Category: Data Visibility & Protection

What Do the City of Houston, Government of Canada, Eir, and Raley’s Supermarkets Have in Common?

This article was originally published in IT Pro Portal.
A Texas city, the Canadian Northwest Territories government, an Irish telecom provider, and a California supermarket chain. What ties them together? They were all impacted by headline-making data breaches involving the theft of data from an endpoint device.
Unfortunately, the string of incidents is not surprising given that 70 per cent of data breaches today originate on the endpoint and 15 per cent of them are caused by lost or missing devices. Not to mention major U.S. metros are still on alert as the “smash-and-grab” crime trend continues with cities like San Francisco reporting about 73 car break-ins per day in August alone, with laptops on the list of most in-demand and easy-to-snatch items.
It’s estimated that by 2020, the global spend on IT security is predicted to total a staggering $128 billion. But the physical thefts of laptop devices from office places, cars or otherwise, are still causing pain in the form of data leakage, exposure and regulatory issues. There are valuable lessons to be learned here, especially when endpoint breaches can be devastating to an organisation in terms of fines, reputational damage, lawsuits, and irreparable damage to customer trust.
To help organisations strengthen their endpoint security postures, we took a lens to several notable incidents that prove how vulnerable our endpoints continue to be and outlined our key takeaways:

Irish telecom company, Eir leaks data of 37,000 customers: The data of 37,000 customers of Ireland’s largest telecom provider, Eir, was compromised when an unencrypted device was stolen from outside an office building. The laptop contained personally identifiable information (PII) including names, email addresses, phone numbers, and Eir account numbers. It had been decrypted by a faulty security update the previous working day. The company was forced to report the incident to the police as well as the Data Protection Commissioner.
Stolen laptop exposes data of 10,000 Raley’s customers: Raley’s experienced a data breach affecting 10,000 pharmacy customers. The data included sensitive patient information as well as identification numbers and prescription drug records. Raley’s could not confirm whether the data had been accessed or misused, nor could they confirm if encryption was in place.
Stolen laptop compromises Houston’s health plan: A laptop stolen from an employee’s car may have contained protected health information (PHI) records of the city’s staff, including names, addresses, dates of birth, social security numbers, and medical information. The organisation couldn’t tell if data was accessed or if encryption was in place, so they had no choice but to treat the incident as a data breach.
Stolen laptop exposes health data of 80 per cent of N.W.T. Residents: A laptop was stolen from a locked vehicle in Ottawa, Ontario containing PHI of 33,661 residents of Canada’s Northwest Territories. The data included names of patients’ names, their birth dates, home communities, healthcare numbers, and, in some cases, medical conditions. The stolen laptop was a new device so the encryption process either failed or was missed.

Lessons learned
These examples show how easy an unnecessary breach can occur. But when one laptop is stolen every 53 seconds, according to Gartner, and the average total cost of a data breach is $3.92 million, it is wise to ensure organisations have measures in place to prevent putting their data at risk. Here are the top three takeaways we can apply to endpoint security strategy, as risks continue to heighten in today’s IT landscape:

Lack of visibility is a common denominator. There is a common thread across all of these cases: a lack of endpoint visibility and an inability to prove that data protection technology was in place and functioning at the time the device went missing. In addition, there was no way to know if data was accessed post incident and certainly no way to ensure the device was remotely disabled and all personal data deleted. When it comes to endpoint data protection, you’ve likely already purchased the necessary security tools, namely device encryption. The Raley’s case, though, is a reminder that there are unencrypted devices out there and attackers know it. Organisations must have the visibility to know that their controls are, in fact, turned on and working. There’s massive risk associated with not knowing the answer.

The efficacy of endpoint security tools diminishes significantly over time. Despite the increase in IT security spending, endpoint attacks are still common. Recent research shows investment in security is wasted as endpoint controls predictably decay. The reasons vary, from controls being disabled by users to underlying services becoming disabled or broken and/or communication channels inside of the operating system (OS) breaking or experiencing disruption in some way. There is no scarcity of tools and controls. The problem is that these things are not naturally resilient. If you’ve got multiple agents on the device, beware that complexity is in itself a vulnerability and understand that less may, in fact, be more. IT, security, and risk professionals are wise to focus on streamlining and simplifying when it comes to securing their organisations’ data.

