There’s no shortage of excitement this week at RSA Conference 2019, as cybersecurity and IT professionals get a great chance to see examples of the latest threats and hacking techniques, the latest security products and innovations, and new security models and forensics techniques. Yet the security challenges IT and InfoSec are trying to solve remain the same.
It’s no secret modern workforces want to work from anywhere, accessing any app, on any device in order to be productive. This expectation presents a challenge for IT to enable broader access than ever before while maintaining the level of control that internal policies require. In the past, IT organizations have relied on blanket, binary security models deployed in a perimeter-bound world. For example, IT teams have applied standard gold images to PCs to minimize attack surfaces and risk of compromise.
Meanwhile, challenges between IT and InfoSec haven’t disappeared. InfoSec continues to detect vulnerabilities and exploits to alert IT. But when it takes 69 days* to contain data breach incidents, the processes both IT and InfoSec are using are not fast enough to keep up with today’s malicious actors. This results in the same, continuous tug of war between IT and InfoSec, costing organizations time and money, while giving an advantage to attackers. Core to this is a lack of visibility into device context and overall risk, resulting in an even bigger disadvantage in detecting and responding to threats.
Organizations typically respond by bolting on more security tools, which leads to more complexity. Cybersecurity teams use an average of over 80 different security products from 40 different vendors*. 80 products from 40 vendors! When security is an afterthought, reactive responses to cyberthreats put the organization at greater risk.
An approach to solving these same old challenges starts by shifting the mindset away from detecting threats by using more tools, that send more alerts, that burn out IT and InfoSec. This approach needs to start with intrinsic zero trust security and leverage intelligence, from all sources, to better secure users from apps to endpoints to infrastructure. This is where VMware Workspace ONE, the industry’s first intelligence-driven digital workspace platform, can help. Workspace ONE combines intrinsic, zero trust security with industry-leading modern management to help IT intelligently and proactively secure their digital workspace. Let’s take a look at how.
1. As organizations bolt on more security tools, complexity and time to respond to threats increases. To counter this, IT can reduce complexity using Workspace ONE because security is treated as a first-class citizen and not just bolted on. Security is intrinsic throughout Workspace ONE, being built-in to help secure all attack vectors of a digital workspace.
An example is leveraging real-time device compliance and state assurance from the cloud for any endpoint, which is natively built into the Workspace ONE platform. Having intrinsic security simplifies maintenance of baseline configurations and ongoing device hygiene, decreasing the time IT spends on responding to threats. Another example of intrinsic security is zero trust conditional access. Built into Workspace ONE, zero trust conditional access helps IT maintain more secure configurations through verification prior to granting the endpoint access to apps and data.
To help reduce complexity even further, at VMworld last year, we introduced the concept of ingesting CVE (common vulnerabilities and exposures) data into Workspace ONE Intelligence. Information from a CVE feed can be aggregated into Intelligence in order to get real-time correlated insight into high severity exposures on the device estate and use automation to roll out priority patches to close the exploit window. We also showed how Workspace ONE Sensors can give IT the ability to query any system attribute, from the silicon to the software, for visibility and compliance enforcement and prevent configuration drift. We’re excited to make these capabilities generally available later this fiscal quarter. Workspace ONE will also support Windows Defender Exploit Guard for host intrusion prevention capabilities across network, system folders, apps and mail. And for macOS, Workspace ONE will support System Integrity Protection (SIP), helping reduce vulnerability exposure to malicious software, also available later this quarter.
2. To help stay a step ahead of malicious actors by being proactive, Workspace ONE provides insights and automation through Workspace ONE Intelligence. IT is typically in a reactive state investigating suspected incidents reported by InfoSec. As the backlog grows, vulnerabilities related to high risk exploits may go without remediation. With real-time and continuous insights, IT can get visibility into the entire digital workspace, helping secure the known and unknown. And automation built into Workspace ONE Intelligence helps eliminate manual tasks and leads IT to a proactive security model, removing the decades-old binary security policies approach.
At RSA 2019, we’re showcasing new automation enhancements. The Workspace ONE Intelligence Automation Connector provides a way for customers to fully define a service connection to orchestrate complete workflows across multiple IT service management solutions (i.e., service desk) through automations in Intelligence. Later this quarter, the Automation Connector will be generally available. New patch automation templates, which are commonly used in SCCM, will be available through automation in Workspace ONE Intelligence. And a detailed automation view will allow IT to drill into specific automations to see a history of runs, successes and failures, as well as a listing of impacted devices.
3. Too many silos of security tools being used in a quick-fix approach increases complexity and overhead. An integrated ecosystem is essential to eliminate complexity and expand breadth of security, which is where Workspace ONE Trust Network enters the equation. Workspace ONE integrates with best-of-breed solutions focused on mobile threat defense, cloud application access, endpoint detection and response, and more. Customers can leverage existing security investments by utilizing threat intelligence from our rich ecosystem of trusted partners, helping respond to threats faster.
We’re continuing our investment in our ecosystem integrations by working on interoperable solutions with partners like Carbon Black, Lookout and Netskope. To help provide a comprehensive view of security for deeper insights for the digital workspace, we’re also launching a new Unified Threat View in Workspace ONE Intelligence. This view provides a simple summary of threats and threats by platform for IT.
If you’re at the RSA Conference this week, visit our booth at the North Hall Booth #5655, to learn more about our exciting announcements and demos of our approach to securing the digital workspace. Our CEO, Pat Gelsinger, will be delivering a keynote titled “Three Things the Security Industry Isn’t Talking About (but Should Be)” on Thursday 3/7 at 4pm in the West Stage at Moscone Center. If you’re unable to make it in person, you can tune in here to listen to Pat share provocative observations on where the industry needs to go next, and the opportunities to drive major steps forward in security versus incremental gains. And for more information on securing the digital workspace, visit https://www.vmware.com/products/workspace-one/security.html.
[1] 2018 Cost of a Data Breach Study – Ponemon Institute (July 2018)
[2] IBM analysis of clients’ environments (October 2018)