Configure Mobile Protection Settings
After your Cybereason Mobile platform deployment completes and you have synced the devices between your UEM/MDM platform and Cybereason Mobile, you have a number of other settings to configure. Some of these settings you will set yourself while others are set by your Cybereason Mobile team.
In this topic:
Set the threat policy
You can enable different threats and remediation actions for the devices in your organization.
To enable or disable threats, follow these steps:
In your Cybereason platform, open the Security Profile > Mobile security profile screen.
In the Mobile Profile screen, select the Threat Response tab.
In the Threat Response tab, enable or disable the activity detections you need.
For some threat types, you may need to expand the row to display other subtypes of detections.
For each detection, in the Alerts column, toggle the option to alert the device user. You can also select the option to Notify for every occurrence to notify the user each time Cybereason Mobile detects the threat.
When available, in the Auto response column, for specific threat alerts, select the possible response action (Block device traffic or Secure* device traffic through a secure channel):
Action
Included Alerts
Block
Supported threat alerts include:
Phishing
Data Leaks
Malware Network Traffic
Cryptojacking
Spam
Download from a Third-Party App Store
Malware
Risky iOS Profile
Secure
Supported threat alerts include:
Risky Hotspots
Man-in-the-Middle attacks (including all subtypes of threat alerts)
Above the threat list, click Save to update all changes.
For details on each threat, see Cybereason Mobile Threat Alerts.
Add UEM tags to alert your UEM/MDM platform
You can add specific tags for each threat to enable your UEM/MDM platform to perform specific response actions when Cybereason Mobile detects the threat on a device.
The use of tags is supported on these MDM platforms:
Workspace ONE
Microsoft Endpoint Manager (formerly Intune)
IBM MaaS360
MobileIron Core
Note
Certain UEM/MDM platforms have additional response actions that are specific to the UEM/MDM platform and are performed by the UEM/MDM platform. These response actions are performed based on the UEM tags you add.
These response actions performed by the UEM/MDM platform are different from the automatic response actions performed by Cybereason Mobile.
To add UEM tags, follow these steps:
As part of the process to integrate your UEM/MDM platform with Cybereason Mobile, ensure that you configure conditional access for your UEM/MDM platform.
For details on how to set up conditional access, see:
In the Security Policy > Mobile security policy screen, next to the threat, click the + button to open the edit field to add a tag.
Enter the tag from your UEM/MDM platform to use. These tags are created by your UEM/MDM platform administrators.
As you type, the Mobile security policy screen displays available tags that match your current entry.
Click Save to update all changes.
Add trusted root certificates
To help the detection of mobile threats, Cybereason Mobile cryptographically analyzes various SSL certificates and their issuers to verify the certificate using known global root certificate authorities. If your mobile infrastructure utilizes other internal certificates or certificate authorities, Cybereason Mobile may generate unnecessary security alerts for these certificates.
You should upload your trusted root certificates in your Mobile security profile to prevent these events.
To add a trusted root certificate, follow these steps:
In the Cybereason platform, navigate to the Security Profile > Mobile security policy screen.
In the Mobile security policy screen, open the Trusted root certificates tab.
In the main part of the Trusted Root Certificate tab, drag the certificate to the edit area or click the edit area to browse to the certificate file.
Click Save to update all changes.
Update your Service Control settings
Service Controls in Cybereason Mobile enable you to control more advanced settings for your devices, such as profile PIN locks, routing options, and data routing options, data privacy mode, and advanced APN preferences.
Your Cybereason Mobile team will help you set these options in your Cybereason Mobile instance but you should be aware of the options you have.
You can set the following options:
Option |
Details |
Pin locked Profiles (iOS devices only) |
This option enables you to prevent users from removing the Cybereason Mobile sensor (Wandera app) from a device. When enabled, this requires the device user to enter a PIN number to remove the app and its associated profile from their device. These PIN codes are dynamically generated by Cybereason Mobile and are unique to the device. Due to change by Apple for app permissions, this option is available in a different manner for different iOS versions:
|
Privacy mode |
End-user privacy is a growing concern for organizations, especially as regional regulations take hold to protect individuals and their digital lives. By default, Cybereason Mobile displays the real user information, including web browsing and app activity in reports. This setting enables you to anonymize user information and activity in reports where this information is normally included. |
Search Engines |
You can also enable the use of SafeSearch for all devices that use the Proxy level of protection. If you enable Google SafeSearch, all proxy-enabled devices will have Google search results filtered. |