This is the second blog in a two-part series about the hidden costs of endpoint management and how to avoid them. Be sure to read part 1 for the full story.
We all want faster, better endpoint management solutions at a reduced cost — but how? In part one of this series, we broke down the SANS Institute report, “Understanding the (True) Costs of Endpoint Management,” and identified the top five factors that increase endpoint management costs, from an overabundance of tools to deficient compliance enforcement.
Now that we’ve acknowledged these challenges, how can security teams address and overcome them? The good news is that there’s no big secret; it simply comes down to following well-established security best practices. Let’s dive in to some steps you can follow to avoid these incremental expenses while also reducing complexity and improving agility.
Consolidate the Number of Endpoint Management Tools in Use
Begin by evaluating your current tools: If they don’t help you reduce hidden costs, consider alternative solutions. Too many tools can impact agility and cause slowdowns within the endpoint management process. As analysts and administrators have to sift through more data and dashboards, the ability to effectively manage endpoints becomes more complex, subject to inaccuracies, and susceptible to response delays and other inefficiencies.
Let’s face it: It’s hard to manage multiple tools. To avoid these incremental expenses, consolidate the number of tools your organization uses with a single endpoint management solution across all operating systems (OSs). A single solution saves time and effort because you only have to go to one dashboard to determine how many endpoints are at risk or push patches.
This also helps reduce infrastructure costs because you won’t need as many management servers — and all their associated software — to gain visibility into your endpoints. This helps reduce software, maintenance, support and assurance costs. Finally, with fewer tools to manage, your IT staff will be able to quickly remediate threats and respond to information requests — and have more confidence in their answers.
Garner Visibility Across Your Endpoint Landscape
Access to timely, accurate endpoint information across the enterprise starts with comprehensive endpoint visibility — but it’s not always available or easy to obtain. Seeing only part of the picture is not enough, because you can’t fix what you can’t see.
Improve visibility by using a single solution that gives you the real-time information you need across all OSs throughout the enterprise. Make sure it provides up-to-date information on all endpoints, including those not currently on the corporate network at the time of query.
Next, verify the level of accuracy your endpoint security solution provides so you can be confident in your information and make sound decisions based on actual vulnerability exposure and risk.
Finally, make sure your solution provides endpoint information quickly so the data you collect is relevant and high-value. Together, these factors will enable you to effectively prioritize and respond to the most critical vulnerabilities in a timely manner.
Improve Patching Efficiency
Keeping up with the number and frequency of patching demands across mobile devices, servers and/or automated teller machines (ATMs) can be a struggle — one that is exacerbated by the sheer number of devices, OSs, dispersed locations, intermittent network connectivity and even slow bandwidth. Suboptimal first-pass patching success rates also tend to complicate things.
According to the SANS report, 68 percent of respondents had first-pass patch success rates below 90 percent, with 16 percent acknowledging rates below 60 percent and 12 percent admitting they didn’t know how successful they were on their first attempt to patch endpoints. Inefficient patching increases both costs and security risks by leaving endpoints open to attack. This impacts IT response time and consumes scarce resources.
To improve patching efficiency, follow a “build once, use many” methodology and look for a single endpoint management solution that enables you to create and apply patches, regardless of OS, across all your endpoints simultaneously — even those not on a corporate network or in locations with low bandwidth. Use a tool with as few patch dependencies as possible to further improve efficiency. The fewer the dependencies, the fewer things that can go wrong, and the more stable your patch agents and efforts will be in the long term.
Patch verification is another way to improve efficiency. Use a tool that not only checks to see if a patch was installed, but also performs a deeper inspection to see if the vulnerabilities the patch was supposed to update were in fact updated. For example, was the dynamic-link library (DLL) version updated, and is it now at the correct version level?
Drive Consistent Compliance Throughout the Enterprise
IT and security teams want to execute their company’s security mission, improve its security posture, and adhere to regulatory and corporate mandates. But achieving a steady state of compliance can sometimes be challenging.
To better enforce compliance and consistently remediate drift, use an endpoint management solution that supports relevant industry standards. Leverage prepackaged content for these standards, but also ensure that the tool can be customized for your unique environment. This will help simplify and shorten compliance efforts.
Verify that your solution actively and consistently enforces your endpoint compliance policies and make sure it automates the process of deploying or re-implementing your golden image consistently across all endpoints. In addition, use tools that can quickly and accurately verify endpoint compliance status to better understand your current attack surface and reduce risk. Finally, evaluate the reporting and trending analysis capabilities of your tool to ensure that you can adequately track compliance performance over time.
Automate and Integrate Endpoint Management and Security Tools
Let’s not forget about the importance of integration and automation. IT infrastructure and security teams have different responsibilities, are typically siloed and use different, nonintegrated tools. Over time, most organizations purchase multiple point products to address multiple emerging threats.
Security teams are typically responsible for identifying endpoint vulnerabilities and prioritizing remediation efforts, but they usually can’t make changes on endpoints and often don’t have the visibility to make well-informed decisions. On the other side, infrastructure teams, who are tasked with making changes on endpoints, can be overwhelmed by the number of tools and endpoints and the constant volume of required changes. Additionally, these teams often lack insight into risk rankings, so it’s hard to prioritize activities such as patching. This exacerbates the lack of visibility, inefficient processes, sporadic endpoint hygiene and inconsistent compliance problems we’ve previously outlined, and can also delay your ability to respond to potential threats and active attacks.
So where do you begin? Look for an endpoint security solution that enables automated and repeatable processes across OSs. Leverage a tool that enables you to build once and use many times, so you don’t have to re-engineer multiple times for different tools and OSs. Different tools provide data in different formats, which can impact your ability to quickly and accurately collate meaningful information and share data between systems. An endpoint management tool should support industry-standard application programming interfaces (APIs) such as Simple Object Access Protocol (SOAP) and Representational State Transfer (REST). This will enable easier, faster data collation and sharing since the data will be available in compatible formats and require less engineering effort to reformat into a common data set.
If you need custom integration work, understand the level of effort needed to share endpoint data with other applications. For example, does your existing tool incorporate common vulnerability information so you can evaluate and prioritize where to start when it comes to patching? How easily does your endpoint data integrate with your configuration management database (CMDB)?
If you are going down the custom integration path, start with integrations between your security information and event management (SIEM) and endpoint management tools. This will enable your security teams to have the visibility they need to assess endpoint vulnerability risk and prioritize patching for your operations teams. It will also reduce your attack surface and help ensure that your teams focus on the most important security risks first.
Reduce Costs With the Right Endpoint Management Solution
Endpoint management comes with its fair share of hidden, inherent costs. To reduce these costs, look for solutions with discovery capabilities that enable fast, accurate and comprehensive visibility into your endpoint landscape, regardless of whether endpoints are connected to a network. Regularly evaluate your endpoint management capabilities and consider options that enable you to consolidate tools and increase efficiency. Finally, look for an endpoint management solution that enhances security by constantly monitoring and enforcing security and compliance policies across all your endpoints.