October 01, 2024

Vulnerability Management and Remediation with Workspace ONE Intelligence

Workspace ONE Intelligence provides comprehensive tools for vulnerability management and remediation. Administrators can easily monitor, prioritize, and address security risks with built-in and customizable dashboards.

Effective security vulnerability management is crucial for IT teams that oversee mobile devices and desktops in workspaces. With the increasing use of mobile and desktop devices in professional environments, these systems often serve as entry points for cyber threats. Proactively identifying and mitigating vulnerabilities helps prevent unauthorized access, data breaches, and other security incidents. By regularly updating software, monitoring for potential threats, and implementing security patches, IT departments can better protect sensitive corporate data and maintain the integrity of their networks.

Vulnerability Management Data Sources and Relationships

Workspace ONE currently integrates vulnerability data from CVE (Common Vulnerabilities and Exposures) and the NVD (National Vulnerability Database). At the same time, Workspace ONE Intelligence collects diverse information from Workspace ONE UEM, such as OS versions, device models, application details, and custom sensor data. By correlating this data with CVE and NVD sources, Intelligence delivers a holistic view of vulnerabilities across your device fleet, enhancing decision-making and enabling automated remediation to secure your organization's workspace environment.

Besides CVE and NVD, there are other acronyms/terms that are frequently used in the vulnerability management and remediation of Intelligence, including NIST, MITRE, and CVSS. They each play a unique role in identifying, managing and mitigating vulnerabilities. Let’s break down each term of their relationships.

  • NIST (National Institute of Standards and Technology): It is a U.S. government agency that develops standards, guidelines, and best practices for various industries, including cybersecurity.
    NIST maintains the NVD, a critical resource for cybersecurity professionals. 
  • NVD (National Vulnerability Database): It is a comprehensive vulnerability database maintained by NIST, providing enhanced information on vulnerabilities listed in the CVE system, such as CVSS scores, impact ratings, vulnerability types, etc.
  • MITRE: It is a non-profit organization that operates federally funded research and development centers for the U.S. government.
    MITRE manages the CVE system, ensuring that vulnerabilities are consistently identified across the industry. These CVEs are then fed into NIST's NVD, where additional details and severity scores (like CVSS) are added.
  • CVE (Common Vulnerabilities and Exposures): A standardized list of publicly disclosed cybersecurity flaws, each assigned a unique identifier (CVE ID), making it easier for organizations to share information, prioritize fixes and protect their systems.
  • CVSS (Common Vulnerability Scoring System): A standardized scoring system that assesses the severity of vulnerabilities. It assigns a score from 0 to 10 based on factors such as exploitability and impact, which helps organizations understand the impact of vulnerabilities in a quantitative way and prioritize their responses accordingly.

Note: For definitions and descriptions, see Vulnerability Management data definitions in the Omnissa documentation.

Vulnerability Management and Remediation Overview

Prerequisites of Vulnerability Management

Before leveraging CVE and CVSS within Intelligence, here are the prerequisites:

  • Supported Workspace ONE UEM Console Versions: For information on general availability, end of availability, and end of support dates for all Workspace ONE UEM console releases, refer to this Omnissa KB link.
  • Admin Role Requirements: Ensure you have an admin role with Intelligence permissions and the necessary license to utilize the vulnerability management features. For any questions regarding licensing, reach out to your account executive for further details.
  • Workspace ONE UEM integration with Workspace ONE Intelligence. Refer to Workspace ONE UEM Integration in the Omnissa documentation.

SLA (Service-Level Agreements) Definition 

An SLA allows administrators to define the expected remediation time based on the severity of a vulnerability, as determined by CVSS scores. Generally, critical and high-risk vulnerabilities should be addressed promptly to minimize the risk of exploitation. Administrators can work with their InfoSec team to configure the SLAs, depending on the organization’s security protocols. This document on the Vulnerability Management Solution provides a guide for configuring SLAs. Currently, OS patching SLAs are only available for Windows and iOS.