Endpoint security is endpoint resilience. It may be counter intuitive, but endpoint controls are fragile. Compromise happens not because there are no guards, but often because controls compete for resources and some thrive while others fail, which defeats the goal of safeguarding data, systems and assets.

It’s important to understand that security tools conflict and collide, and that where there is friction there is decay. We must also acknowledge that these tools must be deliberately controlled in order to improve endpoint resilience.
Back to the basics
Building endpoint resiliency and improving endpoint security requires us to get back to the basics of cybersecurity and hone in on the most critical elements for ensuring data protection at scale: people, process, and technology. It is only then that organisations can start to buck the trend of spending more of their IT budget on endpoint security while still seeing endpoint data breaches grow in frequency and severity.

Tracking & Recovering Missing Devices After the Holidays

If you’re an IT professional in education, you know that missing and stolen devices are an unfortunate reality of the holidays. Students, faculty and staff become more pre-occupied with merrymaking than keeping devices safe. Not only is the holiday season prime time for thieves to stock up on valuable electronics left in airports, vehicles and cafes, but it’s also common for students and staff to misplace school-owned devices at home or while traveling. With mid-year inventories coming up, it’s inevitable that there will be plenty of missing and stolen devices.
Greater Visibility and Control
In December, Absolute introduced a new Missing Devices feature whereby Absolute customers can now track, locate, and recover missing devices. Customers now have the capability to easily understand where their devices are, who’s using them, and how to locate them — information previously only available to law enforcement. Customers can now flag devices as missing, track them within a single report, and receive an automatic alert the next time they connect to the internet. This empowers users to either self-locate a missing device and contact the student or faculty member directly, or verify that the device has been stolen so that they can file a Theft Report, provided that they are willing to prosecute and have reported the incident to law enforcement.
Absolute’s team of reliable Investigators, with a total of 115 years of combined law enforcement experience, will then immediately begin an investigation, assist the police, and facilitate the safe return of the stolen device. Absolute Resilience for Education customers may also be eligible for a Service Guarantee; a warranty to back our proven ability to recover stolen devices, provided that the police report is uploaded within 30 days of the customer submitting the theft report and other conditions are met.
This feature represents a new degree of visibility and control for our customers. At a time where technology investment safeguards have never been more critical, Absolute is leading the way in supporting educators demonstrate ROI.
To learn more about how to track and recover missing devices with Absolute, watch this webinar.

