One of the top priorities for many of our customers is the implementation of the Zero Trust security strategy.
VMware Workspace ONE Intelligence delivers integrated visibility, analytics, and automation for the Workspace ONE platform, and it helps customers operate Zero Trust in a variety of ways, such as:
-
Tracking and visibility
-
Integration of security data from other products through the Workspace ONE Trust Network
-
Operation of threat data through automations
-
And watching specific triggers and computing the risk score
Let’s take a little look at each of them.
Tracking and visibility
Workspace ONE Intelligence allows customers to monitor their environments for security anomalies and performance-related metrics and develop automations to proactively correct issues as they arise. As shown below, one is able to look at risk trends over time as well as drill down into individual systems to determine the cause of the risk.
Trust Network
In addition to collecting data from the Workspace ONE Platform – including Workspace ONE UEM and Workspace ONE Access – data within Workspace ONE Intelligence can be augmented by integrating with various partners in our Trust Network.
VMware Carbon Black also uses the Trust Network to integrate with Workspace ONE. The screenshots below show two widgets that measure Carbon Black Threat Count and Threat Type in Workspace ONE Intelligence.
Operating threat data using automation
You can run this data so that when high severity malware tagged as ransomware is detected by Carbon Black, an automation is configured to quarantine the system (using Carbon Black), send a Slack message alerting the SOC of the issue, create a ServiceNow ticket, and use Workspace ONE UEM to tag and quarantine the offensive device. See this example in the image below.
Risk Analytics
To further enrich the activeness of anomaly detection within the ecosystem, the device’s dynamic calculation capability and user risk scores were overlaid on top of the Workspace ONE dataset. In the table below, you can see the metrics that are currently being implemented within the platform to determine device and user risk.
The metrics outlined above are collected daily, normalized, and outliers are given a higher Risk Score. This Risk Score represents a fully dynamic, statistical approach to determining drift specifically tailored to your environment. The power of these Risk Ratings can be seen when it comes to reporting and automation.
Learn more
To learn more about how risk scoring works, see the Risk Score documentation. Stay tuned to the EUC Blog and Tech Zone for more of the newly released features, exciting security use cases, as well as the next one we plan for security operations through Workspace ONE Intelligence.
.