Endpoint management is typically the responsibility of the IT operations or infrastructure teams, not the security team. So why should security care about endpoint hygiene?

Pervasive Endpoint Vulnerabilities

Attacks come from all directions, and many of them originate on endpoints. In fact, according to IDC, 70 percent of successful breaches begin at the endpoint. As of this writing, the National Institute of Standards and Technology (NIST) is tracking 100,311 known CVE vulnerabilities in its National Vulnerability Database (NVD). Of these, 15 percent were new vulnerabilities identified in 2017.

The Ponemon Institute’s “2017 State of Endpoint Security Risk” report found that 69 percent of companies believe that endpoint security risk to their organizations has significantly increased over the past 12 months, yet only 36 percent have adequate resources to address the risk. Most companies take an average of 100 to 120 days to patch vulnerabilities. In addition, many companies have critical vulnerabilities that go unpatched altogether.

Further complicating matters, up to 67 percent of systems administrators have trouble determining which patches need to be apply to which systems. A Gartner report titled “It’s Time to Align Your Vulnerability Management Priorities With the Biggest Threats” revealed that many security teams struggle to prioritize the most important threats. It’s no surprise, then, that vulnerability management is one of the most significant problems facing the security industry. Without adequate visibility into potentially infected endpoints across the enterprise, teams often patch these vulnerabilities in a non-directed, broad-based manner, which can leave endpoints vulnerable to the most damaging attack vectors.

Watch the on-demand Webinar: Show Your Endpoints Some Strategic Love

Eight Steps to Improve Endpoint Management and Security

When new vulnerabilities are announced, IT teams must quickly query endpoints to understand which devices are at risk and determine their level of exposure. Once a remediation path is determined, security personnel must collaborate closely with infrastructure teams to ensure that the highest-priority patches are rolled out as quickly as possible to prevent exploitation of these new vulnerabilities. But this can get tricky, especially for organizations with remote locations and low bandwidth, or locations that only occasionally connect to the corporate network.

Below are eight best practices to help security professionals improve endpoint management:

  1. Use an endpoint management solution that supports bandwidth throttling so that remote endpoints can be continuously patched and secured rather than having to sporadically send IT resources to remote locations. (Hint: Check to see if bandwidth consumption can be set to less than 5 percent. This will ensure that remote productivity is not impacted while reducing IT time spent on patching and minimizing operational expenditures.)
  2. Consider an endpoint management that that delivers patches via the internet – without requiring corporate network access. This ensures that internet-facing systems are patched in a proactive, timely manner rather than IT having to wait for these devices to visit the corporate network before they can be scanned and remediated. (Hint: Look for cloud based content creation capabilities – This saves significant IT staff time that would have been spent creating patch packages.)
  3. Evaluate the scalability and administrative overhead of endpoint management solutions to accommodate tight budgets and future growth. Look for solutions that can support many endpoints using a single management server and make sure to understand how many IT resources will be needed to manage the solution on a daily basis. (Hint: Many companies can manage up to 250,000 endpoints using a single management console with one or two administrators.)
  4. Consolidate endpoint management tools. Use a single tool to patch systems across Windows, Mac and variations of Unix operating systems to simplify administration, minimize the number of open network ports, and reduce the number of active agents on endpoints. (Hint: Look for solutions that require only a single open network port to minimize risk.)
  5. Validate that the endpoint management solution provides accurate, real-time endpoint data and reports. End users make changes to endpoints all the time and information that is hours or days old may not reflect a current attack surface. (Hint: Seconds matter when under attack and real-time querying and reporting enables security teams to better prioritize patches based on actual risk.)
  6. Apply patches that address the highest levels of risk first based on current endpoint status. This gives the biggest impact from remediation efforts. (Hint: Aligning patching order to descending risk levels addresses the biggest and most serious vulnerabilities faster to better reduce overall attack surface.)
  7. Make sure the endpoint management solution enforces regulatory and corporate compliance policies on all endpoints constantly to avoid unintended drift and introduction of new vulnerabilities. (Hint: Not only does this reduce risk, it makes passing security and regulatory audits faster and easier saving IT organizations time and money.)
  8. Finally, check to see what other applications integrate with the endpoint management solution. (Hint: Look for tools that enable security teams to see endpoint data within existing security information and event management (SIEM), incident response and endpoint detection and response (EDR) tools to streamline remediation prioritization.)

Endpoint Security Is a Daily Battle

Endpoint landscapes change constantly, and keeping up with these changes can be challenging. End users download unapproved applications all the time, some of which can contain malware. Operating system and application patches are difficult to prioritize and are not always successfully applied the first time, especially on remote or roaming endpoints with low bandwidth or inconsistent corporate network connectivity.

Visibility into endpoint status can be inaccurate, incomplete and ineffective. This increases the time and effort IT must spend on endpoint management and can impact your budget — as well as your weekends, credibility and even job security. Together, these things make passing regulatory and security audits difficult. What’s worse, it increases your attack surface and risk.

Let’s face it: Endpoint management and security is a daily battle. That’s why you need a solution that helps you discover, manage and secure your endpoints faster, more easily and more consistently.

Read the report: CISOs Investigate — Endpoint Security Peer-Authored Research

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …