This is the second blog in a two-part series about the hidden costs of endpoint management and how to avoid them. Be sure to read part one for the full story.

We all want faster, better endpoint management solutions at a reduced cost — but how? In part one of this series, we broke down the SANS Institute report, “Understanding the (True) Costs of Endpoint Management,” and identified the top five factors that increase endpoint management costs, from an overabundance of tools to deficient compliance enforcement.

Now that we’ve acknowledged these challenges, how can security teams address and overcome them? The good news is that there’s no big secret; it simply comes down to following well-established security best practices. Let’s dive in to some steps you can follow to avoid these incremental expenses while also reducing complexity and improving agility.

Consolidate the Number of Endpoint Management Tools in Use

Begin by evaluating your current tools: If they don’t help you reduce hidden costs, consider alternative solutions. Too many tools can impact agility and cause slowdowns within the endpoint management process. As analysts and administrators have to sift through more data and dashboards, the ability to effectively manage endpoints becomes more complex, subject to inaccuracies, and susceptible to response delays and other inefficiencies.

Let’s face it: It’s hard to manage multiple tools. To avoid these incremental expenses, consolidate the number of tools your organization uses with a single endpoint management solution across all operating systems (OSs). A single solution saves time and effort because you only have to go to one dashboard to determine how many endpoints are at risk or push patches.

This also helps reduce infrastructure costs because you won’t need as many management servers — and all their associated software — to gain visibility into your endpoints. This helps reduce software, maintenance, support and assurance costs. Finally, with fewer tools to manage, your IT staff will be able to quickly remediate threats and respond to information requests — and have more confidence in their answers.

Watch the on-demand webinar to learn more

Garner Visibility Across Your Endpoint Landscape

Access to timely, accurate endpoint information across the enterprise starts with comprehensive endpoint visibility — but it’s not always available or easy to obtain. Seeing only part of the picture is not enough, because you can’t fix what you can’t see.

Improve visibility by using a single solution that gives you the real-time information you need across all OSs throughout the enterprise. Make sure it provides up-to-date information on all endpoints, including those not currently on the corporate network at the time of query.

Next, verify the level of accuracy your endpoint security solution provides so you can be confident in your information and make sound decisions based on actual vulnerability exposure and risk.

Finally, make sure your solution provides endpoint information quickly so the data you collect is relevant and high-value. Together, these factors will enable you to effectively prioritize and respond to the most critical vulnerabilities in a timely manner.

Improve Patching Efficiency

Keeping up with the number and frequency of patching demands across mobile devices, servers and/or automated teller machines (ATMs) can be a struggle — one that is exacerbated by the sheer number of devices, OSs, dispersed locations, intermittent network connectivity and even slow bandwidth. Suboptimal first-pass patching success rates also tend to complicate things.

According to the SANS report, 68 percent of respondents had first-pass patch success rates below 90 percent, with 16 percent acknowledging rates below 60 percent and 12 percent admitting they didn’t know how successful they were on their first attempt to patch endpoints. Inefficient patching increases both costs and security risks by leaving endpoints open to attack. This impacts IT response time and consumes scarce resources.

To improve patching efficiency, follow a “build once, use many” methodology and look for a single endpoint management solution that enables you to create and apply patches, regardless of OS, across all your endpoints simultaneously — even those not on a corporate network or in locations with low bandwidth. Use a tool with as few patch dependencies as possible to further improve efficiency. The fewer the dependencies, the fewer things that can go wrong, and the more stable your patch agents and efforts will be in the long term.

Patch verification is another way to improve efficiency. Use a tool that not only checks to see if a patch was installed, but also performs a deeper inspection to see if the vulnerabilities the patch was supposed to update were in fact updated. For example, was the dynamic-link library (DLL) version updated, and is it now at the correct version level?

Drive Consistent Compliance Throughout the Enterprise

IT and security teams want to execute their company’s security mission, improve its security posture, and adhere to regulatory and corporate mandates. But achieving a steady state of compliance can sometimes be challenging.

To better enforce compliance and consistently remediate drift, use an endpoint management solution that supports relevant industry standards. Leverage prepackaged content for these standards, but also ensure that the tool can be customized for your unique environment. This will help simplify and shorten compliance efforts.

Verify that your solution actively and consistently enforces your endpoint compliance policies and make sure it automates the process of deploying or re-implementing your golden image consistently across all endpoints. In addition, use tools that can quickly and accurately verify endpoint compliance status to better understand your current attack surface and reduce risk. Finally, evaluate the reporting and trending analysis capabilities of your tool to ensure that you can adequately track compliance performance over time.

Automate and Integrate Endpoint Management and Security Tools

Let’s not forget about the importance of integration and automation. IT infrastructure and security teams have different responsibilities, are typically siloed and use different, nonintegrated tools. Over time, most organizations purchase multiple point products to address multiple emerging threats.

Security teams are typically responsible for identifying endpoint vulnerabilities and prioritizing remediation efforts, but they usually can’t make changes on endpoints and often don’t have the visibility to make well-informed decisions. On the other side, infrastructure teams, who are tasked with making changes on endpoints, can be overwhelmed by the number of tools and endpoints and the constant volume of required changes. Additionally, these teams often lack insight into risk rankings, so it’s hard to prioritize activities such as patching. This exacerbates the lack of visibility, inefficient processes, sporadic endpoint hygiene and inconsistent compliance problems we’ve previously outlined, and can also delay your ability to respond to potential threats and active attacks.

So where do you begin? Look for an endpoint security solution that enables automated and repeatable processes across OSs. Leverage a tool that enables you to build once and use many times, so you don’t have to re-engineer multiple times for different tools and OSs. Different tools provide data in different formats, which can impact your ability to quickly and accurately collate meaningful information and share data between systems. An endpoint management tool should support industry-standard application programming interfaces (APIs) such as Simple Object Access Protocol (SOAP) and Representational State Transfer (REST). This will enable easier, faster data collation and sharing since the data will be available in compatible formats and require less engineering effort to reformat into a common data set.

If you need custom integration work, understand the level of effort needed to share endpoint data with other applications. For example, does your existing tool incorporate common vulnerability information so you can evaluate and prioritize where to start when it comes to patching? How easily does your endpoint data integrate with your configuration management database (CMDB)?

If you are going down the custom integration path, start with integrations between your security information and event management (SIEM) and endpoint management tools. This will enable your security teams to have the visibility they need to assess endpoint vulnerability risk and prioritize patching for your operations teams. It will also reduce your attack surface and help ensure that your teams focus on the most important security risks first.

Reduce Costs With the Right Endpoint Management Solution

Endpoint management comes with its fair share of hidden, inherent costs. To reduce these costs, look for solutions with discovery capabilities that enable fast, accurate and comprehensive visibility into your endpoint landscape, regardless of whether endpoints are connected to a network. Regularly evaluate your endpoint management capabilities and consider options that enable you to consolidate tools and increase efficiency. Finally, look for an endpoint management solution that enhances security by constantly monitoring and enforcing security and compliance policies across all your endpoints.

Watch the on-demand webinar to learn more

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…