May 19, 2016 By Ashwin Manekar 3 min read

Threats to man-made systems have been around almost as long as technology itself. In the late 1950s, for example, malicious actors compromised telephone networks to make free long-distance calls in a process called phone phreaking. The breaches were so easy that they could be done with an electronic blue box and a plastic toy whistle. It took almost 20 years for telecom vendors to build a robust monitoring and interrogation system to track these actors.

Today, system threats come in the form of network and computer security risks. These security threats are significantly more sophisticated and difficult to track — they’re often faceless entirely, and can even shapeshift as they penetrate deeply into an organization’s network, often costing organizations billions of dollars per year.

Addressing Issues With Real-Time Endpoint Inspection

To address these breaches, security vendors have developed various tools that specialize in certain domains. Sometimes these tools can be too narrowly focused, which makes it more difficult to identify security threats. The increasingly sophisticated attacks, combined with overly narrow tools, is compounded by a third problem: the lack of qualified security analysts on the market. In fact, security positions are expected to grow to 1.5 million by 2020, and many of these openings will remain unfilled.

Real-time endpoint inspection can be used to identify these threats before they become full-blown security issues, but this requires the proper tools and technologies.

There are four key features that security tools need to successfully hunt security breaches, tear down the fences created by narrowly scoped tools and look for anomalies and patterns without requiring specialized skills. These characteristics include asking intuitive questions, collecting quality data, sharing interrogation results and fixing the basic issues.

Watch the on-demand webinar: Interrogate Endpoints With Intuitive Questions – Get Intelligent Answers

Ask Intuitive Questions

Security tools should provide an ability to ask intuitive questions about endpoints. They must support basic actions to seek information that is either hidden or out of range. Security analysts need an easier way to find endpoints satisfying specific conditions, locate an application and its details or even seek out active connections to endpoint IP addresses.

System administrators would benefit from the capability to perform policy and system checks and view system configurations. Additionally, operators who are trying to close down their help desk tickets would like easier access to basic information such as disk size, application version and endpoint names.

Security tools should provide an interface that makes it easier to create these questions, share them with the community or have the option to keep them private to declutter the workspace. They should also provide a library of intuitive questions that can speed up endpoint interrogation.

Get Quality Data

Recently, there has been a lot of buzz around natural language-based search and interrogation techniques. While that makes for a nice headline and a good marketing campaign, a prospective client should pause to understand the purpose behind endpoint interrogation before taking that kind of claim at face value.

The fundamental goal behind real-time endpoint inspection is to get access to accurate information as quickly as possible. Organizations are looking for a trawl that can catch high-quality data so that they can fix the issue quickly and secure the premises. Security tools should have built-in expertise so they can look beyond the fences of the surrounding tools — reducing the need for specialized skills to access relevant endpoint data.

To get this kind of high-quality, real-time data, security tools should directly interrogate against the data definitions of surrounding tools. A catchy marketing headline touting natural language capabilities cannot mask the need for actual high-quality data itself. When it comes to endpoint security, every moment spent refining the interrogation and pouring through layers of results leaves systems vulnerable and exposed. The ability to respond quickly and accurately is critical.

Share Interrogation Results

Traditionally, the focus of security tools has been improving access to endpoint data at the expense of readability or the ability to share within the community. Cutting/copying/pasting endpoint data in an email or spreadsheet was the de facto management process for years. But productivity and presentation tools excelled tremendously, making it too expensive for various security solutions to provide better built-in reporting and sharing capability.

The endpoint interrogation capability of security tools should return results that can be easily shared with the community via email or other collaboration methods. These results should be read as an action document for operation teams or as a finished document to represent current security posture to stakeholders.

Fix the Basic Symptoms and Advanced Issues

Some security tools do a decent job of providing interrogation results but require users to do a tremendous amount of manual work to fix both basic symptoms and advanced issues. Seamless integration with the remediation capability of incident response tools is an expectation that should be fulfilled. Systems should provide the ability to view endpoint details and deploy custom, targeted actions to fix the issue in question or even add the result set in a to-do list for future actions.

IBM BigFix has been providing vast amounts of endpoint intelligence data over the past two decades. BigFix finds, fixes and secures endpoints — fast. To learn more about endpoint interrogation from BigFix, watch our on-demand webinar “Interrogate Endpoints With Intuitive Questions. Get Intelligent Answers.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today