By Boyd White, Director, Technical Account Management, Tanium
Endpoint management is critical as agencies try to secure the knowns and unknowns in their IT environments. As cybercriminals become more sophisticated, IT teams need to not only mitigate known cyber breaches – but also need faster visibility and control when cybercriminals adapt their techniques. The recent threat of compromised software at SolarWinds is a good example of the quick pace in which agencies were forced to identify risks in record time and respond with never before expected speeds.
Traditionally, agencies have favored the myriad of compensating controls – mechanisms engineered to respond after a breach has occurred. This leads to tool sprawl – adopting too many one-off specialized solutions that complicate risk decision making. Too many tools negatively impact productivity, complicate management workflows, and dramatically inflate costs.
Too often, IT teams use compensating controls as a safety net, as they are easier to install and not nearly as complicated to manage as baseline controls – mechanisms put in place to protect information systems and endpoints before a threat occurs. Compensating controls should not be an agency’s primary defense. The efficacy rate of compensating controls dramatically decreases when it comes to blocking new threats.
These controls should be treated as the name describes, compensating for the rare occasion in which proper baseline controls around privileged access and code execution do not cover the threat. With compensating controls, IT teams will not know about a breach until it occurs – putting data and systems at risk, and creating more work to fix the issue after the fact.
Next generation software – antivirus, for example – is a type of compensating control designed to solve a specific problem. It was created to fill unprotected gaps in the network left by legacy antivirus software, and incorporates advanced technology to help agencies detect, respond to, and prevent various types of cyber threats in real-time.
But, do agencies need more next generation software or are they just chasing diminishing returns? Think of it like the evolution of cars – we created the seatbelt, then we created the airbag. But, we never got rid of the seatbelt. Next generation software is the airbag – and we don’t need more airbags. We need to know which cars are crashing and take them off the road – quickly. Agencies need to know where the gaps in their networks are so they can fill them. To do this, agencies need faster and more real-time visibility and control of their endpoints.
As agencies strengthen preventive security with baseline controls, they should adopt a holistic risk management approach that uses accurate and real-time data to reduce risk and improve security.
Leveraging a single platform that integrates endpoint management and security unifies teams, effectively breaks down the data silos and closes the accountability, visibility, and resilience gaps that often exist between IT operations and security teams. Hackers can no longer hide in the long timelines that it takes for teams to coalesce and remove threats.
A truly unified endpoint management platform approach also gives agencies end-to-end visibility across divisions, end users, servers, and cloud endpoints – giving them the ability to identify assets, protect systems, detect threats, respond to attacks, and recover at scale.
As agencies consider the opportunity to modernize security – investing in modern, advanced, intelligent, and flexible technology and advanced intel to secure users, endpoints, and information will deliver the best return on investment — and most important, best serve the mission.
About the Author
Boyd White is the Director of Technical Account Management at Tanium. Boyd has spent 15+ years of his life dedicated to advance the goals of information security in both the public and private sectors. In his spare time, he enjoys reading, tinkering with electronics, and playing video games. Boyd can be reached online at email@example.com, on LinkedIn, and at our company website http://www.tanium.com