VMware Workspace ONE has enhanced its FedRAMP SaaS offering to include: Mobile Threat Defense

July 05, 2023

Helping Public Sector to Provide Modern Threat Defense for the government’s mobile endpoints

image-20230705192458-1

FedRAMP Moderate Authorized Workspace ONE Mobile Threat Defense (MTD) through the Lookout, Inc. Joint Authorization Board (JAB) P-ATO

VMware Workspace ONE Mobile Threat Defense is announcing our Federal Risk and Authorization Management Program (FedRAMP) Moderate authorized through the Lookout, Inc. Joint Authorization Board (JAB) P-ATO (Provisional Authority to Operate). Available as a cloud-hosted, multi-tenant Software-as-a-Service (SaaS) offering, Workspace ONE MTD integrates with Workspace ONE Unified Endpoint Management (UEM), along with Workspace ONE Access, Workspace ONE Intelligent Hub, and Workspace ONE Intelligence within the Workspace ONE suite. Multi-tenant Software-as-a-Service (SaaS) Workspace ONE Mobile Threat Defense can also be integrated with either VMware-hosted FedRAMP UEM or existing agency on-prem UEM deployments.

Our existing FedRAMP SaaS offerings, Workspace ONE UEM, Workspace ONE Access, and Workspace ONE Intelligence are currently Authorized at Moderate / Impact Level 2 (IL2 for DoD). VMware Horizon Cloud Service for VDI is FedRAMP High Authorized, pending IL5 currently, and Workspace ONE UEM / Access / Intelligence are all pending High/IL5 authorization for late summer 2023. 

For State, Local, and Educational (SLED) customers, Workspace ONE UEM, Workspace ONE Access, and Workspace ONE Intelligence are StateRAMP Moderate Authorized. VMware Workspace ONE MTD is StateRAMP Moderate Authorized through the Lookout, Inc. Joint Authorization Board (JAB).

Governmental Requirements

A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of cybersecurity and initiated both government and non-government IT security managers alike to consider how they might adopt the zero trust principles highlighted: “All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented.”

These principles can also be reclassified as:

  1. Continuous verification: Check each and every request from every user for every resource.
  2. Limit breach impact: Grant minimal permissions so a breach will have limited access.
  3. Collect evidence: Collect logs, behavioral data, and context to track, monitor, and validate compliance for every access to every monitored resource.

This last element is core to the fundamental nature of deployment and integration with the agency’s existing Unified Endpoint Management solutions. Although they are capable of providing some of the elements of Zero Trust and Endpoint Protection, they fail to provide a full scope of the requirements for Endpoint Security, Zero Trust, or what is defined in #3 above for evidence collection. Also, a standard UEM solution fails to provide support of protection against many of the typical to advanced MITRE ATT&CK; Adversarial Tactics, Techniques & Common Knowledge requirements.

Source: Rise in Mobile Phishing Credential Theft Targeting U.S. Public Sector – U.S. Government Threat Report by Lookout, 2023

When taking into consideration both the MITRE ATT&CK framework and a typical agency exposure rate, as detailed in the graphic above, without MTD, an agency would fail to provide protection or evidence collection in those cases. This also coincides with the additional guidance and framework from both the National Institute of Standards & Technology (NIST), Cybersecurity Information Sharing Act (CISA), Office of Management & Budget (OMB) mandates defined in M-22-09 for Federal Strategy and the Department of Defense (DoD) on Zero Trust. 

Furthermore, it provides a mechanism for meeting OMB’s M-22-05 for Federal Information Security Modernization Act (FISMA) compliance, as well as NIST’s other mobile security guidance included in SP 800-1800-21 COPE / 1800-22 BYOD and Managing Mobile Security within SP 800-124 or the Federal CIO’s Federal Information Technology Acquisition Reform Act (FITARA) scorecards and any future enhancements for inclusion of mobile-specific endpoint security evaluation, but not-least either of the three domains of T&RM, MGT. or Cyber (see below previous year’s scorecard grades per category).

