Testing High Risk Activity Detection and Policy Enforcement

If the user’s device is determined to be at risk either due to a malicious app or malicious activity, the Harmony Mobile system notifies the user through in-app notifications, and also updates the risk level custom attribute value to the MobileIron Core system for that device. MobileIron Core receives the risk state change, and upon recognizing the risk level value tied to a Configuration Profile, enacts that policy.

In this example, the administrator blocks an app, for example, HeyWhatsApp. As a result, the user’s device is identified to be at High Risk (CHKP_Risk = High) due to the blocked app HeyWhatsApp installed on the device. The Harmony Mobile dashboard notifies the user, and marks the device as High Risk (CHKP_Risk = High) to the MobileIron Core system. The MobileIron Core system then enforces policy actions specified in the Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. Policy Profile.

Blocking a Test App

1. Log in to the Harmony Mobile dashboard.

2. Go to Forensics > Application and click for the app you want to block.

3. Select Edit app exception and click the policy you want to modify.

   

   The Application Exceptions section in the Application policy appears.

4. From the Action drop-down list, select Block.

   

5. Click Add.

6. To save the policy changes, click Save.

   

View of a Non-Compliant Device

The device with the blacklisted app must be in one of the Smart Groups that you created for the Devices At Risk. See Connecting the Harmony Mobile Protect app to your Device.

To see the non-compliant device in the Smart Group for Mobile Devices:

1. Go to Devices > Smart Device Groups and open your defined Smart Group for mobile devices.

2. Click View.

   The device is displayed.

If you configured an email notification, you receive an email from MobileIron Core.

Note - The data fields are similar for both iOS and Android users. The examples below are applicable for both platforms.

The user is not allowed to use the application until the user removes the blacklisted app, or changes the compliance policy settings. See Creating a Mitigation Process.

Harmony Mobile Protect app Notifications

The user receives Harmony Mobile Protect app notifications in the Mobile@Work app.

Example:

Administrator View on the Harmony Mobile Dashboard

On the Harmony Mobile Dashboard the Administrator can see the devices at High Risk.

1. On the Harmony Mobile Dashboard, go to Forensics

   A list of the Devices at Risk is displayed in the Device Risk section.

2. Select the specified device on the left-side list.

   You can see that the blacklisted app causes the High Risk state.

   Example:

   

Administrator View on the MobileIron Core Console

In the MobileIron Core Portal you can see these parameters:

• Dashboard tab- The devices in Out of Compliance status.

  Example:

  

• Device & Users tab:

  Custom Attribute tab: CHKP_Status = Active

  Example:

  

• Compliance tab: shows the violated Compliance Policy Rules and the applied Compliance Actions.

  Example: