MaaS360 Endpoint Threat Management
Information about Endpoint Threat Management capabilities, configuration steps, and detailed overview of threat detections.
Endpoint Threat Management (ETM) protects managed devices and corporate data from advanced security threats. When ETM is enabled, MaaS360 monitors devices with the aim of identifying suspicious activities and responding to security threats in real-time. When a threat is detected, MaaS360 initiates a predefined remediation action and shares threat intelligence with the MaaS360 Portal. As a security admin, you can review the overall threat activity and security posture of your organization in a centralized dashboard.
MaaS360 supports the following threat detections:
- SMS and Email Phishing
- Jailbroken/Rooted devices
- Insecure Wi-Fi
- Excessive App Permission
- Excessive user privileges
- Malicious users
- Advanced device configuration
Supported operating systems
- Endpoint Security Policies: Endpoint security (EPS) policies include policy types, and rules and remediation actions for each policy type. These policies configure security settings such as SMS protection and App Security on target devices.
- Risk Rules: A risk rule is a condition that rates the severity of risk incidents into predefined categories: High, Medium, or Low. When a risk incident is detected, MaaS360 validates that risk incident against your risk rule to calculate the severity and risk score for devices and users.
- Dashboard: The Security Dashboard provides a visual representation of the threat activity and security posture of your organization. MaaS360 pulls threat information from managed devices and displays that information on the dashboard in the form of widgets. The Security Dashboard includes several widgets that allow you to review security events such as aggregated device health status, average risk score trend, top risk incidents, top risk users, top risk devices, and average risk scores. You can click some of the charts on the widgets to view detailed information about security events.
- MaaS360 agent app: MaaS360 uses the agent app to monitor the device for security threats and to share threat information with the MaaS360 Portal. Depending on the type of detection, the MaaS360 agent app displays a list of security events that occur on the device in the Security app. Users can use the Security app to perform protective actions such as deleting emails that contain malicious URLs and revoking excessive app permissions.