Making each endpoint resilient is paramount to implementing a successful defense strategy
Media coverage of data breaches (e.g., Cisco, Flagstar Bank, South Denver Cardiology Associates) often puts a spotlight on the tail end of the cyberattack life cycle, focusing on the exfiltration points rather than how the threat actor got there.
Post-mortem analysis has repeatedly found that the most common source of a hack is compromised credentials that are subsequently used to establish a beachhead on an end user device (e.g., desktop, laptop, or mobile device). In such instances, endpoints serve as the main point of access to an enterprise network and therefore are often exploited by malicious actors. That’s why it is not surprising that a Ponemon Institute survey revealed 68 percent of organizations suffered a successful endpoint attack within the last 12 months.
Most IT teams rely on specialized software to manage and secure the endpoint, which serves as the primary work utensil for today’s anywhere workforce. Endpoint management remains a foundational component of any IT team’s enterprise infrastructure strategy. The rapid pivot to a work from anywhere workforce however threw a curve ball to organizations which were employing more traditional approaches.
When establishing visibility and security controls across endpoints, IT and security practitioners need to understand that each endpoint bears some or all responsibility for its own security. This is different from the traditional network security approach, in which case established security measures apply to the entire network rather than individual devices and servers. Thus, making each endpoint resilient is paramount to implementing a successful defense strategy.
The State of Endpoint Management
At a minimum, organizations therefore should deploy simple forms of endpoint management and security like unified endpoint management as well as anti-virus or anti-malware software across their entire fleet of devices. Many organizations are going beyond these simple measures and nowadays leverage endpoint security technology that encompasses encryption, intrusion detection, and behavior-blocking elements to identify and block threats and risky behavior, either by end users or intruders. However, as the sheer number of devices in the enterprise as well as the average number of applications installed on those systems has increased dramatically, so has the complexity that IT and security teams have to deal with. In turn, administrators often see endpoint management as a commodity process that consumes too much time and prevents them from focusing on other strategic priorities.
At the same time, users expect consistent and good quality experiences no matter where they are. Ultimately, users want their technology to work, and they don’t care what happens in the backend if they can reliably and consistently access the resources they need. This means IT needs a higher level of visibility when users work from anywhere, to ensure a consistent experience regardless of location.
Trends Driving the Future of Endpoint Management
To address these challenges, industry experts foresee further simplification and modernization to occur across endpoint management tools. Three distinct trends account for the specific requirements of the new work from anywhere era:
• Native endpoint security integration: More and more organizations understand that a secure endpoint goes hand-in-hand with secure access and that it has become essential for a modern security posture to establish resilient Zero Trust principles from the endpoint to the network edge. 51 percent of organizations have seen evidence of compromised endpoints being used to access company data. Thus, a software-defined perimeter or Zero Trust Network Access (ZTNA) approach can no longer rely solely on contextual factors like time-of-day or geolocation when granting users access. It also needs to consider device configuration, device security posture, etc. In the future, most IT and security practitioners will want a combined endpoint and secure access platform to unify visibility and control to address risk across endpoints, applications, and network.
• Survivable, self-healing, and trustworthy systems: Making each endpoint resilient is paramount to implementing a successful defense strategy. Self-healing cybersecurity systems represent a major security and IT productivity advancement, allowing organizations to streamline the management and protection of today’s highly distributed infrastructures. Any enterprise endpoint can only be dependable if it functions as intended and without disruption. Employees can intentionally or unintentionally undermine their endpoints by installing unsupported third-party applications or becoming the victim of phishing attacks. There are plenty of malicious threat actors exploiting human error to disable existing security applications on enterprise devices.
To remediate against such compromises, a self-healing solution ensures that vital applications are monitored for tampering, degradation, and failure. Automation can be employed to repair or even reinstall the problematic or missing app. However, not all self-healing cybersecurity systems are built equally.
Self-healing can exist on three levels: the application, the operating system, and within the firmware. According to Forrester Research, firmware-based tools that ship embedded within the device will “prove the most essential” because it will ensure that everything running on the device works correctly (e.g., endpoint agents, VPNs, and software). Due to its privileged position in the device, the technology remains persistent even if admins reimage the endpoint or replace the hard drive. In the future, organizations should insist that their vendor of choice demonstrates persistence and self-healing capabilities before making a final purchase decision.
• Focus on consistent end user experience: Besides IT manageability and core security aspects, organizations need to focus on the remote worker itself and assure they have the insights and visibility from endpoint to network edge impacting the end user experience. This includes device issues (e.g., outdated OS systems, hard drive capacity), home office Wi-Fi and network issues, VPN tunnel performance issues, and problems with the applications itself (e.g., due to software decay, collision, or malicious activity), allowing IT to quickly identify the root cause and remediate the issues. In turn, many organizations have turned to digital experience monitoring (DEM) tools to help identify technology performance issues and align application performance to support business objectives. In the future, leading endpoint management tools will incorporate gathering end user experience telemetry and analysis natively into their products.
The modernization of endpoint management strategies is currently well underway. Incorporating the above-mentioned trends will result in better digital employee experience, improved operational efficiency, and a reduced attack surface.