Intelligence Use Case: Integration with Mobile Threat Defense Solutions
(via Workspace ONE Trust Network)
Mobile Threat Defense Solutions
Before we dive into this use case, let us get to know more about Workspace ONE Trust Network!
Workspace ONE Trust Network integrates threat data from different security solutions, which include Endpoint Detection and Response (EDR) solutions, Mobile Threat Defense (MTD) solutions, and Cloud Access Security Brokers (CASB). This Trust Network informs Workspace ONE Intelligence with threat information as well as insights into risks in your device fleets. With threat information, we can create dashboards and automation workflows to visualize and act on those threats.
Because this post focuses on mobile devices, we are going to investigate the Mobile Threat Defense solutions specifically. However, I would recommend you check out on Tech Zone which covers VMware’s very own EDR solution and Intelligence for your desktop fleet.
Talking about MTD solutions, VMware partners with multiple vendors including BETTER Mobile, Check Point, Lookout, Pradeo, Wandera, and Zimperium. We will not go into details on how to integrate each platform here, but for more details on how to configure the integration, see documentation.
Workspace ONE Mobile Threat Defense
In addition to these solutions, VMware recently released a more streamlined integration with Lookout for Work called . This new solution embeds Lookout’s Threat Detection capability within Workspace ONE Intelligent Hub, allowing for a much smoother end-user experience as everything is built in. You can check out the and a quick . These are a few screenshots of how MTD is integrated into the Intelligent Hub application.
Figure: (Left) Overview threat information displayed in Intelligent Hub; (Middle) Detailed information on the detected threats; (Right) A different example of threat information displayed in Intelligent Hub
Regardless of which MTD solutions you pick, the idea is still the same. We can use a built-in dashboard, or you can create your own to visualize the threats. The built-in dashboard lives under Intelligence Dashboard > Security Risk Dashboard > Threats tab. This built-in dashboard shows us the historical trend of your security risk, broken down by categories. This allows us to visualize and understand if there is any anomaly in any risky behavior found in your devices and/or users.
Figure: Built-in Security Threat historical dashboard, aggregated from different Trust Network partners
Aside from being able to visualize the threats in a dashboard, you can also create an automation workflow to address any high-risk devices, like previous use cases. In the Automation workflow, we can take the MTD Threats data and filter them with their Threat Status and Threat Severity. In the example below, based on Lookout threat information, we decided to perform an Enterprise Wipe on the devices with an unresolved high threat severity.
Figure: Example of an automation workflow using threat data from Lookout
Of course, you can choose other actions as you see fit, based on your security requirements. If a threat is not of high severity, then other actions could be performed such as notifying the security team through email or Slack, as well as creating a ServiceNow incident, as you can see in the next screenshot.
Figure: Example of another automation workflow using threat data from Lookout. Instead of enterprise wiping the devices, we send notifications and create ServiceNow incidents instead.
That wraps the Security Enhancement section of my top 10 Workspace ONE Intelligence use cases. To recap, we have seen four different use cases (#5 to #8) that would help elevate your security posture in your mobile device fleet. Three of them are low-hanging fruits that you can utilize right away. The other requires additional integration, but once it is integrated, it will give you a great tool in your security toolbox to mitigate any potential threats in your environment.
We will cover two more use cases focusing on end-user experience improvement, bringing us to 10 use cases as originally promised.