Light Dark
February 1, 2018 By Teresa Worth 4 min read
Endpoint

Endpoint management is typically the responsibility of the IT operations or infrastructure teams, not the security team. So why should security care about endpoint hygiene?

Pervasive Endpoint Vulnerabilities

Attacks come from all directions, and many of them originate on endpoints. In fact, according to IDC, 70 percent of successful breaches begin at the endpoint. As of this writing, the National Institute of Standards and Technology (NIST) is tracking 100,311 known CVE vulnerabilities in its National Vulnerability Database (NVD). Of these, 15 percent were new vulnerabilities identified in 2017.

The Ponemon Institute’s “2017 State of Endpoint Security Risk” report found that 69 percent of companies believe that endpoint security risk to their organizations has significantly increased over the past 12 months, yet only 36 percent have adequate resources to address the risk. Most companies take an average of 100 to 120 days to patch vulnerabilities. In addition, many companies have critical vulnerabilities that go unpatched altogether.

Further complicating matters, up to 67 percent of systems administrators have trouble determining which patches need to be apply to which systems. A Gartner report titled “It’s Time to Align Your Vulnerability Management Priorities With the Biggest Threats” revealed that many security teams struggle to prioritize the most important threats. It’s no surprise, then, that vulnerability management is one of the most significant problems facing the security industry. Without adequate visibility into potentially infected endpoints across the enterprise, teams often patch these vulnerabilities in a non-directed, broad-based manner, which can leave endpoints vulnerable to the most damaging attack vectors.

Watch the on-demand Webinar: Show Your Endpoints Some Strategic Love

Eight Steps to Improve Endpoint Management and Security

When new vulnerabilities are announced, IT teams must quickly query endpoints to understand which devices are at risk and determine their level of exposure. Once a remediation path is determined, security personnel must collaborate closely with infrastructure teams to ensure that the highest-priority patches are rolled out as quickly as possible to prevent exploitation of these new vulnerabilities. But this can get tricky, especially for organizations with remote locations and low bandwidth, or locations that only occasionally connect to the corporate network.

Below are eight best practices to help security professionals improve endpoint management:

  1. Use an endpoint management solution that supports bandwidth throttling so that remote endpoints can be continuously patched and secured rather than having to sporadically send IT resources to remote locations. (Hint: Check to see if bandwidth consumption can be set to less than 5 percent. This will ensure that remote productivity is not impacted while reducing IT time spent on patching and minimizing operational expenditures.)
  2. Consider an endpoint management that that delivers patches via the internet – without requiring corporate network access. This ensures that internet-facing systems are patched in a proactive, timely manner rather than IT having to wait for these devices to visit the corporate network before they can be scanned and remediated. (Hint: Look for cloud based content creation capabilities – This saves significant IT staff time that would have been spent creating patch packages.)
  3. Evaluate the scalability and administrative overhead of endpoint management solutions to accommodate tight budgets and future growth. Look for solutions that can support many endpoints using a single management server and make sure to understand how many IT resources will be needed to manage the solution on a daily basis. (Hint: Many companies can manage up to 250,000 endpoints using a single management console with one or two administrators.)
  4. Consolidate endpoint management tools. Use a single tool to patch systems across Windows, Mac and variations of Unix operating systems to simplify administration, minimize the number of open network ports, and reduce the number of active agents on endpoints. (Hint: Look for solutions that require only a single open network port to minimize risk.)
  5. Validate that the endpoint management solution provides accurate, real-time endpoint data and reports. End users make changes to endpoints all the time and information that is hours or days old may not reflect a current attack surface. (Hint: Seconds matter when under attack and real-time querying and reporting enables security teams to better prioritize patches based on actual risk.)
  6. Apply patches that address the highest levels of risk first based on current endpoint status. This gives the biggest impact from remediation efforts. (Hint: Aligning patching order to descending risk levels addresses the biggest and most serious vulnerabilities faster to better reduce overall attack surface.)
  7. Make sure the endpoint management solution enforces regulatory and corporate compliance policies on all endpoints constantly to avoid unintended drift and introduction of new vulnerabilities. (Hint: Not only does this reduce risk, it makes passing security and regulatory audits faster and easier saving IT organizations time and money.)
  8. Finally, check to see what other applications integrate with the endpoint management solution. (Hint: Look for tools that enable security teams to see endpoint data within existing security information and event management (SIEM), incident response and endpoint detection and response (EDR) tools to streamline remediation prioritization.)

Endpoint Security Is a Daily Battle

Endpoint landscapes change constantly, and keeping up with these changes can be challenging. End users download unapproved applications all the time, some of which can contain malware. Operating system and application patches are difficult to prioritize and are not always successfully applied the first time, especially on remote or roaming endpoints with low bandwidth or inconsistent corporate network connectivity.

Visibility into endpoint status can be inaccurate, incomplete and ineffective. This increases the time and effort IT must spend on endpoint management and can impact your budget — as well as your weekends, credibility and even job security. Together, these things make passing regulatory and security audits difficult. What’s worse, it increases your attack surface and risk.

Let’s face it: Endpoint management and security is a daily battle. That’s why you need a solution that helps you discover, manage and secure your endpoints faster, more easily and more consistently.

Read the report: CISOs Investigate — Endpoint Security Peer-Authored Research

 |  |  |  |  |  |  | 
Teresa Worth
Portfolio Product Marketing Manager - Endpoint Security (BigFix)

More from Endpoint
November 28, 2023

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 5, 2023

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature