Workspace ONE Mobile Threat Defense

Read our new white paper on VMware Workspace ONE Mobile Threat Defense (MTD)

This article was originally published at the VMware Digital Workspace Tech Zone Blog. 


Our latest white paper, “How VMware can Secure Mobile Endpoints with Threat Defense (MTD) | VMware,” was recently published and covers how VMware can help you secure mobile endpoints with Mobile Threat Defense. This blog provides an intro and overview of some of the topics covered in that white paper.

Additionally, stay tuned for the release of the follow-up to this white paper, “Industry & Regional Drivers for MTD White Paper,” to find all the best use cases and global segments for MTD.

Mobile endpoint security

Earlier this summer, VMware took endpoint security to the next level with the announcement of our new mobile security solution, Workspace ONE Mobile Threat Defense. This UEM-integrated advanced mobile protection powered by Lookout helps organizations address increased attention and requirements related to mobile security — requirements that appear in both frameworks and guidance from authorities in the area of security practices and standards. These governing bodies include the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards & Technology (NIST), CISA.gov, and other entities, which all agree and dictate the necessity for mobile security as an augmentation to Unified Endpoint Management (UEM), and now enhanced within our End-User Computing (EUC) portfolio.

While applying the industry standards is often as simple as checking the box for “advanced mobile protection,” we want to encourage you to take a closer look at the type of protections available, and the way they can integrate with your existing environments. First, you want to have protection against a wide variety of threats — from device to network — and it needs to be specific to mobile, because today’s malware and threats are specific to mobile devices and wireless-borne networks. Next, by having protection that integrates, you can get a comprehensive view of your estate. Improve your security posture and extend Zero Trust with rich information and interconnects to existing solutions such as your Security Information & Event Management (SIEM). 

But more than simply adding an Application Programming Interface (API) integration between the two products, as is typically done in the industry, VMware integrated Lookout’s Software Development Kit (SDK) into our Intelligent Hub. This integration ensures better compliance with the complexity around designing Zero Trust capabilities and the approaches to implementing a Zero Trust Architecture (ZTA), where it is designed and deployed according to the concepts and tenets documented in according to the concepts and tenets within NIST Special Publication (SP) 800-207: Zero Trust Architecture.

Zero Trust

This also helps in applying common business cases outlined from the 2022 release of a NIST SP 800-35. Lastly, it provides actual real-time visibility into the health of the device, its apps, the connections being used for in-transit communications and, perhaps most importantly with this integrated Workspace ONE Mobile Threat Defense solution, automation of remediation for threats that are detailed in MITRE’s ATT&CK for Mobile Tactics, Techniques & Procedures (TTPs) in order to provide customers with true tools to help meet the complex detection and remediation necessary for the host of threats to mobile enabled devices.

So, for the public at large to better understand the importance of this addition and specifically the reason VMware chose to develop and implement a truly integrated Mobile Threat Defense (MTD) solution powered by Lookout, we are introducing two white papers that will help delineate between mobile endpoint protection as simply being a “nice feature to have” vs. “a necessity” covering external drivers, such as malware and malicious actors, to compliance, industry drivers, and use cases per different verticals and sectors, both private and public.

Drivers

In the past five years, the mobile operating platform and the devices which run on them have become the most common operating system (OS) for any environment, private or public sector. They have even bypassed MS Windows and power more than 4 billion total devices worldwide. Malicious actors have taken notice and are increasingly targeting vulnerable mobile-based systems, in an attempt to infiltrate both individual and corporate resources, data, and private and government networks.

Threat actors know that current malware countermeasures are primarily focused on addressing Windows or network perimeter-based threats, leaving many public and private mobile deployments vulnerable to mobile or wireless-based attacks. These mobile devices can be a high-value target for cybercriminals, providing access to critical applications and services, plus substantial direct or indirect fiduciary and privacy-related resources.

Cyber Attacks
VMware Global Security Insights Report 2021: Intelligence from the Global Cybersecurity Landscape

In fact, mobile devices and wireless networks or the apps installed on them contain key components — such as email, customer records, and interaction with databases or backend systems that contain financial, medical, business and government data — that have been the target of high-profile intelligence-gathering breaches. These cyber attacks have targeted some of the most high-profile people on the planet, such as Jeff Bezos of Amazon fame. The CEO was the target of a phishing attack through a popular messaging app, and his Apple iPhone had extremely sensitive data and information that was exfiltrated and exposed to the public. 

Workspace ONE is built on VMware’s Workspace ONE UEM technology that provides for the standard aspects of Mobile Device Management (MDM), Mobile App Management (MAM), including Unified Application Catalog and integrates with virtual desktop application delivery via VMware Horizon on a common identity framework with Workspace ONE Assist to complete a full EUC suite:

Workspace ONE Components graphic
Workspace ONE comprises: UEM + Access + Hub Services + Intelligence + Assist + Mobile Threat Defense + Horizon

Each of the components brings an integrated secure Zero Trust solution together within VMware Anywhere Workspace and builds trust to empower today’s anywhere workforce with secure and frictionless experiences by:

  • Delivering unique integrations enabling tailored experiences and higher productivity for frontline, hybrid, and remote users, across heterogeneous environments including physical and virtual devices and multiple operating systems.
  • Enabling Zero Trust Network Access (ZTNA) with remote support for any device (BYO, third-party, or VMware-managed) in a true hybrid workforce and provide a Security Operations Center (SOC) / Information & Technology support team the tools and telemetry for Indicator of Compromise (IoC) on mobile.
  • Facilitating flexible deployment options to obtain immediate value for prioritized use cases, so you can scale at your own pace to harness the full potential of an integrated platform.
  • Optimizing security and experience through an integrated approach that combines market-leading technologies essential for hybrid work. This integrated approach provides connected visibility and context, ensuring broader security coverage.

Additional resources