Intelligence Use Case: Integration with Mobile Threat Defense Solutions

July 06, 2022

(via Workspace ONE Trust Network)

Welcome back to the blog series, Top 10 Mobile Device Use Cases for Workspace ONE Intelligence. Use case #8 is Integration with Mobile Threat Defense solutions and is the last use case in the Security Enhancement section.

Mobile Threat Defense Solutions

Before we dive into this use case, let us get to know more about Workspace ONE Trust Network!

Workspace ONE Trust Network integrates threat data from different security solutions, which include Endpoint Detection and Response (EDR) solutions, Mobile Threat Defense (MTD) solutions, and Cloud Access Security Brokers (CASB). This Trust Network informs Workspace ONE Intelligence with threat information as well as insights into risks in your device fleets. With threat information, we can create dashboards and automation workflows to visualize and act on those threats.

Because this post focuses on mobile devices, we are going to investigate the Mobile Threat Defense solutions specifically. However, I would recommend you check out Integrating Workspace ONE Intelligence and VMware Carbon Black on Tech Zone which covers VMware’s very own EDR solution and Intelligence for your desktop fleet.

Talking about MTD solutions, VMware partners with multiple vendors including BETTER Mobile, Check Point, Lookout, Pradeo, Wandera, and Zimperium. We will not go into details on how to integrate each platform here, but for more details on how to configure the integration, see Workspace ONE Trust Network documentation.

Workspace ONE Mobile Threat Defense

In addition to these solutions, VMware recently released a more streamlined integration with Lookout for Work called Workspace ONE Mobile Threat Defense. This new solution embeds Lookout’s Threat Detection capability within Workspace ONE Intelligent Hub, allowing for a much smoother end-user experience as everything is built in. You can check out the Workspace ONE Mobile Threat Defense solution brief and a quick Mobile Threat Defense demo video. These are a few screenshots of how MTD is integrated into the Intelligent Hub application.

Graphical user interface, application, Teams</p>
<p>Description automatically generated

Figure: (Left) Overview threat information displayed in Intelligent Hub; (Middle) Detailed information on the detected threats; (Right) A different example of threat information displayed in Intelligent Hub

Regardless of which MTD solutions you pick, the idea is still the same. We can use a built-in dashboard, or you can create your own to visualize the threats. The built-in dashboard lives under Intelligence Dashboard > Security Risk Dashboard > Threats tab. This built-in dashboard shows us the historical trend of your security risk, broken down by categories. This allows us to visualize and understand if there is any anomaly in any risky behavior found in your devices and/or users.

Chart, line chart</p>
<p>Description automatically generated

Figure: Built-in Security Threat historical dashboard, aggregated from different Trust Network partners

Automation Workflow

Aside from being able to visualize the threats in a dashboard, you can also create an automation workflow to address any high-risk devices, like previous use cases. In the Automation workflow, we can take the MTD Threats data and filter them with their Threat Status and Threat Severity. In the example below, based on Lookout threat information, we decided to perform an Enterprise Wipe on the devices with an unresolved high threat severity.

Graphical user interface, text, application, email</p>
<p>Description automatically generated

Figure: Example of an automation workflow using threat data from Lookout

Of course, you can choose other actions as you see fit, based on your security requirements. If a threat is not of high severity, then other actions could be performed such as notifying the security team through email or Slack, as well as creating a ServiceNow incident, as you can see in the next screenshot.

Graphical user interface, text, application, email</p>
<p>Description automatically generated

Figure: Example of another automation workflow using threat data from Lookout. Instead of enterprise wiping the devices, we send notifications and create ServiceNow incidents instead.


That wraps the Security Enhancement section of my top 10 Workspace ONE Intelligence use cases. To recap, we have seen four different use cases (#5 to #8) that would help elevate your security posture in your mobile device fleet. Three of them are low-hanging fruits that you can utilize right away. The other requires additional integration, but once it is integrated, it will give you a great tool in your security toolbox to mitigate any potential threats in your environment.

We will cover two more use cases focusing on end-user experience improvement, bringing us to 10 use cases as originally promised.

Stay posted for use case #9, Tracking User Experience through Mobile App Analytics.

Associated Content

From the action bar MORE button.

Filter Tags

Workspace ONE Workspace ONE Intelligence Blog Announcement Overview Manage