A screenshot of a graph</p> <p>Description automatically generated with low confidence

Table 1: Overall FITARA grades stem from seven key areas – Agency CIO Authority Enhancements (Credit MeriTalk)

Solution Overview: Workspace ONE Mobile Threat Defense

VMware’s Workspace ONE Mobile Threat Defense leverages best-in-class mobile security powered by Lookout, Inc. Lookout’s protection leverages AI and behavioral insights generated from over 210 million devices, 185 million apps, and 4.5 billion URLs analyzed. Machine learning and predictive intelligence help detect known and emerging threats. Lookout, Inc. investments in threat discovery and analysis and mobile security application development.

Workspace ONE Mobile Threat Defense addresses the dangers of phishing and web content, as well as threats, vulnerabilities, and behaviors unique to mobile. Integrations with the Workspace ONE platform can simplify deployment and management. Protection and remediation can be automated to secure your workspace and enhance Zero Trust initiatives.

With more than 175 patents and a record in mobile security that includes creating the first mobile security product, Lookout is an innovative partner. In addition to powering Workspace ONE Mobile Threat Defense, Lookout is a Workspace ONE Trust Network partner, providing integrations between their mobile security solution and Workspace ONE Intelligence.

Bringing together management and security with Workspace ONE With the advent of Workspace ONE Mobile Threat Defense, many threats can be simply and effectively addressed with Workspace ONE UEM via the unique integration of mobile security features into Workspace ONE Intelligent Hub. Integration of Workspace ONE Mobile Threat Defense with Workspace ONE Intelligent Hub means that there are no separate apps or agents to deploy, and vital information is conveyed via a resource that employees use for work.

Workspace ONE Mobile Threat Defense addresses:

  • Application-based threats including mobile malware, app vulnerabilities, and risky application behaviors and configurations.
  • Web and content vulnerabilities exposed through phishing via email, SMS, and messaging apps. This includes malicious URLs; malicious web pages, videos, and photos; and web and content behaviors and configurations.
  • Zero-day threats and device vulnerabilities including jailbreak and root access detection, as well as device risk including OS version and update adoption.
  • Phishing and malicious web content delivered via email, SMS, messaging, and mobile apps. The phishing and content protection (PCP) feature is designed to detect and prevent access to malicious links across all mobile apps.
  • Machine-in-the-Middle (MitM) attacks and risky behaviors such as SSL/TLS certificate stripping; forcing weaker algorithm negotiation; anomalous application network connection activity; and vulnerabilities associated with rogue Wi-Fi.

Key Enhancements with Workspace ONE Mobile Threat Defense

Phishing and content protection built into Workspace ONE Mobile Threat Defense

Workspace ONE Mobile Threat Defense helps address the risk of threat actors sidestepping security controls—including corporate profiles on personal devices—by integrating phishing and content protection with the Workspace ONE platform. With MTD, customers will be better able to protect against potential phishing activity across email, SMS, general web content, messaging, and social apps. PCP is applied to all traffic, both external and internal, leveraging a unique integration with Workspace ONE Tunnel that is used to intercept the network URL traffic when clicked on the device and comparing it with any malicious URLs identified within the Lookout Security Graph engine. However, VMware’s MTD PCP does not inspect the content or data packets itself, so users’ network traffic is not being redirected or tunneled when the VPN is configured in this mode, thus creating a better experience for end-users while providing security and privacy at the same time and minimizing device and agency configured network connection conflicts of previous industry MTD version.

Integration with Workspace ONE Intelligent Hub

By integrating mobile security protection into Hub, security becomes easier to deploy across devices. Hub-integrated protection addresses vulnerabilities, behaviors and configurations, and threats including malware, zero-day, and MitM attacks.

Workspace ONE Intelligent Hub integration can detect issues and notify users of remediation actions to take without the deployment of additional security applications to mobile devices. This integration is available via Workspace ONE Intelligent Hub enrolled and registered modes, simplifying the delivery of protection to both corporate and personal devices.

