Sachin Sharma

Security Update: 8 Advances in End-User Computing from VMware

Employees across enterprise organizations in today&#rsquo;s mobile-cloud world expect simple user experiences to help them be productive. IT often runs into challenges supporting these expectations while keeping their environments secure.

Our team has focused on empowering organizations with an enterprise-secure approach and consumer-simple experience through a digital workspace. Employees can securely access any app, on any device in their own digital workspace provided by VMware Workspace ONE, powered by VMware AirWatch unified endpoint management technology.

Over the course of 2017, we&#rsquo;ve introduced many security capabilities across the Workspace ONE platform, which includes advancements in VMware Horizon 7 and VMware Horizon Cloud. Let&#rsquo;s take a closer look at those security capabilities, as well as existing security integrations and security features that elevate Workspace ONE to the digital workspace platform that organizations can trust.

1. Derived Credentials

Earlier this year, we announced our derived credentials solution as part of Workspace ONE. This was huge news for organizations mandated by certain directives, such as FIPS 201, that require use of smart cards, personal identification verification (PIV) or common access cards (CAC) for access to physical, logical and network resources.

Smart cards, PIV and CAC worked great on desktops and laptops, but the experience on mobile devices was poor and costly because special hardware was needed to read the cards. To help with this issue, the National Institute of Standards and Technology (NIST) updated FIPS 201 in 2013 and the following year released SP 800-157, with guidelines on how to generate and utilize alternative tokens, which they refer to as a derived PIV credentials, also commonly referred to as derived credentials or PIV-D. This helped provide better experience, implementation and deployment on mobile devices accessing physical, logical and network resources.

We released our derived credentials app, called VMware PIV-D Manager, that enables the use of derived credentials with native apps and profiles, VMware apps and third-party AirWatch SDK-enabled apps. PIV-D Manager even integrates with other derived credentials solution providers such as Entrust and Intercede.

2. Boxer S/MIME

VMware Boxer, one of our Workspace ONE productivity apps, is an integrated mobile email, calendar and contacts app that helps increase productivity by giving end users a great user experience. Security was a big focus on our Boxer app this year.

We started by enabling S/MIME support for sending and receiving signed and/or encrypted mail. S/MIME is a standard for public key encryption and signing of MIME (Multipurpose Internet Mail Extensions) data that allows for secure email exchange. Organizations have the option of signing an email for authenticity and/or encrypting email messages for an added layer of security.

3. Boxer Classification Markings

In various regulated industries, such as public sector, healthcare and financial, sensitive emails often need to be specifically marked or classified when they are sent and received. When it comes to email, messages typically get a classification appended in the subject line, top or bottom of the body, etc. For example, an email message should be marked &#rsquo;unclassified&#rdquo; or &#rsquo;secret&#rdquo; depending on the content of the email.

Earlier this year, we announced support for classification markings in the Boxer app, which integrates with the built-in Microsoft Exchange transport rules. This capability also integrates with TITUS, Boldon James and janusNET.

4. Boxer Information Rights Management

In addition to S/MIME and classification marking support, we added full support for information rights management (IRM). IRM is a form of data loss prevention (DLP), which can specify access permissions to email messages, including the ability to restrict copy-paste, restrict email forwarding, enforce email message content expiration and more. As you can tell, we put a lot of emphasis on email security through our Boxer app!

5. AirWatch & NSX Integration

AirWatch and NSX integration was introduced over a year ago, and the amount of customer interest in it hasn&#rsquo;t slowed down since. When apps on mobile devices have access to communicate to any resource in the data center, this represents a challenge for IT as the attack surface within the data center can be large.

The AirWatch and NSX integration aims to solve this problem by limiting each mobile app to only communicate to the server that it needs to talk to, using the tunneling capability in AirWatch and the micro-segmentation capability in NSX. Combining these two technologies vastly reduces the access footprint from the mobile device and the attack surface in the data center.

Organizations, like Vallejo Sanitation and Flood Control District, can raise their security posture from the mobile device to the data center using the AirWatch and NSX integration.This type of integration can also help organizations along their journey towards General Data Protection Regulation (GDPR) compliance, as data in transit utilizes AES-256 bit encryption.

VMworld 2017 Panel Discussion:

“Data Privacy, theGDPR &the Globalization of Compliance”

Add GRC3109PU via VMworld U.S. schedule builder.

AddGRC3109PE via VMworld Europe schedule builder.

6. Horizon & NSX Integration

We know that apps on mobile devices and data center resources can be tunneled and micro-segmented for an extra layer of security. We can take that same concept and apply it towards desktop virtualization.

