July 05, 2023

VMware Workspace ONE has enhanced its FedRAMP SaaS offering to include: Mobile Threat Defense

VMware Workspace ONE has enhanced its FedRAMP SaaS offering to now include VMware Workspace ONE Mobile Threat Defense. Read this post for all the details.

Helping Public Sector to Provide Modern Threat Defense for government’s mobile endpoints

FedRAMP Moderate Authorized Workspace ONE Mobile Threat Defense (MTD) through the Lookout, Inc. Joint Authorization Board (JAB) P-ATO

VMware Workspace ONE Mobile Threat Defense is announcing our Federal Risk and Authorization Management Program (FedRAMP) Moderate authorized through the Lookout, Inc. Joint Authorization Board (JAB) P-ATO (Provisional Authority to Operate). Available as a cloud-hosted, multi-tenant Software-as-a-Service (SaaS) offering, Workspace ONE Mobile Threat Defense (MTD) integrates with Workspace ONE Unified Endpoint Management (UEM), along with Workspace ONE Access, Workspace ONE Intelligent Hub, and Workspace ONE Intelligence within the Workspace ONE suite. 

Our FedRAMP SaaS offerings, Workspace ONE UEM, Workspace ONE Access, and Workspace ONE Intelligence are Authorized at Moderate / Impact Level 2 (IL2 for DoD). VMware Horizon Cloud Service for VDI is FedRAMP High Authorized, pending IL5 currently, and Workspace ONE UEM / Access / Intelligence has achieved FedRAMP High and pending IL5 authorization for late 2023, early 2024. 

For State, Local, and Educational (SLED) customers, VMware Workspace ONE with UEM, Access, Intelligent Hub, and Intelligence are StateRAMP Moderate authorized and In Process to be High and VMware Workspace ONE MTD is StateRAMP Moderate authorized through the Lookout, Inc. Joint Authorization Board (JAB) P-ATO.

Governmental Requirements:

A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of the cybersecurity technology and prompted many non-government IT security managers to consider how they might adopt the three zero trust principles: “All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented.”

These principles can also be restated as:

  1. Continuous verification: Check each and every request from every user for every resource.
  2. Limit breach impact: Grant minimal permissions so a breach will have limited access.
  3. Collect evidence: Collect logs, behavioral data, and context to track, monitor, and validate compliance for every access to every monitored resource.

This last element is core to the fundamental nature of deployment and integration with agency’s existing UEM solutions.  Although they are capable of providing some of the elements of Zero Trust and Endpoint Protection, they fail to provide a full-scope of the requirements for Endpoint Security, Zero Trust or what is defined in #3 above for evidence collection that feed directly into the foundational pillars / tenants of the ZTA guidance for Automation, Orchestration, Visibility and Analytics.  Also, a standard UEM solution fails to provide support of protection against many of the typical to advanced MITRE ATT&CK; Adversarial Tactics, Techniques & Common Knowledge requirements.

Without an MTD, an agency would fail to provide protection or collection of evidence in those cases nor the automation for resolution.  This also coincides with the guidance and framework from both National Institute of Standards & Technology (NIST), Cybersecurity Information Sharing Act (CISA), Office of Management & Budget (OMB) mandates defined in M-22-09 for Federal Strategy and the Department of Defense (DoD) on Zero Trust. 

Furthermore, it also provides a mechanism for meeting OMB’s M-22-05 for Federal Information Security Modernization Act (FISMA) compliance, as well as NIST’s other mobile security guidance included in SP 800-1800-21 COPE / 1800-22 BYOD and Managing Mobile Security within SP 800-124 or the Federal CIO’s Federal Information Technology Acquisition Reform Act (FITARA) scorecards and any future enhancements for inclusion of mobile specific endpoint security evaluation, but not-least either of the three domains of T&RM, MGT. or Cyber (see below previous year’s scorecard grades per category).