Figure 1: VMware’s MTD Integration with UEM & Intelligence

Eliminate silos and automate reporting and remediation with the Workspace ONE platform

Interconnecting security and management can help eliminate silos, speed time to value of information, and address risk in real time. Workspace ONE Mobile Threat Defense can help management and security teams glean value from telemetry and threat information by aggregating data, applying AI and machine learning, then triggering alerts and remediation.

Workspace ONE Intelligence makes it possible to associate telemetry data from endpoints, applications, and users with threat information from Workspace ONE Mobile Threat Defense. Reporting and insights can be displayed in aggregate for team review. Specific conditions can trigger auto remediation via Workspace ONE UEM so that risks are addressed in real time. Users can be automatically notified of issues that require self-remediation; users and devices can also be flagged for follow up. These are again core to the 3rd element of the Executive Order requirements and those fundamental to the MITRE ATT&CK for Mobile matrices. 

An integrated Workspace ONE Suite

Workspace ONE is built on VMware's Workspace ONE UEM technology that provides for the standard aspects of Mobile Device Management (MDM), Mobile App Management (MAM), including Unified Application Catalog. Workspace ONE integrates with virtual desktop application delivery via VMware Horizon on a common identity framework with Workspace ONE Assist to complete a full End-User-Computing (EUC) suite that can leverage Baselines as a key feature of enrollment, onboarding, and compliance:

FedRAMP Workspace ONE  =  UEM   +  Hub Services  +   Intelligence  +  Access  +   MTD  +  Horizon

Figure 2: EUC Portfolio Logical View with Product Links

Each of the components, along with the MTD, brings an integrated and secure Zero Trust Architecture (ZTA) solution that is partnered under a CRADA with the National Cybersecurity Center of Excellence (NCCoE ). Together within VMware Anywhere Workspace, this solution builds trust to empower the government’s anywhere workforce with secure and frictionless experiences by:

  • Providing enhanced, NextGen endpoint security with Endpoint Protection through MTD.
  • Enabling Zero Trust Network Access (ZTNA) with remote support for any device (BYO, 3rd party or VMware-managed) in a true hybrid workforce and providing a Security Operations Center (SOC) / Information & Technology support team the tools and telemetry for Indicator of Compromise (IoC) on mobile.
  • Facilitating flexible deployment options to obtain immediate value for prioritized use cases, so you can scale at your own pace to harness the full potential of an integrated platform.
  • Optimizing security and experience through an integrated approach that combines market-leading technologies essential for hybrid work; this integrated approach provides connected visibility and context, ensuring broader security coverage.

To get a closer look at VMware’s Workspace ONE Mobile Threat Defense, reach out to your VMware account manager or contact VMware Sales if you’re interested in adding Workspace ONE Mobile Threat Defense to your existing FedRAMP environment. 

For more information on how VMware is helping agencies accelerate innovation across the public sector, visit VMware Cloud Trust Center.

Industry Accolades

For more in-depth details regarding VMware’s most recent industry accolades and reviews, see the following blogs & external links:

Additional Resources

Related Resources

Filter Tags

Workspace ONE Workspace ONE MTD Workspace ONE UEM Blog Announcement Overview Public Sector Zero Trust

Andrew Osborn

Read More from the Author

Staff Technical Marketing Architect, Federal, End User Computing, VMware. Andrew is serving in a role at VMware as a dedicated ‘Staff Technical Marketing Architect’ for all things End-User Computing (EUC) compliance / regulatory. He's got over 20 years’ experience in the IT Industry, including the last 8 years within Public Sector, with roles spanning Cybersecurity, Networking, Enterprise Ops, Mobility & Telco solutions, encompassing numerous technologies and architectures. Andrew received an MIS degree from Univ. of Oklahoma with certs from ISC2 CISSP & GIAC GSLC and is based out of San Antonio, TX. He'll be contributing to VMware’s Tech Zone to provide more tailored messaging for Federal, State, Local & Education (SLED) solutions from VMware EUC.