Built-in Dashboards for Vulnerability Monitoring

Workspace ONE Intelligence includes built-in dashboards that provide administrators with a quick overview of device vulnerabilities.

To view the vulnerability dashboards of Windows and iOS (Figure 1), you can navigate to the Intelligence console, then Workspace > Workspace Security > Vulnerability Management. These two pie charts display the distribution of device numbers based on CVSS scores, giving IT administrators a clear overview of the percentage of devices at various vulnerability levels.

A screenshot of a computer</p> <p>Description automatically generated

Figure 1: Dashboards of Windows and iOS Vulnerabilities

To explore the details, you can click 'View Dashboard' in Figure 1. Figures 2 and 3 display the layout of the iOS Vulnerability Management dashboard. The first things you'll notice are the number of available critical updates, the count of potentially vulnerable iOS devices, any newly identified vulnerabilities, and the various types of vulnerabilities categorized by CVSS scores. This is followed by a diagram showing the patch status, detailing the number of devices with completed updates and those overdue under different SLAs.A screenshot of a computer</p> <p>Description automatically generated 

Figure 2: Partial Built-in Vulnerability Dashboard for iOS in Workspace ONE Intelligence (1)

Scrolling down the dashboard reveals the CVSS score breakdown chart, as shown in the overview dashboard in Figure 1. Next to it is the chart displaying the iOS update status. Below are the CVE details, including the CVE ID, CVSS score, publication date, and affected devices. To explore more (Figure 4), click the CVE ID and then select Learn More beneath it to access the related knowledge base (KB) article for that specific CVE.

A screenshot of a computer</p> <p>Description automatically generated

Figure 3: Partial Built-in Vulnerability Dashboard for iOS in Workspace ONE Intelligence (2)

A screenshot of a computer</p> <p>Description automatically generated

Figure 4: External link to a NIST article providing detailed information on a specific CVE

Getting access to Windows vulnerability management dashboard is very similar to iOS vulnerability management dashboard. However, to view macOS Vulnerability management dashboard, you can click the link that is above the Windows dashboard in Figure 1. Alternatively, you can also navigate to Workspace > Workspace Security > Security Risk > Vulnerabilities > Apple macOS Vulnerabilities (Figure 5).

A screenshot of a computer</p> <p>Description automatically generated

Figure 5: Dashboards of Windows and macOS Vulnerabilities

Marketplace for Vulnerability Monitoring

In addition to the built-in dashboards for vulnerability monitoring, we can leverage the marketplace to explore existing templates for dashboards, widgets, and reports specifically related to CVEs. For instance, by navigating to Marketplace > Templates > Widgets and filtering for vulnerability-related security widgets, you can find several pre-existing widget templates (Figure 6) that can be added to your dashboard with just a few clicks.

A screenshot of a computer</p> <p>Description automatically generated

Figure 6: Widget Templates for Vulnerability Monitoring

Vulnerability Remediation

Freestyle Workflows can be used to automate vulnerability remediation process. For instance, for iOS devices with a high CVSS score (e.g., 9.8), a workflow can be configured to automatically schedule an OS update to address and resolve the identified vulnerability. If your UEM version is 2406 or higher and supports Declarative Device Management (DDM), you can also use UEM's software update enforcement to keep iOS devices up-to-date and secure. This feature offers automated update controls to ensure efficient and timely updates.

Summary

Workspace ONE Intelligence offers robust solutions for vulnerability management and remediation. Administrators can use built-in and customizable dashboards, along with automated freestyle workflows, to monitor, prioritize, and address vulnerabilities efficiently. This enhances the organization's security posture and simplifies the patch management process.

Filter Tags

Workspace ONE Workspace ONE Intelligence Workspace ONE UEM Blog Announcement Overview

Yan Luo

Read More from the Author

Yan Luo is currently a Senior Customer Success Engineer at Omnissa, where he provides technical guidance and helps customers succeed by adopting Omnissa products.