A screenshot of a graph

Description automatically generated with low confidence

Table 1: Overall FITARA grades stem from seven key areas – Agency CIO Authority Enhancements (Credit MeriTalk)

The Solution: Workspace ONE Mobile Threat Defense

Workspace ONE Mobile Threat Defense addresses the dangers of phishing and web content, as well as threats, vulnerabilities, and behaviors unique to mobile. Integrations with the Workspace ONE platform can simplify deployment and management. Protection and remediation can be automated to secure your workspace and enhance Zero Trust initiatives.

VMware Workspace ONE Mobile Threat Defense is Federal Risk and Authorization Management Program (FedRAMP) Moderate authorized through the Lookout, Inc. Joint Authorization Board (JAB) (Provisional Authority to Operate (P-ATO). Available as a cloud-hosted, multi-tenant Software-as-a- Service (SaaS) offering, Workspace ONE Mobile Threat Defense integrates with Workspace ONE Unified Endpoint Management (UEM), along with Workspace ONE Access, Workspace ONE Intelligent Hub, and Workspace ONE Intelligence which are also FedRAMP Authorized.


VMware’s Workspace ONE Mobile Threat Defense leverages best-in-class mobile security powered by Lookout, Inc. Lookout’s protection leverages AI and behavioral insights generated from over 210 million devices, 185 million apps, and 4.5 billion URLs analyzed. Machine learning and predictive intelligence help detect known and emerging threats. Lookout, Inc. investments in threat discovery and analysis and mobile security application development.

With more than 175 patents and a record in mobile security that includes creating the first mobile security product, Lookout is an innovative partner. In addition to powering Workspace ONE Mobile Threat Defense, Lookout is a Workspace ONE Trust Network partner, providing integrations between their mobile security solution and Workspace ONE Intelligence.

Bringing together management and security with Workspace ONE With the advent of Workspace ONE Mobile Threat Defense, many threats can be simply and effectively addressed with Workspace ONE UEM via the unique integration of mobile security features into Workspace ONE Intelligent Hub. Integration of Workspace ONE Mobile Threat Defense with Workspace ONE Intelligent Hub means that there are no separate apps or agents to deploy, and vital information is conveyed via a resource that employees use for work.

Workspace ONE Mobile Threat Defense addresses:

  • Application-based threats including mobile malware, app vulnerabilities, and risky application behaviors and configurations.
  • Web and content vulnerabilities exposed through phishing via email, SMS, and messaging apps. This includes malicious URLs; malicious web pages, videos, and photos; and web and content behaviors and configurations.
  • Zero-day threats and device vulnerabilities including jailbreak and root access detection, as well as device risk including OS version and update adoption.
  • Phishing and malicious web content delivered via email, SMS, and mobile apps. The phishing and content protection feature is designed to detect and prevent access to malicious links across all mobile apps.
  • Machine-in-the-Middle (MitM) attacks and risky behaviors such as SSL/TLS certificate stripping; forcing weaker algorithm negotiation; anomalous application network connection activity; and vulnerabilities associated with rogue Wi-Fi.

Key Enhancements with Workspace ONE Mobile Threat Defense

Phishing and content protection built into Workspace ONE Mobile Threat Defense

Workspace ONE Mobile Threat Defense helps address the risk of threat actors sidestepping security controls—including corporate profiles on personal devices—by integrating phishing and content protection with the Workspace ONE platform. With MTD, customers will be better able to protect against potential phishing activity across email, SMS, general web content, messaging, and social apps. PCP is applied to all traffic, both external and internal, leveraging a unique integration with Workspace ONE Tunnel that is used to intercept the network URL traffic when clicked on the device and comparing it with any malicious URLs identified within the Lookout Security Graph engine.

However, VMware’s MTD PCP does not inspect the content or data packets itself, so users’ network traffic is not being redirected or tunneled when the VPN is configured in this mode, thus creating a better experience for end-users while providing security and privacy at the same time and minimizing device and agency configured network connection conflicts of previous industry MTD version.