Integrating Horizon and NSX, customers can effectively secure east-west traffic within the data center, preventing malware from spreading across the data center if a virtual desktop is compromised because each desktop is effectively isolated from other desktops. IT can quickly and easily administer networking and security policy that dynamically follows end users&#rsquo; virtual desktops and apps across infrastructure, devices and locations. This extra level of security takes desktop virtualization to a whole new level!

VMworld 2017 Breakout Session:

“Securing Your Horizon Virtualized Apps & Desktop Investments with NSX”

Add SIE2034BU via VMworld U.S. schedule builder.

Add SIE2034BE via VMworld Europe schedule builder.

7. Just-in-Time Management Platform (JMP)

We introduced JMP earlier this year, our next-generation desktop and application delivery platform, which enables fust-in-time desktops and apps. Imagine a virtual desktop that is created when a user logs in and destroyed when that user logs out. IT can set up a pool of virtual desktops that fits this model, including pools that can access the internet and pools that cannot, effectively creating separation parameters for higher security. Virtual desktops in each pool only get created when a user logs into a specific pool.

With the JMP platform extending across Horizon 7 and Horizon Cloud, IT has the ability to inject apps and user environment settings into the desktop the moment a user logs in. Having pristine desktops created at every login and destroyed at every logoff eliminates malware that the user may have accidentally installed during the session.

8. Smart Policies

Smart Policies are available in Horizon 7 and Horizon Cloud for IT to provide end users with a truly contextual user experience. For example, policies dynamically change depending on the device used or the location services are being accessed from.

True single sign-on (SSO) enables end-to-end authentication from Workspace ONE to Horizon virtual desktops and apps, for a secure and simple user experience. Users aren&#rsquo;t prompted for multiple logins once they&#rsquo;ve authenticated into the Workspace ONE portal. Client policies such as enabling or disabling clipboard redirection, USB, printing and more can be set by IT using Smart Policies. Horizon is certified to meet FIPS 140-2 and Common Criteria requirements as a result of the secure policies powered by Smart Policies.

For organizations looking for even more advanced security capabilities across Workspace ONE, look no further than Workspace ONE integrations with our ecosystem of mobile security leaders in the VMware Mobile Security Alliance. Workspace ONE integrates with technologies from our Mobile Threat Defense partners, Cloud Access Security Brokers partners and more to further enable comprehensive cybersecurity across mobile devices, apps, networks and cloud services.

Learn more about our end-user computing (EUC) security initiatives at VMworld U.S.andVMworld Europe. If you&#rsquo;re not attending VMworld, you still have time to register!

To learn more about the security capabilities in Workspace ONE, visit vmware.com/workspaceone.

The post Security Update: 8 Advances in End-User Computing from VMware appeared first on VMware End-User Computing Blog.

Read more..

Tackling the Top Threats in Cybersecurity with VMware TrustPoint

Searching for the term &#rsquo;cybersecurity&#rdquo; in your favorite search engine yields some interesting and somewhat alarming results. You will see advertisements from security vendors telling you not to become the &#rsquo;next target&#rdquo;. If you search within the U.S., the Department of Homeland Security website will likely show up. You may see yet another organization who just got hacked, maybe even for the second or third time in recent years.

Threats in the cyber world are showing up everywhere and every day. With the rise in bring-your-own (BYO) initiatives and workers using more devices for work, the most dangerous threats often show up on endpoints.

Organizations are struggling to get complete visibility of what is on their network to efficiently secure and manage their endpoints. An effective endpoint security and management strategy starts with a modern approach that can scale and respond quickly to today&#rsquo;s demands.

We introduced VMware TrustPoint to provide security and IT operations teams with complete endpoint visibility and control to secure and manage endpoints at speed and scale. Let us look at how TrustPoint can help tackle some of the most common cybersecurity threats trending in the enterprise today.

Tackling the Top Threats in Cybersecurity: Ransomware Example

Ransomware is a hot topic these days and for good reason. Hackers can essentially infect devices owned by users or organizations with ransomware, usually in the form of malicious code that disables access to files. The malicious actors then hold the user or organization at ransom until they meet demands, usually in the form of payment through bitcoin currency. This type of threat is very popular:

Nearly 50% of organizations had a ransomware attack between 2015 and 2016, per Osterman Research.

Because ransomware authors typically exploit endpoints running outdated software, enterprises can work to protect their network from ransomware by keeping software and patches up to date, something TrustPoint can help with.

