Cyber Resilience for Endpoints: Managing and Securing a Diverse Range of Devices
With the advent of remote work, endpoints have become a rich target for cyberattacks. While traditional protections such as antivirus software, patching, and endpoint detection and response (EDR) are important, they don’t fully address today’s risks.
A threat actor can learn a lot about your environment and processes by getting access to an endpoint. Once an endpoint has been compromised, attackers can move laterally through the network and gain access to critical resources.
While most organizations do a good job of protecting known, “trusted” devices such as company-managed PCs and laptops running on the company network, there’s plenty of activity coming from “untrusted” personal devices.
Smartphones and tablets, in particular, are inherently more difficult to secure because some of the functionality available on workstations isn’t available on these devices. For example, users can’t hover over links on a phone and employees who let their guard down for a moment may click on a dodgy link in a text message or email. Yet, today’s workforce expects the flexibility to use personal devices to access files, attend online meetings, receive and respond to emails, and conduct other business.
You Can’t Protect What You Don’t Know About
At this point, most organizations are using EDR because it helps IT teams identify and contain events and provides deeper insight into the context of what’s happening at the endpoint: what processes are running and what the user is doing.
But EDR doesn’t provide holistic visibility into what endpoints are active, their configuration, health, OS and software versions, patches, and which devices are managed by the organization and those that aren’t.
Since you can’t protect what you don’t know about, you can’t respond to an event on an endpoint you don’t know about. In essence, without comprehensive endpoint visibility, you’re leaving the front door open.
Improving Endpoint Security for Better Cyber Resilience
The challenge for IT teams is to enable the flexibility for employees to use untrusted devices for work while minimizing threats. To do that, endpoint security must go beyond patching, antivirus, and EDR to include centralized mobile device management, deeper visibility into every endpoint, and hardening security for company-managed devices.
Hardening Device Configurations
Perhaps the best place to start in improving endpoint resilience is with initial device provisioning. Unfortunately, many organizations don’t consistently roll out hardened baseline configurations for their new Windows PCs, Macintoshes, and other devices. This leaves the door open for threat actors because they know what the manufacturer’s default configurations are and use them to launch exploits.
Before they’re shipped to users, devices should be provisioned using a standard image that’s hardened to ensure that unnecessary services are turned off and critical resilience features like encryption are turned on. Doing this manually will inevitably lead to missed steps and unnecessary exposure due to inconsistent configurations, so the provisioning process should be automated as much as possible using services such as Microsoft Intune and Windows Autopilot.
Consistent provisioning also improves cyber resilience by providing a more consistent experience for IT teams to enforce standards and troubleshoot issues. In the event of an adverse condition, IT teams have a quick, consistent method of drilling down to remediate an issue, whether it’s using EDR to isolate a device, running vulnerability scans, or patching where needed.
Centralizing Device Management with MDM
The next step in improving endpoint resilience is having a centralized device management platform that supports both company-managed and personal devices. For example, mobile device management (MDM) platforms give IT teams visibility into desktops, laptops, smartphones, and tablets to manage tasks like patching and software updates and enforce policies and restrictions.
Improving Endpoint Visibility
One of the biggest challenges in protecting endpoints is a lack of centralized visibility into what devices are on the network. Without visibility into device activity, you don’t have the ability to detect if something malicious is happening. With centralized visibility, the challenges presented by personal devices are minimized.
Centralized visibility collects device information from multiple tools to provide quick, easy-to-access information and context on every device connected to the network. This helps IT teams better understand vulnerabilities in devices connected to the network, including applications running and accounts being used.
Cyber Asset Attack Surface Management — CAASM
An emerging approach to centralized endpoint visibility is cyber asset attack surface management (CAASM), which enables IT teams to overcome challenges to asset visibility and exposure. CAASM gives IT teams quick, consistent visibility into all endpoints across your environment by pulling information from all your management tools, including MDM, cloud services, and network management tools. Once you know what’s out there, you can protect it.
CAASM shows what protections are in place on every endpoint. For example, it will show if there are endpoints that don’t have antivirus or EDR installed or if the configuration of a device is hardened to organizational standards. It also gives IT teams the ability to scan a device for vulnerabilities.
CAASM helps identify these types of gaps a lot faster than individually going into MDM, EDR, and other management solutions to pull information and manually compare lists. It’s always easy to miss something when relying on manual processes.
How Evolving Solutions Can Help
Every organization is unique in terms of its business opportunities, operations, and risks. While general advice can help you better understand how endpoint security can improve overall cyber resilience, you can benefit from partnering with an experienced consulting company that can help put endpoint security in context with your business objectives, technology stack, and risk profile.
Evolving Solutions can help you get a holistic view of your endpoint security strategy and tactics, help you get more value from the tools you already have, and recommend and implement additional solutions based on your business needs, such as CAASM and Microsoft Intune and Autopilot.
Endpoint security is crucial to an overall cyber resilience strategy. Evolving Solutions can help you protect your users and data so you can focus on running your business.