Workspace ONE Intelligence

I struggle with concentration. I find it difficult to focus on more than one task at a time, and so in my case, Distraction = Low Productivity. One of the things I tend to struggle with is when there are multiple variables that need to be tracked at any one time.

I feel very sorry then, for IT admins who need to keep track of potentially thousands of different devices used by thousands of different users. They need a way to quickly understand what is happening with their devices, their applications and their users in real time.

In my previous post, I mentioned about the new security model called User and Entity Behaviour Analytics (UEBA). As a quick recap, UEBA marks a change in approach for security, as it allows enterprises to quickly analyse user activity to ensure that anything out of the ordinary is flagged up before the user can commit any malicious acts.

VMware’s Workspace ONE platform has been designed to allow management of all devices and applications from one place. It incorporates industry leading Unified Endpoint Management for everything from iPhones to Windows 10 devices, along with the ability to deliver virtualised Windows desktops and applications.

Workspace ONE bridges user experience across multiple ecosystems by using an integrated Identity Management solution.

All of this means that Workspace ONE is in a unique position to grab metrics from each user regarding their application usage, their devices, device context and session information. Nowhere else in an enterprise is there such a single platform which touches all users and devices. This is why VMware created Workspace ONE Intelligence, to make the most of this opportunity.


What is Workspace ONE Intelligence?

The Workspace ONE platform consists of three key components:

  • Unified Endpoint Manager (previously AirWatch). This component enables the enterprise to control all deployed devices, and also grab key logs, metrics and real-time contextual values from these devices.
  • Identity Management. A central authentication point which grants access to all authorised services, including SaaS apps.
  • Virtual Windows Apps and Desktops. Windows apps still make up the majority of applications, so the platform offers industry-leading Windows apps and desktop delivery.

Now, imagine that these were three completely independent solutions, with various logs and data streams. Also imagine that you still had physical desktops and a legacy PCLM system to maintain. It would very quickly lead to an enormous amount of data to gather, store and analyse. The very idea of this makes me start to panic.

VMware has recognised the value of having a single access platform, and so Workspace ONE Intelligence now allows enterprises to put all access, device and applications information into a single data lake. This isn’t complex to set up or configure, as all of the information is readily available through the different components in the platform.

From the Endpoint Management side, we have access to device information, including hardware and software version, software installed, location and wifi info.

From the Identity Management perspective, we know when a user logged on, and also which applications they accessed. If we then add in virtual Windows apps and desktops, we have information capabilities that allow enterprises to know everything about user behaviour.


What can it do for you?

Let’s say, for instance, that you want a quick look at any security risks you may have across your devices. There is a report for that, listing such key principles as Compromised Devices, Encryption Status and Passcode:

VMware acquired Apteligent some time ago, and the innovative capabilities provided by that platform have been fully integrated into the Intelligence solution. With Apteligent, enterprises have the ability to get detailed application-centric information including crash reports, user behaviour and app performance. By adding the capabilities provided by Apteligent into Workspace ONE Intelligence, you can now get all of your user information in one location.

Another key report would be application launch count. This is very useful for helping an application team understand which applications are being utilised, across which platforms. Think about this in the context of application rationalisation. I’ve often spoken to organisations looking to reduce the number of applications they deploy to their end users. The ability to understand which applications are being used and how often is a very valuable metric for this exercise.


Another great example is the ability to quickly create a report to detect specific security risks or vulnerabilities. In the below example, a report has been created to list devices currently exposed to the Spectre vulnerability:


In this case, we’re simply looking at enrolled Android devices which have not been patched since May 2018:


The really cool stuff: Automation

Workspace ONE Intelligence already incorporates many different metrics gleaned from the various components of the platform. Great, but what can we actually do with all of this information?

This is where automation comes in.

Let’s say that we have a number of older Dell laptops deployed around the enterprise, and that some of these are beginning to exhibit signs of an ageing battery. Battery age is determined by recharge cycles and general usage, so it’s not efficient to make sweeping generalisations about the general health of your laptop estate. With Workspace ONE Intelligence, you can actually gether data on battery health from your estate, and then use that information to trigger a service desk ticket to get the battery replaced. In this case then, the user could receive a replacement battery before they even realise that there is an issue with theirs. Kudos for the IT team!


The Future

VMware’s Trust Network enables enterprises to open up these capabilities across the VMware stack, offering integrations with other VMware security solutions, such as NSX and AppDefense, along with cutting edge security vendors such as Carbon Black. I’ll cover that in the next blog post.

Earlier this year, VMware acquired E8 security. E8 was a leading start up in the field of User and Entity Behaviour Analytics (UEBA). With the integration of E8’s technologies, Workspace ONE will offer the very best capabilities for enterprise end user security.

Watch out for another blog post when more information on UEBA becomes available.