Configuring endpoint security policies

Endpoint security (EPS) policies deploy threat detections and remediation actions to managed devices.

An endpoint security policy is a collection of multiple policy types. Each policy type consists of a specific subset of threat detection settings and remediation actions. You can create multiple endpoint security policies for each policy type, but only one policy is applied to a single device. IBM® MaaS360® supports the following Risk rule types.
  • Aggregated threshold-based
    • Phishing
    • App permissions
  • Device state-based rule
    • Device Security
    • Privileges
    • Risky apps

Remediation actions

Remediation actions are pre-defined actions set by the administrators by using MaaS360 endpoint security policies to address various security threats. When a security threat is detected, MaaS360 issues the prescribed action that is configured against that threat. For example, MaaS360 blocks access to corporate resources if a malware infection is detected on the device.
Note:
  • For Device state-based rules, MaaS360 reevaluates the security risk and resolves the risk incident on the Security Dashboard.
  • For Aggregated threshold-based rules, the application automatically reduces the risk score over the period and deletes the risk incidents on the Security Dashboard.

    For example, when the device receives multiple malicious messages, it creates violations with a risk score of 75 and a severity High for that device. The application reduces the risk score with the same severity over the period and deletes the violation when the risk score becomes less than one. However, in case similar incidents occur repeatedly during this process, the risk score, and severity get updated according to configured risk rules.

MaaS360 supports the following remediation actions.
Policy type Remediation action
Device Security > Malware detection Blocks corporate access
Device Security > Insecure Wi-Fi Notifies the user
Privileges > Detect excessive user account privileges Revokes a privilege
Privileges > Detect malicious users by username
  • Disables the user
  • Deletes the user

Creating and publishing endpoint security policies

Follow the steps to create and publish EPS policies.
  1. From the IBM MaaS360 Portal home page, select Security > Policies.
  2. Click Add Policy.
  3. Enter the following details.
    Setting Description
    Name The name of the policy.
    Description The description of the policy.
    Type The type of the policy that you want to create. Select EPS policy to create and configure EPS policy settings.
    Start From The basis for the new policy. You can start from one of the following options:
    • My Existing Policies: MaaS360 copies the policy configurations from existing policies.
  4. Click Continue.
  5. On the Policy Details page, click Edit to configure policy settings.
  6. Do one of the following actions.
    • Click Save to save the changes locally.
    • Click Save and Publish to save and deploy the policy to devices.

Policy assignments

Assign endpoint security policies to a device, user, device group, or user group from the corresponding workflows.

Devices

Follow the steps to assign a policy to a device.
  1. From the IBM MaaS360 Portal home page, go to Devices > Inventory.
  2. Click View under the device name.
  3. On the Device Summary page, click More > Change Policy.
  4. Select a policy in Endpoint Security Policy and click Submit.

Users

Follow the steps to assign a policy to a user.
  1. From the IBM MaaS360 Portal home page, go to Users > Directory.
  2. Click View under the username.
  3. On the User Summary page, click Change Policy.
  4. Select a policy in Endpoint Security Policy and click Save.

Devices or user groups

Follow the steps to assign a policy to a device or user group.
  1. Go to Devices > Groups for device groups and Users > Groups for user groups.
  2. Hover over the More option under the device group and select Change Policy.
  3. Select a policy set in Endpoint Security Policy and click Submit.