Phishing and Content Protection

PCP is a new feature from VMware Workspace ONE award winning product.

https://blogs.vmware.com/euc/2023/03/vmware-workspace-one-mobile-threat-defense-wins-gold-at-the-2023-cybersecurity-excellence-awards.html#:~:text=The%202023%20Cybersecurity%20Excellence%20Awards%20winners%20have%20been%20announced%2C%20and,highest%20recognition%3A%20the%20Gold%20Award.

Phishing has been a security issue for years. Messages with phishing links can be delivered not only through emails but SMS and instant messages. To protect mobile users from phishing and hmful content, VMware has announced a new Secure DNS based Phishing and Content Protection as part of the Worksapce ONE Mobile Threat Protection offering.

The alternative of DNS based is VPN based. The cons of VPN based solution is that it cannot be co-exist with enterprise VPN. Enterprises already with VPN on mobile devices do not find VPN based PCP a feasible solution.

Secure DNS is the way to get ride of this limitation. However, secure DNS setup on a mobile device is a manual process and this make Secure DNS not a user friendly solution.

VMware Worksapce ONE has the issue resolved by combining mobile device management, tunneling and mobile threat protection technologies. MDM automate the secure DNS setup just like setting up other mobile device policy. This is a sample custom XML to deploy Secure DNS.

This an iPhone screen with Secure DNS deployed.

Instead of routing all the traffic to VPN server, only DNS requests are routed to DNS server for URL inspection. Bad URLs are blocked.

Administrators can specify enterprise domains to exclude them from inspection.

This is a sample console screen capture.

With this, we can provide PCP with following advantages

1. Protect endpoints from phishing and address email, SMS, messaging, and social media-based threats with Workspace ONE Intelligent Hub and Tunnel applications.

2. DNS-based on-device protection inspects domain requests from email (corporate or personal), SMS texts, messaging apps, and embedded in app browsers, dynamically blocking requests for websites identified by Lookout as malicious.

3. Users’ privacy is maintained as administrators cannot see devices’ browsing history or traffic. Only the occurrence and classification of an issue are reported to the Mobile Threat Defense Console.

Technical requirements

• Current Workspace ONE Mobile Threat Defense POC or production environment

• Workspace ONE Mobile Threat Defense Administration Console

• A currently supported version (non EOL) of Workspace ONE UEM, shared SaaS, Managed Hosting, or on-premises.

• Administrator access to the Workspace ONE UEM Console

• All supported devices intended to have Workspace ONE Mobile Threat Defense Integrated Phishing & Content Protection must have the provided beta builds of Intelligent Hub and Tunnel applications

• No UAG Tunnel is required

• Android 8.0+

Once the PCP protection is deployed, safe browsing is enabled.

Please note that this new feature is now in BETA.

Reference: https://beta-ea.vmware.com/project/home.html?cap=%7B326a1d7a-fc95-4ef9-a07a-d52de6a072d4%7D