How endpoint security and management are consolidating [Q&A]
Securing endpoints used to be a simple matter of installing a firewall and antivirus solution and then keeping them updated.
But as threats have become more sophisticated, networks more complex and working patterns have shifted away from the office, securing and managing endpoints has become a much greater problem for enterprises.
We spoke to Ashley Leonard, founder and CEO at Syxsense, to find out what's changed and how enterprises can meet the challenge.
BN: What's changed in endpoint security and management over the last few years and what challenges are organizations facing today?
AL: More than a decade ago, endpoint security solutions were basically run-of-the-mill antivirus solutions aimed at protecting network assets against malware. But no one expected these attacks to evolve so quickly. Increased complexity and the sheer volume of attacks has pushed IT teams to expand their endpoint security toolboxes to include things like data loss prevention and encryption.
Over the past several years endpoint security has become even more sophisticated, adding layers of additional services like patch management and vulnerability scanning. These new capabilities not only help secure endpoints, manage patching, and meet compliance regulations, but also streamline and simplify the overall management burden faced by IT, which is being inundated with alerts and notifications. With endpoint security and IT management now being packaged together, organizations have more control over every endpoint device on a network so they can secure business-critical resources quickly while streamlining operations.
BN: How is technology consolidation impacting the endpoint security space?
AL: Technology consolidation is about simplifying systems and making them more holistic. There's a large amount of research about the value of tool consolidation and the impact of 'tool sprawl' on IT teams. In the security space, consolidation has been a major trend over the last five to 10 years, although endpoint security has lagged. Given the rise in endpoint threats over the last several years, vendors are working to remedy that challenge.
As threats continue to get more and more complex, security teams need to do more with less. Having one consolidated interface that provides a more universal look at their security environment helps them get in front of any future attacks, patching vulnerabilities, or compliance miscues. And having more capabilities across the endpoint and IT management space means IT pros and security analysts can waste less time jumping from tool to tool.
Tool consolidation also has the benefit of lessening the attack surface of customers. Unifying patch management and vulnerability remediation to a single agent means less likelihood of exposure. Of course, the key benefit is a more unified approach to risk mitigation and compliance. Many current threats involve both patching and remediation together, and having these capabilities in a single console makes mitigation simpler and quicker.
BN: What is Unified Security and Endpoint Management (USEM) and what are its benefits?
AL: We've seen a dramatic shift across networks over the last several years, first with digital transformation, then with the pandemic accelerating cloud and remote workforces. All of this has led to unprecedented numbers of endpoints and the need to manage risk more uniformly.
Unified Security and Endpoint Management (USEM) is a new term used to describe products that combine IT management, patch management, and security vulnerability scanning and remediation of endpoints (laptops, desktops, servers, mobile devices and IoT devices) into one centralized platform. This enables organizations to manage, detect, and secure all endpoints across a network. This consolidation also reduces an organization's exposure to threats by scanning all the endpoints for threats, alerting and facilitating for any patching needs, enabling devices to be easy quarantined, and ensuring compliance is documented. Previously, IT endpoint management and security endpoint management were handled by disparate tools.
BN: How does USEM fit into a broader cybersecurity strategy?
AL: As previously mentioned, the pandemic forced a large percentage of the workforce to work from home, and many of them ended up linking their personal devices to corporate networks. This of course caused a significant uptick in network-connected endpoints, which in turn grew the number of attack surfaces threat actors could potentially exploit. For most organizations, the deluge in endpoints has brought substantial increased risk, with IT teams struggling to both manage and secure their endpoints in real-time. In essence, the medieval security model of a castle with strong outer walls but little-to-no internal protection has collapsed. The line of defense urgently needs to move directly to the endpoint.
This has really shone a light on the value of USEM. It fits perfectly into a broader cybersecurity strategy that allows IT or security teams to consolidate tools and streamline workflows -- especially at small or mid-sized organizations with smaller IT teams, in essence enabling companies of all sizes and sophistication to implement SOAR (security orchestration automation and response) strategies. And because these solutions not only alert on issues, but also allow teams to remediate and fix issues in real-time, there’s immense time savings. This results in more protection, more productivity, and more cost savings.
BN: When talking about endpoints, how is that applied to zero trust?
AL: Zero trust is based on the concept of 'never trust, always verify,' and that of course applies to endpoints as well. The sheer amount of data moving around in the world continues to grow and, as data travels across and to endpoints, those endpoints become an attractive target for threat actors. One of the main principles of zero trust is micro-segmentation, which, when applied to endpoints, can prevent the spread of peer-to-peer threats by only granting users access to the specific resources they need. When endpoint security and zero trust work together, it makes for a stronger, more integrated security strategy.
As companies of all sizes work to implement a zero trust strategy, they will come to rely heavily on endpoint protection tools such as Syxsense, to act in the role of a 'Trust Evaluation Engine', reporting on the current security posture of the device. These types of tools communicate with the network access controller to report on the patch status of the device (how many unpatched vulnerabilities there are) as well as the configuration security status (how many current threats remain unmitigated) which allows the network access controller to make a determination on how much network asset access should be allowed.
BN: How do you think the endpoint security market will change and evolve over the next five years?
AL: The prevailing security strategy of the past decade of providing a hardened exterior perimeter, while continuing to provide a 'soft, chewy interior' will change, with protection focusing on the most prevalent point of threat: the endpoint computing devices (laptops, desktops, servers, mobile devices and IoT devices.)
SOAR tools will continue to enable more rapid and more automated response. In many ways, the prevalence of automated remediation workflows that operate with little or no coding or scripting will 'democratize' the security role within companies.
Image credit: AlexLMX/ Shutterstock