Using TrustPoint, security and IT operations teams can simply ask a question, retrieve results in seconds and quickly act. For example, teams can use TrustPoint to query which endpoints are out of date with the latest patches from Microsoft Windows, Internet Explorer or any other application.

Unlike security tools with outdated architectures that rely on databases, TrustPoint is built on a modern communications platform which returns results in seconds from a live environment. Once the query completes, the security or IT team has the information they need to take the appropriate action to remediate the threat in real-time. In this example, IT can remotely distribute a patch across vulnerable endpoints.

Securing Unmanaged & BYO Endpoints

Having complete network visibility also helps security teams combat ransomware and other advanced threats. TrustPoint can quickly discover unmanaged endpoints and take actions to either gain control or prevent them from being a threat.

According to a recent SANS Institute report:

&#rsquo;You can prevent 80-90% of all known attacks by implementing and staying current on basic cyber hygiene.&#rdquo;

If you do not know how many IT assets are on your corporate network, how can you assess the impact of existing threats, like ransomware, and prevent IT assets from future threats? That is where a strong security hygiene strategy begins and what TrustPoint can help answer.

TrustPoint + AirWatch Together

The popularity of the Windows operating system (OS) in the enterprise created security and management challenges over the years, in part due to the traditional systems management approach forced upon IT. The release of Windows 10 signaled a shift from this traditional management approach to a mobile-first management approach called unified endpoint management (UEM).

Already the leader in enterprise mobility management (EMM), VMware AirWatch evolved into a platform that could not only secure and manage mobile device, but also Windows 10 endpoints. With AirWatch, organizations get the full benefit of a UEM platform to manage both mobile devices and desktops. Now with TrustPoint, organizations can extend the security and management of AirWatch-managed desktops.

Security and IT operations teams can find potential threats using TrustPoint, report them back to AirWatch and take action for automated compliance. Customers also benefit from having one vendor in VMware to secure and manage mobile, desktop and server environments.

Let us look at an example of the integration. An organization looks for unsigned applications on any Windows 10 device in its environment. Using TrustPoint, the security or IT operations team can run a query that will quickly find Windows 10 devices running these unsigned applications and tag them as compromised. Using AirWatch, the team defines a compliance policy to block VPN access from any compromised device. Any user using a device with an unsigned application will be blocked from connecting into the corporate network through VPN.

Security teams can take it a step further and set up different actions according to the various threat levels they define. This helps drive even stronger compliance and real-time threat containment across all endpoints in any environment.

The Next Era of Cybersecurity: It Is Time to Get Proactive

Other types of threats security teams need to focus on include rootkits, viruses, worms, trojans, adware and spyware. According to AV-Test:

Over 390,000 new malicious programs are registered every day.

Since viruses, worms, trojans and other types of malware have been around for decades, many organizations are still using tools from the &#lsquo;90s and 2000s to combat and remediate against old and new threats.

Signature-based security alone no longer helps, as 97% of malware is unique to a specific endpoint. Large organizations end up using dozens of point tools that cannot communicate with each other and do not provide a clear picture of overall security posture. TrustPoint can help address these inefficiencies.

Let&#rsquo;s say you identity a process as malicious and spreading through your environment, like a worm. Security teams can use TrustPoint to discover affected endpoints quickly by running a query that looks for a specific MD5 hash tied to the process. The team can then take action, such as quarantining the devices and then reimaging or uninstalling the app to bring the device back into compliance. You can further automate this process, so there is a continuous check for the malicious process.

We highlighted some of the top threats that cyber criminals use to expose enterprise organizations today. TrustPoint helps security and IT operations teams get visibility into their environment, so they can efficiently detect and remediate against these advanced threats and increase their security hygiene. With VMware ecosystem integrations, such as AirWatch, TrustPoint can give organizations a complete end-to-end security approach.

For more information on how TrustPoint can help you, visit vmware.com/products/trustpoint.html.

Because you liked this blog:

  • Mobile Leaks Are On the Rise: Should You Be Concerned?
  • New eBook: The Next 5 Big Things in Mobile Security
  • Bulletproof RDS: 30 Ways to Secure Remote Desktop Services

The post Tackling the Top Threats in Cybersecurity with VMware TrustPoint appeared first on VMware End-User Computing Blog.

Read more..

Highlighting Customer Success with VMware App Volumes

What do LCMC Health, BDP International, ANZ Bank and Maastricht University all have in common?

They all turned to VMware App Volumes to take the complexity out of application delivery and lifecycle management in VDI and published applications environments.