Achieving Enterprise Resiliency Requires A Cyber-Committed Board

This article was originally published in Forbes. 
Today, 84% of the total value of the Fortune 500 is comprised of intangible assets. This means that for most major businesses, the value of digital assets, data and intellectual property (IP) is five times greater than that of physical assets. And the core DNA of their businesses, the thing that most needs protecting, lives in the virtual.
As those assets increasingly come under attack due to cyber hacking, fraud or negligence, companies find themselves scrambling to deploy more and more security controls — at a time when the forecasted worldwide security spend is expected to spike to nearly $134 billion in 2022. This trend represents an astronomical investment in defending against the rapidly escalating risk, but has yet to yield a deceleration of cyberattacks.
Against this landscape, the role of the board also continues to evolve — with an increasing expectation that board members bring a basic level of cyber competence to their roles. October was National Cybersecurity Awareness Month, so it seemed an appropriate time to share a few guiding principles that I believe are central to building and fostering cyber awareness, engagement and commitment at the board level.
Recognize cyber risk as a business risk
Cyber risk is not an elusive, cryptic puzzle that cannot be clearly measured and articulated. The same thinking that we apply to corporate governance and managing financial, operational or legal risk can and should be applied to cyber risk. From setting the vision and establishing a framework for success to ensuring investment and overseeing auditing controls, these are the things that boards need to be doing in partnership with management — especially from early on in the operation.
Let’s use financial risk as an analogy. Not all board members are deemed financial experts, but they have competency in understanding the company’s financials, which controls are in place, which additional controls are needed and who is auditing the testing of these controls. The same framework should be applied to cyber risk. Where is the real value in the company, and what are the real risks to those assets? These two questions should be your starting point. From there, all of the same questions apply: Which controls are in place? Which additional controls are needed? How are they being tested, and how do we map against the industry? Will cyber risk be a topic across the board, within specific audit meetings, or within some other committee?
Know how to define ‘enough’
Asking the right question, “Are we doing enough?” is critical. But sound cyber competence means also having the ability to answer the question. It requires the ability to define “enough” in the context of that particular business and the appetite for risk, as well as how to know if “enough” is really working. What makes this especially tricky is that there is no one-size-fits-all formula for measuring risk. It’s possible for an organization to spend an infinite amount on cyber protection and never achieve perfection. And this question can quickly start to feel like an unanswerable one.
I know this from my own personal experience. During my time at Citigroup, I had the opportunity to look deeply at online financial fraud. Similar to cyber mitigation, where you know you will never get to zero, it is important to understand what your level of risk tolerance actually is to help determine what success looks like. Given the nature and scope of your business, what is regrettable versus unacceptable? For example, a board would view employees having personal content on enterprise devices very differently from a nation-state attack or misused consumer data.
Boards should be having open discussions with management to determine where the lines need to be drawn, what is most important, what is achievable and in what investment envelope.
Make resiliency the end goal
Resiliency, by definition, is the ability to bounce back. Achieving enterprise resiliency requires not just the ability to mitigate cyber risk, but also to respond, recover and heal quickly from both real as well as perceived damage.
When the call comes that you’ve been compromised, it cannot be the first time you’re having a conversation about how to respond. Talking through things like escalations, communications, disclosures and communication to customers, partners and regulators, is a worthy exercise for the board and management to undertake together. What are the thresholds? How and when will it be communicated to the board? What are the board’s responsibilities in these scenarios? This is another area where external facilitators can play a helpful role.
As we move forward, enterprise resiliency will increasingly become core to a company’s agility in a crisis. Boards will continue to use acute cyber awareness to drive fundamental shifts in how organizations think about cyber risk and bring forward new ways to build successful, resilient enterprise security strategies.
For more on how to achieve enterprise resiliency with Absolute, visit Absolute.com.

Building your Case for School Technology Budgets

By 2025, technology spend in K-12 is forecasted to reach $342 billion. But with school districts around the nation continuing to face serious budget crises, technology in the classroom must be fought for despite its innovative learning properties.
There’s no arguing the cost of rolling out Edtech programs like one-to-one computing and similar initiatives requires significant investment in devices, applications, bandwidth and more. The expectation for every school board then is a demonstrable return. To ensure sustainable student technology programs, administrators must be able to show the positive effects of their technology investments. ROI matters.
The best indicator of ROI is almost always found within learning outcomes but getting to the data that proves technology is escalating scores in this area isn’t always easy.
Data-driven Insights
With a one-device-for-every-student program, an important metric to monitor is device use. But use should go far beyond simple distribution figures including how are devices being used. Are they being to their full potential on campus or are they left idle? What does student web activity look like? How many times does a device leave the classroom? Are devices being used at home and for how long?
In our recent study of 3.2 million anonymized K-12 endpoint devices, Cybersecurity and Education State of the Digital District in 2020, we found devices are actually too-often underutilized. 21 percent were used for <1 hour per day and 60 percent of devices weren’t used by students at home.
For more on device use in schools, read: Cybercriminals Take Aim at K-12
With this and similar such district-wide data, administrators can assess student groups or even individual users and make more informed decisions on improving academic performance.
This kind of analytical information comes only with full visibility of the devices in your endpoint inventory, however. With this kind of insight, you should also have extensive control over those devices, no matter whether they are on or off the district network. Where are they, what are they running, and are their security applications working as they should?
Endpoint Visibility, Control & Resilience
Full visibility and control over these devices will mitigate risk, improve operational efficiency, ensure internet safety policies are adhered to and, when done right, demonstrate compliance so that future discounts from such organizations as e-Rate and Student Support and Academic Enrichment (SSAE) are possible.
Full visibility and control over your device population also provides you with another very powerful capability – endpoint resilience. Making the most of the devices you have, both in and out of the classroom, will improve learning outcomes. Making the most of the tools you have on those devices will tell you whether or not they are working as they should or if they are exposing your district to cyber risk.
For more on how to prove classroom technology ROI and mitigate the risk that technology inevitably brings to students, educators and staff, watch our latest episode of Cybersecurity Insights, K-12 Education 1:1 Programs. And while you’re at it, be sure to subscribe to the Cybersecurity Insights playlist on YouTube.

