Automating Agent-less Vulnerability Assessment for Intune Enrolled Mobile Devices

Most Mobile Device Management solutions lack critical functionality such as vulnerability assessment and patch management. Integration with a popular MDM like Microsoft Intune allows Qualys to provide automated onboarding and continuous scanning of your mobile devices, among other functions to provide complete security posture of mobile devices.

Mobile devices play a crucial role in every business process today – whether in bank branches, manufacturing sites, or retail stores. Phones and tablets are now hosting business applications and data that is subject to regulatory compliance and security. Due to an increase in the attack surface for mobile devices, securing mobile devices is an ongoing challenge.

Recently more data breach attacks have originated through Pegasus spyware, and Apple has issued an immediate release five times this year to fix critical zero-day vulnerabilities. Such data breach attacks can only occur if the device is vulnerable. The vulnerabilities of Android and iOS have drastically increased, with a significant increase in vulnerabilities that can cause data leaks. Attackers can get control of mobile devices using code execution, Overflow, Gain Information, and DoS in Android and iOS.

The Limitations of MDM and EMM Solutions

Solutions such as Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) do not provide adequate visibility into these vulnerabilities and do not help to patch them.

MDM/EMM fulfills only IT team requirements, not the Security team’s, and the Security team may not use these solutions to produce security and audit reports. MDM solutions do not provide visibility into common vulnerabilities, and they also fail to provide the complete security posture of any given device. Due to this lack of visibility into vulnerabilities and no patch management, an organization’s devices are left more prone to data breach attacks.

Enterprises need a mobile security solution that secures all mobile devices, continuously monitors them, and delivers visibility into their security posture. One major challenge with most mobile security solutions is the onboarding process because it is dependent on manual intervention by end-users. Automation is another challenge. Once onboarded, vulnerability assessment should happen continuously via automation. Mobile security should have the ability to share vulnerabilities data with the SIEM system so that remediation actions can be scheduled.

Since most MDMs lack these functions, Qualys has begun the process of integrating with some of the more popular ones to provide seamless vulnerability assessment, beginning with Microsoft Intune.

Automated Vulnerability Assessment through Microsoft Intune

Automated onboarding and vulnerability assessment are both critical capabilities, and every mobile security solution should provide them. Qualys VMDR for mobile devices brings automation to the onboarding process through integration with Microsoft Intune. Now VMDR can scan your Intune MDM enrolled devices without installing the Qualys Cloud Agent, and with no end-user intervention required.

Once a device is onboarded, a continuous vulnerability assessment is completed based on the latest synced data, without the need for manual intervention. Through Qualys APIs, you can sync Qualys vulnerabilities detection data with your internal SIEM to configure remediation actions. You can also perform remote actions from Qualys portal directly on devices.

Configure Connectors to Discover Vulnerable Devices

To sync your enrolled devices from Microsoft Intune with Qualys VMDR for mobile devices, you must first configure the connectors. Initially, you can sync only those devices that are enrolled in Intune MDM/EMM using the connector. Soon, we will introduce support for other MDMs too like AirWatch and Mass360, etc.

The connector configuration is a “one and done” activity. You can refer to the Secure Enterprise Mobility User Guide for more configuration information. Once the connector is configured and syncs successfully, you will see the Intune enrolled devices in Qualys, and vulnerability assessment result. Also, on every connector sync, the vulnerability scan will be done.

You can search all of your synced devices using the configured connector by entering the following QQL query on the Inventory tab. It will list all the synced devices, and you can review the vulnerabilities count against each synced device:

Connect.id:120 and asset.status:”Enrolled”

The assets synced from Intune are also synced to Qualys CSAM/Global Asset Inventory. You can perform actions remotely like Send Messaged, and Factory Reset in case any devices become critically compromised.

Qualys/Intune Integration is now available to all customers having the VMDR for mobile devices subscription. Contact your Technical Account Manager (TAM) or Support to get this functionality enabled for your subscription today!

If you are not yet a part of the Qualys community, you can explore VMDR for Mobile Devices by signing up for a free trial.