MTP
MTP AirWatch Integration Guide
FireEye and the FireEye logo are registered trademarks of FireEye, Inc. in the United States and other countries. All other trademarks are the property of their respective owners.
FireEye assumes no responsibility for any inaccuracies in this document. FireEye reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Copyright © 2015 FireEye, Inc. All rights reserved.
Mobile Threat Prevention AirWatch Integration Guide
Contents
About the FireEye MTP Service
1
About FireEye Mobile Threat Protection Platform 1
About AirWatch 1
About Unified Mobile Threat Policy Enforcement 2
Applying Policy to Enforce Malware Removal 2
Restoring Functionality When Malware is Removed 2
Deploying the MTP Service with AirWatch
4
Types of Deployment 4
AirWatch Managed Client Communication 4
MTP Managed Client Communication 4
Deployment Requirements 4
Integrating MTP with AirWatch
6
Connecting MTP to the AirWatch Server 6
Prerequisites 7
About the FireEye MTP Service
FireEye has partnered with AirWatch by VMware to provide a unified mobile threat detection and policy enforcement solution. FireEye Mobile Threat Prevention (MTP) service monitors mobile devices on your network and detects threats that can be used to exploit your network. AirWatch Mobile Device Management uses this information to restrict network access to compromised mobile devices.
About FireEye Mobile Threat Protection Platform
The MTP service detects malware found on mobile devices. MTP is made up of three components:l FireEye MTP appliance or cloud service. A hardware appliance or cloud service that
manages the communication between the MTP cloud service, mobile devices and the AirWatch appliance.
l FireEye MTP Cloud service. A cloud-based service that tests mobile apps for security
threats and maintains an up-to-date database of all known threats associated with tested mobile apps. The MTP cloud service extends the FireEye Malware Prevention Platform to mobile devices.
l FireEye Mobile Security App. An application that resides on each mobile device on the
network. This application detects any new or updated applications on the mobile device and forwards this new or updated application to the MTP appliance for processing.
About AirWatch
About Unified Mobile Threat Policy Enforcement
The Mobile Threat Prevention™ service monitors and detects malware on mobile devices on a network. Each time a user adds or updates a app to his or her device, the client app scans the device and sends the scan data to the MTP appliance. The MTP forwards the app information to the FireEye Mobile Threat Protection (MTP) cloud service, which sends analysis data through MTP to AirWatch. AirWatch uses the analysis data to enforce security policies.
Applying Policy to Enforce Malware Removal
One possible use case for unified mobile threat policy enforcement is to require users to remove malware from their devices. With unified mobile threat policy enforcement, MTP will alert AirWatch of any malicious apps on a device, and AirWatch can then enforce a policy, such as blocking Wi-Fi.
If a user downloads a malicious app, MTP analyzes the device and reports the incident to AirWatch, which then blocks the user's email service on that device.
Restoring Functionality When Malware is Removed
When a user removes a malicious app, MTP scans the app, and sends the scan data to AirWatch. AirWatch then restores email to the device.
Deploying the MTP Service with AirWatch
This section will guide you through the steps required to successfully add the Mobile Threat Protection service to your network.
Types of Deployment
There are two ways to deploy the MTP service with the AirWatch system:
l AirWatch managed client communication l MTP managed client communication
AirWatch Managed Client Communication
With AirWatch managed client communication, you do not deploy the FireEye MTP client application on each user’s mobile device.
To specify AirWatch managed client communication select the Periodic Sync checkbox within the AirWatch Settings section of the Web UI Settings tab.
MTP Managed Client Communication
With MTP managed client communication, the MTP server communicates directly with user’s mobile devices over the network’s WiFi network. MTP managed client communication is recommended.
To use MTP managed client communication, each user’s mobile device needs to have the FireEye MPT client application installed.
To specify MTP managed client communication deselect the Periodic Sync checkbox within the AirWatch Settings section of the Web UI Settings tab.
Deployment Requirements
Before you can add the FireEye MTP service on your network, you need the following:
Release 1.0 Deployment Requirements
l An AirWatch server running on your network with a current AirWatch license
l The AirWatch client application installed on all mobile devices to be protected by the
FireEye MTP solution
l An AirWatch user account and password to be used by the FireEye MTP appliance to
access the AirWatch instance
l A FireEye MTP appliance installed on your network with a active connection to the MTP
Cloud service (only required for MTP Managed Client Communication)
l The following licenses installed on the MTP appliance: l A current FireEye MTP appliance license l A current FireEye support license
Integrating MTP with AirWatch
This section describes how to integrate an existing installation of the FireEye MTP Management console with AirWatch. The following information is covered:
Connecting MTP to the AirWatch Server 6
If you have not yet installed the FireEye MTP management console, you can integrate with AirWatch as part of the initial login and setup procedure. See the following documents:
l FireEye MTP Management Appliance System Administration Guide l FireEyeMTP Management Cloud System Administration Guide
Connecting MTP to the AirWatch Server
You should use the MTP Management console Web UI to configure the AirWatch connection.
Release 1.0 Connecting MTP to the AirWatch Server
Prerequisites
l The AirWatch server installed on the network.
l An AirWatch user account and password to be used by the MTP management console. l The AirWatch API Key used to authenticate access the AirWatch APIs
l An AirWatch App Group defined on the AirWatch appliance
l A compliance policy that uses a blacklist to block malicious apps associated with the
AirWatch App Group defined on the AirWatch appliance
l The MTP management console installed on the network with a direct network access to
the AirWatch server.
Follow the steps in this section to connect to the AirWatch server.
To connect to AirWatch:
1. In the MTP Web UI, click the Settings tab.
2. Enter the hostname or URL of the AirWatch API port. 3. Enter the pre-defined AirWatch user name and password. 4. Enter the AirWatch API Key.
5. Enter the HighRisk App group name. This HighRisk App group name should match the App Group added to th eAirWatch console.
6. Select the Active checkbox.
The Active checkbox enables the connection between AirWatch and the MTP management console.
7. If you are not deploying the FireEye Mobile Security app on each mobile device, select the
Periodic Sync checkbox.
What To Do Next
After reviewing this document, see the FireEye Mobile Threat Protection documentation for further information about keeping your enterprise safe from mobile threats.
For technical support, contact FireEye in the following ways:
l Email us [email protected]
l Call us at 1.877.FIREEYE (USA); +44.203.106.4828 (UK); 1.408.321.6300 (Outside the
USA)
l Visit the FireEye Customer Support Portal (login required):https://csportal.fireeye.com/