1. Service overview

Wandera provides zero trust cloud security for enterprises to protect their remote users. Wandera’s services (“Services”) protect against threats, filter content and enable secure access to cloud and private applications. The Services are enabled though the Wandera Security Cloud delivered across a global network, and managed through a customer administration console called RADAR.

The three core Services are Jamf Threat Defense, Jamf Data Policy and Jamf Private Access.

Jamf Threat Defense protects against threats to remote user devices, such as malware, rogue or insecure applications, phishing, cryptojacking, data exfiltration and network attacks. Threats are detected at the endpoint via Wandera’s endpoint application, and also prevented in the network via Jamf’s Security Cloud. As well as protecting against threats, Wandera helps organizations detect vulnerabilities, flagging potential risks such as outdated OS versions or risky configuration settings. The solution is designed to integrate with leading UEM and SIEM offerings.

Jamf Data Policy provides web content filtering across all remote user traffic (both cellular and Wi-Fi) and data management features like tethering control, data capping and compression. The solution is easy to deploy, featuring the installation of an endpoint application and remote user traffic routing via Jamf’s Security Cloud. The solution integrates seamlessly with leading UEM solutions to further simplify deployment and enable synchronized device lifecycle management. Wandera’s Data Policy is also available on Windows 10 devices via installation of a tamper-proof client.

Jamf Private Access provides secure remote access to applications using Zero Trust Network Access (ZTNA) principles. The solution integrates seamlessly with IdP solutions such as MSFT AAD, Okta and Ping Identity for modern authentication. Jamf Private Access supports public, private cloud, SaaS and on-prem tunnelling and access can be configured using identity, risk and other context-based policies.

2. Architecture, Key Features & Support

The Wandera solution includes an application installed on employee devices and an online portal for admins to configure, analyze and control the solution.

wdt_ID Features Jamf Threat Defense Jamf Data Policy Jamf Private Access
3 Network Threat and Malware Detection 
4 Zero-Day Phishing and Content Security Protection
5 Application Vetting
6 Device Vulnerability Management
7 UEM Conditional Access
9 Web Content Filtering on Cellular and Wifi networks
10 Data Usage and Tethering Control
11 Contextual Data Policy Configuration
12 Shadow IT Control
14 Zero Trust Network Access

2.1 Endpoint Application

The Wandera application is installed on employee laptops, smartphones and tablets, and configures dynamic traffic steering options to the Jamf Security Cloud, and provides active detection of threats and device risk, real-time notifications and reports to employees.

2.2 Jamf Security Cloud

The Jamf Security Cloud is a distributed edge network delivered from secure global data centers. The Security Cloud uses a mix of technologies including Cloud Gateway (HTTP/S proxy), DNS and Cloud SDP to process remote user traffic in real-time, enabling secure access to the Internet, private apps and preventing cyber threats while safeguarding user privacy.

2.3 MI:RIAM Threat Intelligence

MI:RIAM is our advanced machine learning and threat intelligence engine. Powered by billions of daily inputs from millions of remote user endpoints, MI:RIAM continuously analyzes these vast quantities of real-time data to detect and prevent new threats.

2.4 RADAR Admin Console

Device deployment, policies, groups, service settings and reports are all managed through a single administrative portal named RADAR. RADAR supports SSO and MFA for industry leading security.

2.5. IdP Integration

The solution integrates seamlessly with IdP solutions such as MSFT AAD, Okta and Ping Identity for modern authentication and SSO, both for end users and administrators.

2.6 UEM Connector

An optional component of the Wandera architecture, this connects with your UEM/EMM/MDM solution to provide seamless deployment and additional security features such as conditional access and integrated compliance policies.

2.7 SIEM/SOAR Integration

Integrate Wandera’s threat events into your existing SIEM/SOAR platforms via APIs.

2.8 Data Anonymization

Optionally, you can use pseudonyms instead of personal identifiable information to protect user privacy. Administrator reports are restricted to aggregate data only.

2.9 Device Support

Wandera works on almost all remote user devices including iOS, Windows 10, Android and Mac. For a more detailed description of which products we can support, visit the Wandera knowledgebase.