By Jack Madden and Kyle Johnson
This is our weekly log of desktop virtualization, enterprise mobility, and end user computing news. If you’re an iPhone or iPad user, we hope you’re enjoying iOS 12!
Our blog posts
Jack: All of our thoughts on iOS 12, macOS Mojave, and the iPhone Xs and Xr. iOS 12 rolled out on Monday, iPhone Xs is out today, and macOS Mojave drops on Monday, so here’s a round up of all my recent coverage of Apple.
Kyle: What can we do to make browser extension security not awful? Malicious browser extensions keep popping up in the news. It’s enough to make you wonder when browsers will do more to ensure user security.
Jack: Microsoft Managed Desktop will provide devices and management as a service. Microsoft officially announced their managed service offering this week, so I dug into exactly what it is and whether there are any new management features included.
Colm: Real-world notes on deploying mobile threat defense. New contributor! Colm explains why mobile threat defense needs to be deployed and how it works.
Citrix announced two new features this week: optimized Skype for Business on Chromebooks, and optimizations for the web-based version of the Microsoft Teams client. What I thought was interesting is how the Teams web client optimization uses Browser Content Redirection (even though this is being positioned as a stand-in for future optimizations for the desktop Teams client). Since the Citrix client (i.e., Workspace app) has a browser in it, web content (such as Teams, including video calls) can be rendered locally. However, since it’s built into the Workspace app, you can still apply DLP and security policies. Citrix's browser content redirection for full browser content (not just HTML5 video) has been around since late 2017, and I’ve been a fan of this containerized desktop browser concept for years—as someone from the EMM space, the mobile app management-style functionality just makes sense. With browsing (and all the associated ads and tracking scripts) sucking up so many resources, why not redirect the rendering to the (secured) client to get better scalability in your server environment; plus users get a local browsing experience.
At VMworld 2018, VMware announced four new Trust Network partners: Check Point, Palo Alto Networks, Trend Micro, and Zscaler. Kyle covered the Trust Network last week, and as it happens, this week, we got some more details on what each security vendor will provide. Check Point’s mobile threat defense product, SandBlast Mobile, will integrate with Workspace ONE Intelligence, monitoring mobile devices and notifying users of any detected vulnerabilities—corporate apps can be removed until the device is cleared by the software. The integration with Palo Alto Networks covers firewalls that can detect potential and known threats, while also preventing data leakage. Trend Micro’s partnership involves their Smart Protection Suites for advanced endpoint protection; IT can also set up automation rules to help remove said threats from devices. Finally, Zscaler is integrating three solutions: Zscaler Internet Access, Zscaler Private Access, and Zscaler Application. Via Zscaler, users can access corporate SaaS apps from anywhere, while Zscaler monitors the devices for security compliance, providing automated policies that can remove corporate apps or block certain usage if a violation is detected.
ManageEngine announced on Tuesday the release of Browser Security Plus. We first heard about this new tool after writing about sketchy Chrome browser extensions. Browser Security Plus is a management dashboard for IT to secure browsers, currently Firefox, Chrome, Edge, and Internet Explorer. From the dashboard, IT can create and push policies, manage/restrict/etc. browser extensions and plug-ins, and more. Kyle got to play with it a little bit, and notes that it seems very much like any other management dashboard, with no surprises. Jack was particularly interested in the ability to separate work and personal browsing, leveraging Windows Defender Application Guard in the background.
Sapho announced new machine learning capabilities this week. They’re the makers of an enterprise workflow/micro app platform, a concept that I mentioned last week as a possible solution to mobile app security issues in SaaS platforms. Basically, Sapho’s machine learning takes app integrations that you’ve already built and then watches for anomalous data points, then sends users an alert. For example, if you have an integration to approve travel expenses every month, and then suddenly your expenses are twice what they usually are, it will notify you. I caught up with Sapho’s Natalie Lambert (she’s the VP of marketing, and many in our space will also know her from her time at Citrix) to get a picture of their usual use cases these days. A lot of organizations are starting with 3 to 5 micro apps, and a lot of the use cases are things like approvals for purchase orders and requisitions, or for things like requesting time off. Natalie also mentioned that Workday, Concur, and SAP were some of the top systems that customers start out with. I was also interested to learn that they have customers with pretty significant scale, in the 50 to 100,000 user range, and as high as over 200,000 users.
The Apple iOS 12 security white paper (PDF) is out. Usually it’s not out for months, so enjoy this as your Friday afternoon read.
Google published a list of Android device models that have the majority of their respective deployed units running a security update from the last 90 days; the list comprises over 250 models.
Safari finally displays favicons in the tab bar. About time.
Other reads this week
Epic has a team dedicated to taking down scam versions of Fortnite. (Epic blog, via Benedict Evans.) Well, it’s good that they’re doing that, but as we wrote, the mobile security space is concerned about Fortnite anyway.