1. Startseite
  2. Blog
  3. Elevating mobile security with Knox Asset Intelligence and Microsoft Sentinel integration
Heute

Elevating mobile security with Knox Asset Intelligence and Microsoft Sentinel integration

Samsung Knox team
Oberes Bild

As the role of mobile devices expands for enterprises, so does the need for robust mobile security solutions to combat evolving threats. These devices are increasingly being used by employees to access business networks and resources, leading to significant risks should a security incident occur.

Therefore, it is critical that security solutions are designed to monitor and defend not just PCs or laptops, but also tablets, smartphones, and other mobile devices. Unfortunately, in today’s security operations landscape, a Security Operations Center (SOC) has much less visibility into mobile devices compared to PCs or servers.

As a leading innovator in mobile security, Samsung has integrated Knox Asset Intelligence with Microsoft Sentinel, a scalable, cloud-native Security Information and Event Management (SIEM) solution, to provide enterprises with unprecedented visibility into potential security threats to their mobile device fleets.

This collaboration builds upon existing Samsung Knox solutions to provide centralized monitoring and protection of select enterprise Samsung Galaxy devices directly from within the SOC, establishing Samsung as the first mobile device OEM to deliver a direct-to-SOC connector in the industry.

Prior to this industry-first integration, businesses could only access partial mobile security threat information from enterprise Samsung Galaxy devices through third-party solutions. By leveraging Samsung's powerful on-device monitoring solutions, IT and Security teams can now gain centralized visibility into mobile security threats directly from within their SOC, greatly enhancing their mobile security threat detection and response efforts.

 

Table of contents:

 

How this new integration enhances visibility for mobile security

Knox Asset Intelligence provides enterprise SOC teams with the ability to continuously monitor enrolled Samsung devices for security events and can be deployed by using the Samsung Knox Asset Intelligence for Sentinel solution, now available in the Azure Marketplace and on the Microsoft Sentinel Content Hub.

Once the solution is deployed in Sentinel, IT and security personnel can configure on-device security logs to send alerts for detected security threats directly to the SOC.

To help maintain user privacy at all times, on-device filtering mechanisms are put in place to remove any personal user data before the alert is sent.

Once it reaches the SOC, analysts and enterprise security teams can then view and manage these alerts, prompting their triaging, investigation, and incident response efforts.

By leveraging device-level data not available from third-party solution providers, this integration can greatly reduce the time needed for SOC analysts to detect and respond to mobile security threats.

This data also enables the SOC to detect zero-day exploits with greater probability, enabling security teams to address critical issues as early as possible.

Custom Samsung workbook template in Microsoft Sentinel, providing centralized visibility into mobile security threats across the Samsung device fleet.

Custom Samsung workbook template in Microsoft Sentinel, providing centralized visibility into mobile security threats across the Samsung device fleet.

 

Analytics rule template in Microsoft Sentinel, for detection and response to mobile security threats targeting the Samsung device fleet.

Analytics rule template in Microsoft Sentinel, for detection and response to mobile security threats targeting the Samsung device fleet.

 

Samsung Knox can detect up to 150 mobile security events, including suspicious URLs, unauthorized privilege escalations, and indicators of spyware and other malware.

For critical security events, the solution performs on-device enrichment by tagging them with MITRE ATT&CK® Technique IDs1, which are part of a globally accessible framework used to describe the specific methods or actions used by cyber attackers to compromise devices.

By knowing which security events are considered “high-value” events, SOC analysts can customize their detection and response efforts to prioritize critical issues first, thus boosting the overall effectiveness of mobile security strategies.

Jerry Park, EVP and Head of Global Mobile B2B Team, MX Business at Samsung Electronics, said:

“Together, Samsung and Microsoft are helping our customers across industries mitigate blind spots in their security operations and be better prepared to combat cybersecurity threats.”
“By combining the power of Samsung Knox Asset Intelligence with Microsoft Sentinel, businesses of all sizes can leverage centralized threat monitoring and enhance visibility into mobile security events for the first time, streamlining incident response.”

 

Erez Einav, Corporate Vice President at Microsoft, added:

“As mobile attacks grow increasingly sophisticated, Samsung Knox Asset Intelligence integration with Microsoft Sentinel helps ensure security operations teams have the actionable intelligence they need to identify and respond to mobile threats earlier, faster and more effectively.”

 

A proven advantage for endpoint security

The Knox-Sentinel integration can be leveraged by customers within their existing managed security services solutions like BlueVoyant, as well as by service providers like Avanade, to enable added-value mobile security operations and threat detection capabilities specific to Microsoft Sentinel

This offering also complements an enterprise’s existing security solutions, acting as a seamless addition to any mobile security tools that may already be in place.

Milan Patel, Global Head of Managed Detection and Response at BlueVoyant, said:

“The Samsung Knox and Microsoft Sentinel integration empowers customers with additional threat detection capabilities tailored to the mobile attack surface.”
"This new integration addresses the need for enhanced security visibility and coverage on mobile devices, which otherwise have more limited detection capabilities than traditional endpoints, such as laptops and servers, thereby ensuring consistent protection across both mobile and traditional IT infrastructure."

 

Jason Revill, Global Microsoft Security Technology Lead at Avanade, said:

“The Samsung Knox and Microsoft Sentinel integration uniquely provides high-value security signals from the Samsung mobile platform – across the device, OS, and security layer – enhancing our client’s detection and response capabilities.”
"This first-of-its-kind, easy-to-adopt Sentinel integration solution will offer additional threat intelligence, visibility, and automated responses for Knox-enrolled devices."

 

Take the next step toward a more secure future

The Samsung Knox Asset Intelligence for Sentinel solution is now ready and available for customers to download and try. Please join the Public Preview to enjoy the following benefits:

  • Comprehensive visibility: Monitor and manage mobile security threats across your enterprise fleet.
  • Seamless integration: Access Knox Asset Intelligence solution templates via the Azure Marketplace for a streamlined setup in your Azure environment.

To onboard and evaluate this solution, please visit our Knox Asset Intelligence - Sentinel Preview Page and ensure you meet the following pre-requisites:

  • Device Compatibility: Samsung Galaxy devices running Android 15 or higher.
  • UEM Management: UEM-managed devices, that can be enrolled into Knox Asset Intelligence.
  • Azure Subscription: Active Azure Subscription to deploy KAI solution template for Microsoft Sentinel.
  • Knox Asset Intelligence license: A license can be purchased as part of Knox Suite – Enterprise Plan. If you’re new to Samsung Knox, a 90-day trial license is also available. Click here to get started!

Reach out to your Samsung B2B account executive or visit Samsung Knox to contact a business sales expert today for onboarding information, and start your journey with confidence.

To learn even more, please see the Microsoft Tech Community Blog.

 

1 MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used as a foundation for the development of specific threat models and methodologies across the cybersecurity community.

Dies könnte Ihnen auch gefallen:
ZUM BLOG →
Knox Security
Enterprise cybersecurity to safeguard data and devices
Protect your data and devices from threats: Learn about best practices and advanced security solutions.
April 4, 2025
News
Expanding horizons: From managed to unmanaged devices
BYOD is here to stay. Samsung Knox and Cisco Secure Access now bring Zero Trust to unmanaged Galaxy devices—no VPN needed.
April 23, 2025
Knox Security
Enhance your existing Enterprise Mobility Management with Knox Suite
Boost your EMM with Knox Suite. Enhance device security, streamline enrolment, and gain advanced control for Samsung Galaxy devices.
April 3, 2025