How Klein Independent School District Maximizes Their 1:1 Program

Technology in our schools enables modern learning paths and brings a new level of innovation to the classroom. While it is inarguable that technology has enriched the lives of students, it has also introduced significant risk. Today’s K-12 technology leaders are faced with a multitude of challenges brought on by high-tech learning environments including student, faculty and staff safety and privacy, growing IT complexity, device loss and/or theft and demonstrable resource ROI. To track, manage, repair and recover across more than 37,000 endpoint devices, the Klein Independent School District (ISD) in Klein, Texas turned to Absolute.
Maximizing a One-to-One Computing Program
Klein ISD is known for its innovative culture and dedication to leveraging technology to empower students and staff to harness the latest advancements in education. It made perfect sense then when they deployed a one-to-one computing program that provisions one device for each student.
For the last ten years, Klein ISD has leveraged Absolute for its ability to provide a single source of truth into their device fleet and manage them remotely. They also rely on Absolute for deep analytics on device use and the protection of student, faculty and staff data. To deploy Absolute, Klein ISD simply activated the technology already embedded in each device at the manufacturer.
“Initially, stop loss was the primary reason we chose Absolute, but what keeps us at the table today is their ability to provide us with more information about what’s being stored on the devices and what’s being utilized,” said Chris Cummings, Information Technology, Teaching & Learning, Klein ISD. “I continue to choose Absolute because of their innovation. They help us stay ahead of compliance and offer the latest advantages to our students and faculty.” 
Peace of Mind
Nationally, cybersecurity spend is on the rise. The 2019 CIO Agenda K-12 Education Industry Insight report from Gartner found that 47 percent of K-12 organizations plan to make cybersecurity their primary investment. However, recent research by Absolute found that, in the complex world of endpoint security, increased security spending does not equate to increased safety. In fact, every additional security tool only increases the probability of failure as agents and controls conflict with one another on the endpoint.
According to global Absolute research, Cybersecurity and Education: The State of the Digital District in 2020, 38 percent of patch agents require at least one repair monthly and 28 percent of encryption agents fail monthly. Without visibility and control of endpoint devices, students and districts are exposed.
For Klein ISD, this meant a reliance on Absolute for their tamper-proof device visibility and control for a persistent, self-healing connection between IT and all devices, whether they are on or off the network.
“It’s one thing to implement a security program; it’s another to measure the effectiveness of your security program,” Cummings added. “And with Absolute, we’re able to verify just how effective our program really is.”
Understanding what’s happening on the devices, responding to suspicious events, and empowering applications to persist and automating their restoration when incidents occurs is the key. To learn more about how Klein ISD benefits from Absolute, download the full case study: The Power of Persistence Maximizes Klein Independent School District One-to-One Computing Program.

Absolute CEO Christy Wyatt Recognized as Top 50 Women Leaders in SaaS of 2019

This week, The Software Report released their Top 50 Women Leaders in SaaS of 2019. It’s a distinguished group and their list of accomplishments across the software industry is both impressive and inspiring. We’d like to congratulate all the 2019 leader awardees and give a special shout out to one honoree in particular – our CEO Christy Wyatt.

Christy’s first-position ranking comes as a result of her ‘dedication to solving Absolute customers’ greatest enterprise resiliency challenges’ and long pedigree of leadership roles across the software industry. Congratulations to everyone on the Top 50 and our own Christy Wyatt!
Read the full list here.

It’s Time To Solve K-12’s Cybersecurity Crisis

This post was originally published in Forbes magazine by Louis Columbus.

There were a record 160 publicly-disclosed security incidents in K-12 during the summer months of 2019, exceeding the total number of incidents reported in all of 2018 by 30%.
47% of K-12 organizations are making cybersecurity their primary investment, yet 74% do not use encryption.
93% of K-12 organizations rely on native client/patch management tools that have a 56% failure rate, with 9% of client/patch management failures never recovered.