These organizations transformed the way they deliver and manage applications in their virtual desktop and published application platforms. In turn, they provide application access to make their end users more productive than ever before.

The industries these organizations come from are broad: healthcare, supply chain, financial services and education. Yet, all are working to accomplish the same goal: raise end-user productivity, while keeping IT costs low. Let&#rsquo;s take a look at how each of these App Volumes customers enhances application delivery and management in their VMware Horizon and Citrix environments.

LCMC Health

LCMC Health faced a daunting task in rebuilding their facilities following Hurricane Katrina. The IT staff at LCMC Health took this opportunity to figure out how to improve future IT services they wanted to deliver to their doctors and patients. They chose the VMware Horizon platform to increase agility in delivering desktops and applications, virtually. To lower OpEx costs of managing applications and to provide quicker application delivery, they use App Volumes on top of the Horizon platform. With this combination, they cut staff login time by 87.5%—leading to 35 minutes more patient engagement time per shift.

Watch their phenomenal App Volumes customer story on delivering modern healthcare:

[Related: LCMC Health Seizes the Opportunity for Faster Desktop Deployment & App Delivery]

BDP International

BDP International had major issues using their existing Citrix platform to deliver Google collaboration applications, known as G Suite. They decided to migrate to VMware Horizon for flexibility with both on-premises and cloud desktop and app delivery. The result? Great performance with faster response times.

Jason Bullock, Executive Director of IT Global Infrastructure & Support at BDP International, said:

&#rsquo;That was a real wake up call to say if we&#rsquo;re going to truly run this as an enterprise, we need to come up with a better solution than Citrix.&#rdquo;

Dive into BDP International’s unique App Volumes customer story below:

[Related: How BDP International Changed the Game by Moving from Citrix to VMware]

ANZ Bank

With the combination of VMware AirWatch and App Volumes, ANZ Bank took their mobile banking to a new level.

ANZ Bank speeds up mobile app development for its customers and employees using AirWatch. And to provide faster application delivery and updates to desktop applications running on their Citrix XenDesktop platform, ANZ Bank uses App Volumes, helping reduce:

  1. Downtime;
  2. Storage; and
  3. Operational costs.

Onboarding new employees has never been easier with the one-to-many provisioning capabilities of App Volumes. Watch this great video to learn more:

[Related: ANZ Bank Reimagines Banking with iPads & Mobility]

App Volumes 2.12: Faster Delivery, More Productive Users

The latest release of App Volumes 2.12 became generally available less than two months ago. Since then, we&#rsquo;ve received some great feedback on the core features and enhancements of this release.

Enhancing end-user experience with faster login and application launch times was one of the improvements in App Volumes 2.12. Lucien Haak, Team Manager EUC Operations at Maastricht University, was one of the first to test out App Volumes 2.12 and noted:

&#rsquo;We’ve tested with the new 2.12 version of App Volumes and see a decrease of login time by 30% to 50%, dependent on the amount of AppStacks a user has assigned.&#rdquo;

App Volumes 2.12 also contained improvements to:

  • Active Directory integration.
  • Security enhancements with agent to manager certificate validation.
  • Support for Windows 10 Anniversary Update and Office 2016.

The other major announcement in App Volumes 2.12 was an update to Instant Clone Technology for Citrix, currently in tech preview. Administrators can now instantly clone virtual desktops on the Citrix XenDesktop platform and then deliver applications using App Volumes. We have many customers, EUC Champions and partners current in this tech preview.

Marius Sandbu, Cloud Architect at EVRY Cloud Services, has a great blog showing the step-by-step process on getting started with the tech preview for Instant Clone Technology for Citrix. If you&#rsquo;re interested in learning more about the tech preview, feel free to comment below and we&#rsquo;ll be in touch.

Read how Enterprise Strategy Group describes the challenges involved with application management in virtual desktop and published application environments. Learn how App Volumes helps with VMware Horizon, XenApp, XenDesktop or a Microsoft RDS environment.

With faster application delivery and complete application lifecycle management, App Volumes enables businesses to reduce costs while providing better end user experience. Join us on Feb. 15 for EUC Insights 2017, where you&#rsquo;ll learn about not only App Volumes, but also how VMware helps organizations create and manage their digital workspace. Click here to register free today.

The post Highlighting Customer Success with VMware App Volumes appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom Categories

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 32 bytes)
in /home/content/36/8658336/html/goquecom/wp-includes/wp-db.php on line 2022

Query Monitor