this unchecked.
    • API Key: This is the API Key that you copied onto your clipboard or Notepad in an earlier step. Paste it here.
      Edit MDM screenshot
  12. In the lower right corner, click Next.
  13. At the next window, select the smart groups from Workspace ONE UEM that you want to import into the zConsole.
    Note: I suggest making and importing the following (5) smart groups in Workspace ONE UEM (I’ll say more about this in an upcoming post):
    • Risk-Critical
    • Risk-Elevated
    • Risk-Low
    • App - Zimperium – Pilot
    • App - Zimperium – GA
      Edit MDM screenshot
       
  14. Click Finish.
  15. This takes you back to the Integrations page. Verify your configuration by clicking the green Test MDM button.
    MDM Integration Test screenshot
     
  16. Verify that all the tests passed.
    Note: During these tests, network traffic between the VPC and your Workspace ONE environment is expected. A series of API calls from the VPC will be made to verify access to Workspace ONE API endpoints.
    MDM Integration Test screenshot all of the tests passed

 

After integration is complete, you will want to look at my blog post covering zIPS delivery and activation on Android devices.

Stay tuned for more posts covering Workspace ONE, Intelligence, Zimperium, Mobile Threats, and more.

Filter Tags

Workspace ONE Workspace ONE UEM Blog Technical Overview Intermediate Android AWS Azure