Integration with Workspace ONE Intelligent Hub

By integrating mobile security protection into Hub, security become easier to deploy across devices. Hub integrated protection addresses vulnerabilities, behaviors and configurations, and threats including malware, zero day, and machine in the middle attacks.

Workspace ONE Intelligent Hub integration can detect issues and notify users of remediation actions to take without the deployment of additional security applications to mobile devices. This integration is available via Workspace ONE Intelligent Hub enrolled and registered modes, simplifying the delivery of protection to both corporate and as personal devices.

A screen shot of a phone

Description automatically generated

Figure 1: VMware’s MTD Integration with UEM & Intelligence

Eliminate silos and automate reporting and remediation with the Workspace ONE platform

Interconnecting security and management can help eliminate silos, speed time to value of information, and address risk in real time. Workspace ONE Mobile Threat Defense can help management and security teams glean value from telemetry and threat information by aggregating data, applying AI and machine learning, then triggering alerts and remediation.

Workspace ONE Intelligence makes it possible to associate telemetry data from endpoints, applications, and users with threat information from Workspace ONE Mobile Threat Defense. Reporting and insights can be displayed in aggregate for team review. Specific conditions can trigger auto remediation via Workspace ONE UEM so that risks are addressed in real time. Users can be automatically notified of issues that require self-remediation; users and devices can also be flagged for follow up. These are again core to the 3rd element of the Executive Order requirements and those fundamental to the MITRE ATT&CK for Mobile matrices. 

Workspace ONE Suite Integration

Workspace ONE is built on VMware's Workspace ONE UEM technology that provides for the standard aspects of Mobile Device Management (MDM), Mobile App Management (MAM), including Unified Application Catalog. Workspace ONE integrates with virtual desktop application delivery via VMware Horizon on a common identity framework with Workspace ONE Assist to complete a full End User Computing (EUC) suite that can leverage Baselines as a key feature of enrollment, onboarding and compliance:

A group of logos with text

Description automatically generated with medium confidence

FedRAMP Workspace ONE  =  UEM   +  Hub Services  +   Intelligence  +  Access  -  MTD  +  Horizon

Figure 2: EUC Portfolio Logical View with Product Links

Each of the components, along with the MTD, brings an integrated and secure Zero Trust Architecture (ZTA) solution that is partnered under a CRADA with the National Cybersecurity Center of Excellence (NCCoE ). Together within VMware Anywhere Workspace, this solution builds trust to empower government’s anywhere workforce with secure and frictionless experiences by:

  • Providing enhanced, NextGen endpoint security with Endpoint Protection through MTD
  • Enabling Zero Trust Network Access (ZTNA) with remote support for any device (BYO, 3rd party or VMware-managed) in a true hybrid workforce and provide a Security Operations Center (SOC) / Information & Technology support team the tools and telemetry for Indicator of Compromise (IoC) on mobile. 
  • Facilitating flexible deployment options to obtain immediate value for prioritized use cases, so you can scale at your own pace to harness the full potential of an integrated platform. 
  • Optimizing security and experience through an integrated approach that combines market-leading technologies essential for hybrid work; this integrated approach provides connected visibility and context, ensuring broader security coverage.

In order to get a closer look at VMware’s Workspace ONE Mobile Threat Defense, please reach out to your VMware account manager or contact VMware Sales if you’re interested in adding Workspace ONE Mobile Threat Defense to your existing FedRAMP environment. 

For more information on how VMware is helping agencies accelerate innovation across the public sector, please visit: VMware Cloud Trust Center.

Industry Accolades

For more in-depth details regarding VMware’s most recent industry accolades and reviews, see the following blogs & external links:

Additional Resources

Related Resources

Filter Tags

Workspace ONE Workspace ONE MTD Workspace ONE UEM Blog Announcement Overview Public Sector Zero Trust