Human beings are creatures of habit. We do things a particular way because that’s how we’ve always done them, and we often continue until someone shows us a better approach.

Historically, assessing and remediating IT security and compliance were two separate processes. The security group assessed compliance gaps, while the operations team took steps to remediate risks.

The problem? Today’s cybercriminals are working at a faster pace and have a plethora of advanced free tools at their disposal. They’re better funded, and they aren’t hindered by change cycles or limited IT resources. Consequently, an increasing number of breached organizations are publicly admitting that even though their assessment tools told them everything about the exploits they incurred, they lacked the tools and processes to fix them fast enough, across all endpoints and on and off the corporate network. This delayed “time to compliance” is negatively affecting organizations’ profits and brand equity at an alarming rate.

Zero-Day Threats Require Real-Time Incident Response

Having multiple tools can bog down the remediation process, and a breach is the worst time to address vulnerabilities. Having thousands of endpoints both within your network and in remote locations can significantly affect your time to remediation during a zero-day attack. It could be days or weeks by the time your endpoints are remediated, by which time you could have suffered significant financial and reputational damages from a breach.

You need a tool that can enforce continuous compliance with security configuration policies that will shrink your remediation window from days or weeks to minutes or hours in order to minimize the damage a breach can do to your organization.

You Can’t Manage What You Can’t See

Many failed audits result from poor visibility into endpoint vulnerabilities due to endpoint configuration “drift” or the inability to rapidly deploy and confirm the application of patches and updates. Siloed approaches generally offer poor visibility into assets. Aggregating information from multiple tools to achieve full visibility can be expensive and not timely enough for good decision-making.

Given today’s mobile workforce and global companies that have assets distributed across several locations, you need to get broad and detailed visibility in real time to fix roaming and distributed endpoints.

Continuous Compliance Is a Must-Have

Traditional compliance solutions are reactive — that is, triggered by an upcoming audit rather than conducted continuously as part of ongoing best practices. As a result, organizations scramble to show compliance within audit time frames. This approach is driven by the separation of assessment activities from remediation tasks, introducing a time lag and increasing the chance of noncompliance with key technical controls. Continuous closed-loop compliance must be enforced on every individual endpoint to ensure near-real-time compliance at all times regardless of network connectivity and across a variety of platforms.

Content Matters

A typical organization has between 100 and 5,000 security checks it must apply to ensure policies are being followed. Larger, more complex organizations — especially those with high regulatory reporting requirements — may have significantly more policies. Organizations may have to enforce one or more of various checklists, such as those based on the benchmarks from the Center for Internet Security, the U.S. Government Configuration Baseline and the U.S. Federal Desktop Core Configuration, as well as hardening guides published by the U.S. Defense Information Systems Agency Security Technical Implementation Guides and the U.S. National Institute of Standards and Technology.

Given the limited IT resources and budget, organizations need a solution that provides these checks in an out-of-the-box format. This helps them enforce the right compliance levels depending on the industry and business environment in which they operate without an increase in costs.

Compliance Reports and Risk Assessment

As previously discussed, the traditional scan-based approach to determine compliance levels can take days or weeks. During this period, endpoints can fall out of compliance by the time the scan is complete. This results in inaccurate and outdated compliance reports that can negatively affect an organization’s security posture and possibly expose it to noncompliance fines.

What you need is real-time information on compliance levels from all endpoints — fixed, mobile and remote — to ensure reports are accurate and you aren’t subject to a security exposure or noncompliance fines.

System Resources Remain Costly

Network-based scanning can affect network performance, while manual validation can interfere with user productivity. Given that endpoints can also be mobile and in remote locations, traditional network-based scan technology will require multiple relays at every location, further straining resources. Having multiple agents for various functions and checks will degrade user performance.

Infrastructure Costs Add Up

Having more tools to manage means higher costs — in software and hardware as well as administrative overhead. The different skill sets required to administer the various tools that organizations typically use translates into a need to employ many resources to manage endpoints instead of working on high-value growth projects that are crucial to an organization’s success in today’s competitive landscape.

How to Achieve Continuous Compliance

What if you could achieve continuous compliance with a solution that integrates assessment, remediation and validation? This is precisely how thought-leading organizations use IBM Endpoint Manager™ to bridge the gap between security and IT operations with common tooling and reporting for the continuous compliance of security, operational and regulatory policies.

IBM Endpoint Manager is highly scalable and has a single management server that supports more than 250,000 endpoints regardless of where they reside. IBM Endpoint Manager’s integrated, automated assessment and remediation delivers accurate, nondisruptive systems and security management with an intelligent agent residing on every endpoint that requires less than 2 percent CPU and 10 to 15 MB RAM.

When it comes to identifying and remediating breaches, time is of the essence. IBM Endpoint Manager represents a proven, cost-effective approach to ensure continuous compliance across all endpoints — on and off the network.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read