This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pamela_S__Lee
Employee Alumnus
Employee Alumnus
‎2018-01-19 03:21 PM

Device status and threat detail reporting to your EMM solution

SandBlast Mobile offers enhanced features for integrations with EMM solutions and now reports the device life cycle status, device security risk, and device threat factors to the EMM solution.

This per device information on the EMM can be used to create granular device policies.

For example: By using the device life cycle status, the EMM can apply one policy for devices that have SandBlast Mobile installed and running, and apply a different policy for devices which are Provisioned or Inactive.

Another example: By using the device security risk level, the EMM can apply one policy for devices with a high risk level, and apply a different policy for devices with a medium risk level.

The threat factor information reflected in the EMM can also be used to apply different policy by device threat factor; for example, devices under network attack or devices which are rooted/jailbroken.

The feature was implemented with different approaches per EMM vendor base on the vendor API support.

The following table lists the method used and availability per EMM vendor.

EMM PlatformLife Cycle StatusSecurity RiskThreat FactorsComment
BlackBerry BES/UEMDevice GroupDevice GroupNot AvailableGeneral Availability
Citrix XenMobileDevice PropertyDevice PropertyDevice PropertyGeneral Availability
IBM MaaS360Device Custom AttributeDevice Custom AttributeDevice Custom AttributeGeneral Availability
Microsoft IntuneDevice ComplianceDevice ComplianceNot AvailableGeneral Availability
MobileIronDevice Custom AttributeDevice Custom AttributeDevice Custom AttributeEarly Availability. Limited to specific versions of MobileIron
VMware AirWatchDevice TagDevice TagNot AvailableGeneral Availability

There are 3 Life Cycle Status states:

StatusDescription
ProvisionedWhen a device is first added in SandBlast Mobile Dashboard by the EMM, prior to device registration.
ActiveAfter the user has installed and registered to SandBlast Mobile.
InactiveIf the device hasn’t checked-in with SandBlast Mobile for X number of days (configured by the SandBlast Mobile Admin)

There are 4 Security Risk states: None (No Risk), Low, Medium, and High.

For example, if the device has a Low risk app and a High risk (malicious) URL in a SMS message, then the device will be marked as at High Risk. Once the High Risk issue has been remediated (SMS deleted), then the device will be marked as at Low Risk. Once the Low Risk issue has been remediated, the device will be marked as None (No Risk).

The Threat Factor is a list of threat factors associated with the Security Risk level, such as TF_BACKUP_TOOL, etc. These threat factors can be used to provide additional detail and granularity of the current Risk level, however, they are not necessarily appropriate for policy triggers.

Configuration of these states is done on the MDM Configuration screen by navigating to Settings > Device Management > Setting > MDM Service.

Labels
0 Kudos
0 Replies
Upcoming Events

    Sort by:
    CheckMates Events