Intelligence Use Case: Vulnerability Management and Remediation

July 01, 2022

Welcome back to the blog series, Top 10 Mobile Device Use Cases for Workspace ONE Intelligence. Use cases 5 through 8 will cover Security Enhancement. Today, it’s use case #6, Vulnerability management and remediation.

A zero-day vulnerability has, unfortunately, become increasingly prevalent in this day and age. Like it or not, we have become far too familiar with dropping everything we are doing and spending hours, if not days, having all hands on deck fending off new exploits by bad actors.

Vulnerability Management and Remediation

Recognizing this challenge, VMware provides us with a way to lift the weight off us quite a bit through its out-of-the-box Vulnerability Management solution. This solution is built on top of Workspace ONE Intelligence, harvesting its core functionalities of Reports, Dashboards, and Automations to help you proactively manage potential vulnerability in your environment. It accomplishes this by gathering reported vulnerability data (CVE and CVSS) along with device data from Workspace ONE UEM to evaluate potential threats on the devices.

At the time of this writing, the Vulnerability Management solution within Intelligence supports Windows and iOS platforms. (macOS is coming later this year.) And although it does not cover all device platforms now, it still is an immensely powerful tool to use. Because this series is focused on mobile devices, I will focus on iOS in this post.

There are three parts to this solution — SLA definition, vulnerability monitoring, and vulnerability remediation.

SLA Definition

Service-Level Agreements (SLAs), in this context, refer to how fast we need to remediate vulnerabilities for various levels of severity. This solution allows you to define what your SLAs should be, aligning with your security best practices. Based on your defined CVSS Score range, you can determine the threshold for the percentage of devices patched and remediation timeframe, as seen in the screenshot below. This will be used further in your security health visualization of the patching progress.

Graphical user interface, application</p>
<p>Description automatically generated

Figure: SLA definition found under Solutions > Vulnerability Management > Settings

Vulnerability Monitoring

The second part is vulnerability monitoring. In this solution, there are built-in dashboards we can leverage to identify available updates and vulnerable devices and observe patch install status trends. This allows us to take further action if we see that our remediation effort is not going to meet the SLA target. This is what the dashboard for iOS devices looks like.

Graphical user interface, application</p>
<p>Description automatically generated

Figure: Built-in vulnerability management dashboard for iOS (1)

Graphical user interface, application</p>
<p>Description automatically generated

Figure: Built-in vulnerability management dashboard for iOS (2)

Vulnerability Remediation

Lastly, we have vulnerability remediation. For this, we will use Workspace ONE Intelligence Automation workflow. Based on the CVSS score, we can create a workflow to act as a compliance policy engine to either remove resources, install restrictions, notify users, or push out the latest OS update if we detect that the devices are vulnerable (e.g., devices with CVSS score over a defined threshold). This allows you to automate the OS update, specifically for the ones addressing any new vulnerability without manually updating the workflow.

Here is an example of how we can schedule the latest OS update on iOS devices that are vulnerable to CVEs with CVSS scores higher than 9.8.

Graphical user interface, text, application, email</p>
<p>Description automatically generated

Figure: Example of an automation workflow targeting devices susceptible to high CVSS score


Keep an eye out for the next post in this series, Intelligence Use Case: Risk Analytics for Mobile Devices.

Associated Content

From the action bar MORE button.

Filter Tags

Workspace ONE Workspace ONE Intelligence Blog Announcement Overview iOS Manage