Why endpoint management is critical to your enterprise security strategy
Endpoints make the enterprise run, whether they are laptops or desktops running macOS, Windows or Linux; smartphones or tablets running iOS or Android; virtual machines or IoT devices. They’re found driving business on local networks, in remote offices and in the hands of traveling users.
However, endpoints also make the enterprise vulnerable. They are a favorite target of criminals who launch cyberattacks via ransomware, spyware, phishing and other malicious software. Over the past year alone, critical endpoint vulnerabilities have been discovered in popular OSs and applications and then exploited by WannaCry, Meltdown, Spectre, Petya, Fireball, Bad Rabbit and other harmful code. The challenge facing enterprises, then, is how to minimize the vulnerability of their endpoints and simultaneously maximize their value. While endpoint management is already a widely adopted IT practice, now is the time for IT teams to expand their efforts to include endpoint security. As we’ll see below, combining endpoint management and security can solve some of your most pressing issues.
The Endpoint Management Role in Security
Before we move forward, let’s take a minute to understand endpoint management from a functional point of view. Here, we’re talking about the following core functions:
- Auditing software and hardware details to let IT teams know what’s available and what’s being used in the enterprise.
- Deploying CRM, project management, productivity and other business applications to users.
- Running scripts to perform tasks such as backups, anti-virus and other software updates and troubleshooting.
- Automating day-to-day tasks such as remote control, remote wipe and remote wakeup/shutdown.
- Deploying policies such as printer configurations, browser settings, desktop wallpaper settings, and application whitelists and blacklists.
Now that we’re all on the same page, let’s see how endpoint management can help IT teams implement better security.
Improving Visibility
Effective endpoint management improves your visibility of the enterprise-wide endpoint population. For instance, agents installed on every computer, mobile device, and other endpoint can collect critical information on the endpoints’ OSs, applications, processors, RAM, HDDs/SSDs and other details.
In turn, you can use all of that hardware and software information to inform and improve your security strategy. Knowing the total number of endpoints in your enterprise can help determine how many people to put on your security team. Similarly, knowing the most popular OSs and applications can help determine the skill sets and certifications your team needs to ensure the endpoints are properly secured.
For example, the top 10 most vulnerable OSs in 2017 -- from most to least vulnerable -- were Android, Linux Kernel, iPhone OS, Mac OS X, Windows 10, Windows Server 2016, Windows Server 2008, Debian Linux, Windows Server 2012 and Windows 7. While Android had the most vulnerabilities, you may dedicate fewer security resources to it if you know that iPhone OS dominates your enterprise. Likewise, Windows XP didn’t make the list, but your security strategy must account for it if you have any XP endpoints on your network.
Hardening Endpoints
The next area in which endpoint management can improve security involves hardening the endpoints with standard security policies. This is a proactive approach that can minimize the risks in the event of an attack. Some of the more common policies include:
- Remove outdated hardware and OSs such as Windows XP.
- Blocking vulnerable applications such as file sharing apps that can send data from your enterprise network to a public network.
- Removing unused user accounts and unwanted shares.
- Setting password attributes such as length, complexity and expiration.
- Configuring firewall rules to allow access to whitelisted applications and deny access to backlisted ones.
- Securing browsers with a setting such as "do not allow cookies."
- Securing email with a setting such as "do not show images."
- Enabling conditional access, which blocks rooted or jailbroken devices -- and unmanaged endpoints -- from accessing the network and its applications.
- Whitelisting and blacklisting different USB devices and device types.
- Running check disk and clean disk commands to prevent network infiltration of malware and exfiltration of business data.
- Defining role-based access control at the user and group levels.
These standard security policies can be adopted as part of an endpoint management strategy. And based on industry reports, they should be. Verizon’s 2017 Data Breach Investigations Report reveals that 81 percent of hacking-related breaches leveraged either weak or stolen passwords. Meanwhile, Varonis research indicates that 65 percent of companies have over 1,000 stale user accounts and over 500 users with passwords that never expire. Varonis also reports that 58 percent of companies have over 100,000 folders open to every employee.
Fixing Vulnerabilities
Endpoint management can also help you fix vulnerabilities, and automating your endpoint management lets you proactively deploy security policies. When Microsoft, Apple and other vendors release patches for critical security issues, an automated strategy means that their updates and patches can be deployed to the endpoints as rapidly and reliably as possible.
For some vulnerability fixes, you will need the ability to remotely control the endpoints. A zero day update, for example, must be installed immediately, regardless of the endpoint’s location. Remote control gives your IT team one of the fastest ways possible to deploy that update.
Patching and updating should be seen as part of a bigger workflow that endpoint management needs to accommodate. In addition to deploying patches, you need to be able to 1) wake up remote endpoints when they are down so they can be patched and 2) shut down those endpoints after the patches have been applied. While those additional steps require extra time and effort, you can accelerate the entire workflow by automating it.
The rise in endpoint vulnerabilities and the need to address them are both well-documented. CVE Details notes that 14,714 vulnerabilities were reported in 2017, more than twice the 6,447 that were reported in 2016 and almost equal to the 12,787 that have been reported through September 2018. WhiteHat Security research estimates that close to 50 percent of applications are always vulnerable, with one or more serious vulnerabilities open every day of the year. The company also found that high-risk vulnerabilities take the most time to fix -- 196 days on average.
The need to address vulnerabilities systematically is highlighted by vulnerabilities such as Meltdown and Spectre, which can take weeks for vendors to mitigate with updates. A Barkly survey found that 50 percent of organizations don’t have a strategy for securing or isolating machines that can’t be patched right away. Worse, 80 percent found the Meltdown and Spectre patching process to be unclear, and 88 percent expressed frustration with the overall process.
Complying With Regulations
The last area we’ll cover is regulatory compliance. Here, endpoint management can lead to better security by helping you comply with government and industry mandates. In particular, endpoint management can collect the data needed to satisfy regulations such as the GDPR, PCI and HIPAA. It can also perform audits at the device and user levels as well as apply appropriate policies.
If your company is subject to the GDPR, for example, applying a data encryption policy would help ensure that data stored on corporate hard drives can’t be read if stolen or accessed by other, unauthorized personnel. And the Breach Level Index reveals the dizzying pace of data theft and loss. As of September 2018, data records are lost or stolen at a rate of 6,993,768 per day; 291,407 per hour; 4,857 per minute; and 81 per second. The Index notes that encryption was used in only 4 percent of breaches.
The Integrated Endgame
Integrated endpoint management and security is essential to tackle day-to-day security challenges, whether you need to act proactively or reactively. An integrated strategy can help increase the productivity of your IT team, rapidly secure endpoints, and provide first-level response to new vulnerability types such as Meltdown and Spectre. Ultimately, integrating endpoint management and security gives you the power to minimize the risks and maximize the rewards presented by your enterprise endpoints.
Image credit: AlexLMX/ Shutterstock
Mathivanan Venkatachalam is a vice president at ManageEngine, a division of Zoho Corp., where he has more than 20 years of experience building network management and endpoint management products. For more information on ManageEngine, the real-time IT management company, please visit www.manageengine.com; follow the company blog at http://blogs.manageengine.com, and on LinkedIn at www.linkedin.com/company/manageengine-, Facebook at www.facebook.com/ManageEngine and Twitter @ManageEngine.