Human beings are creatures of habit. We do things a particular way because that’s how we’ve always done them, and we often continue until someone shows us a better approach.
Historically, assessing and remediating IT security and compliance were two separate processes. The security group assessed compliance gaps, while the operations team took steps to remediate risks.
The problem? Today’s cybercriminals are working at a faster pace and have a plethora of advanced free tools at their disposal. They’re better funded, and they aren’t hindered by change cycles or limited IT resources. Consequently, an increasing number of breached organizations are publicly admitting that even though their assessment tools told them everything about the exploits they incurred, they lacked the tools and processes to fix them fast enough, across all endpoints and on and off the corporate network. This delayed “time to compliance” is negatively affecting organizations’ profits and brand equity at an alarming rate.
Zero-Day Threats Require Real-Time Incident Response
Having multiple tools can bog down the remediation process, and a breach is the worst time to address vulnerabilities. Having thousands of endpoints both within your network and in remote locations can significantly affect your time to remediation during a zero-day attack. It could be days or weeks by the time your endpoints are remediated, by which time you could have suffered significant financial and reputational damages from a breach.
You need a tool that can enforce continuous compliance with security configuration policies that will shrink your remediation window from days or weeks to minutes or hours in order to minimize the damage a breach can do to your organization.
You Can’t Manage What You Can’t See
Many failed audits result from poor visibility into endpoint vulnerabilities due to endpoint configuration “drift” or the inability to rapidly deploy and confirm the application of patches and updates. Siloed approaches generally offer poor visibility into assets. Aggregating information from multiple tools to achieve full visibility can be expensive and not timely enough for good decision-making.
Given today’s mobile workforce and global companies that have assets distributed across several locations, you need to get broad and detailed visibility in real time to fix roaming and distributed endpoints.
Continuous Compliance Is a Must-Have
Traditional compliance solutions are reactive — that is, triggered by an upcoming audit rather than conducted continuously as part of ongoing best practices. As a result, organizations scramble to show compliance within audit time frames. This approach is driven by the separation of assessment activities from remediation tasks, introducing a time lag and increasing the chance of noncompliance with key technical controls. Continuous closed-loop compliance must be enforced on every individual endpoint to ensure near-real-time compliance at all times regardless of network connectivity and across a variety of platforms.
A typical organization has between 100 and 5,000 security checks it must apply to ensure policies are being followed. Larger, more complex organizations — especially those with high regulatory reporting requirements — may have significantly more policies. Organizations may have to enforce one or more of various checklists, such as those based on the benchmarks from the Center for Internet Security, the U.S. Government Configuration Baseline and the U.S. Federal Desktop Core Configuration, as well as hardening guides published by the U.S. Defense Information Systems Agency Security Technical Implementation Guides and the U.S. National Institute of Standards and Technology.
Given the limited IT resources and budget, organizations need a solution that provides these checks in an out-of-the-box format. This helps them enforce the right compliance levels depending on the industry and business environment in which they operate without an increase in costs.
Compliance Reports and Risk Assessment
As previously discussed, the traditional scan-based approach to determine compliance levels can take days or weeks. During this period, endpoints can fall out of compliance by the time the scan is complete. This results in inaccurate and outdated compliance reports that can negatively affect an organization’s security posture and possibly expose it to noncompliance fines.
What you need is real-time information on compliance levels from all endpoints — fixed, mobile and remote — to ensure reports are accurate and you aren’t subject to a security exposure or noncompliance fines.
System Resources Remain Costly
Network-based scanning can affect network performance, while manual validation can interfere with user productivity. Given that endpoints can also be mobile and in remote locations, traditional network-based scan technology will require multiple relays at every location, further straining resources. Having multiple agents for various functions and checks will degrade user performance.
Infrastructure Costs Add Up
Having more tools to manage means higher costs — in software and hardware as well as administrative overhead. The different skill sets required to administer the various tools that organizations typically use translates into a need to employ many resources to manage endpoints instead of working on high-value growth projects that are crucial to an organization’s success in today’s competitive landscape.
How to Achieve Continuous Compliance
What if you could achieve continuous compliance with a solution that integrates assessment, remediation and validation? This is precisely how thought-leading organizations use IBM Endpoint Manager™ to bridge the gap between security and IT operations with common tooling and reporting for the continuous compliance of security, operational and regulatory policies.
IBM Endpoint Manager is highly scalable and has a single management server that supports more than 250,000 endpoints regardless of where they reside. IBM Endpoint Manager’s integrated, automated assessment and remediation delivers accurate, nondisruptive systems and security management with an intelligent agent residing on every endpoint that requires less than 2 percent CPU and 10 to 15 MB RAM.
When it comes to identifying and remediating breaches, time is of the essence. IBM Endpoint Manager represents a proven, cost-effective approach to ensure continuous compliance across all endpoints — on and off the network.
Worldwide Business Unit Executive
Mark Phinick is a contributor for SecurityIntelligence.