These and many other fascinating insights are from Absolute’s new research report, Cybersecurity and Education: The State of the Digital District in 2020​, focused on the state of security, staff and student safety, and endpoint device health in K-12 organizations. The study’s findings reflect the crisis the education sector is facing as they grapple with high levels of risk exposure – driven in large part by complex IT environments and a digitally savvy student population – that have made them a prime target for cybercriminals and ransomware attackers. The methodology is based on data from 3.2M devices containing Absolute’s endpoint visibility and control platform, active in 1,200 K-12 organizations in North America (U.S. and Canada). Please see full report for complete details on the methodology.
Here’s the backdrop:

K-12 cybersecurity incidents are skyrocketing, with over 700 reported since 2016 with 160 occurring during the summer of 2019 alone. Educational IT leaders face the challenge of securing increasingly complex IT environments while providing access to a digitally savvy student population capable of bypassing security controls. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations. As of today, 49 school districts have been hit by ransomware attacks so far this year.

“Today’s educational IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy, and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute.
Research from Absolute found:
K-12 IT leaders are now responsible for collectively managing more than 250 unique OS versions, and 93% are managing up to five versions of common applications. The following key insights from the study reflect how severe K-12’s cybersecurity crisis is today:

Digital technologies’ rapid proliferation across school districts has turned into a growth catalyst for K-12’s cybersecurity crisis. 94% of school districts have high-speed internet, and 82% provide students with school-funded devices through one-to-one and similar initiatives. Absolute found that funding for educational technology has increased by 62% in the last three years. The Digital Equity Act goes into effect this year, committing additional federal dollars to bring even more technology to the classroom. K-12 IT leaders face the daunting challenge of having to secure on average 11 device types, 258 unique operating systems versions and over 6,400 unique Chrome OS extensions and more, reflecting the broad scale of today’s K-12 cybersecurity crisis. Google Chromebooks dominate the K-12 device landscape. The following graphic illustrates how rapidly digital technologies are proliferating in K-12 organizations:

42% of K-12 organizations have staff and students regularly bypass security endpoint controls using web proxies and rogue VPN apps, inadvertently creating gateways for malicious outsiders to breach their schools’ networks. Absolute found that there are on average 10.6 devices with web proxy/rogue VPN apps per school and 319 unique web proxy/rogue VPN apps in use today, including “Hide My Ass” and “IP Vanish.”  Many of the rogue VPN apps originate in China, and all of them are designed to evade web filtering and other content controls. With an average of 10.6 devices per school harboring web proxies and rogue VPN apps, schools are also at risk of non-compliance with the Children’s Internet Protection Act (CIPA).

While 68% of education IT leaders say that cybersecurity is their top priority, 53% rely on client/patch management tools that are proving ineffective in securing their proliferating IT infrastructures. K-12 IT leaders are relying on client/patch management tools to secure the rapidly proliferating number of devices, operating systems, Chrome extensions, educational apps, and unique application versions. Client/patch management agents fail 56% of the time, however, and 9% never recover. There are on average, nine daily encryption agents’ failures, 44% of which never recover. The cybersecurity strategy of relying on native client/patch management isn’t working, leading to funds being wasted on K-12 security controls that don’t scale:

“Wyatt continued, this is not something that can be achieved by simply spending more money… especially when that money comes from public funds. The questions they each need to be asking are if they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without key foundational elements of a strong and resilient security approach in place – things like visibility and control, it becomes nearly impossible to protect your students, your data, and your investments.”
Providing greater device visibility and endpoint security controls while enabling applications and devices to be more resilient is a solid first step to solving the K-12 cybersecurity crisis. Thwarting the many breach and ransomware attacks K-12 organizations receive every day needs to start by considering every device as part of the network perimeter. Securing K-12 IT networks to the device level delivers asset management and security visibility that native client/patch management tools lack. Having visibility to the device level also gives K-12 IT administrators and educators insights into how they can tailor learning programs for broader adoption. The greater the visibility, the greater the control. K-12 IT administrators can ensure internet safety policies are being adhered to while setting controls to be alerted of a suspicious activity or non-compliant devices, including rogue VPNs or stolen devices. Absolute’s Persistence platform provides a persistent connection to each endpoint in a K-12’s one-to-one program, repairing or replacing critical apps that have been disabled or removed.
You can download the full Absolute report here.

5 Things to Check Off Your Security Checklist in October

October is National Cybersecurity Awareness Month, and the very existence of this ‘holiday’ affirms it is more important than ever to make sure your digital data is secure. To help get you on the right track, we’ve put together a quick security checklist of five simple, but impactful, steps you can take to better protect yourself today. 
1) Update your Operating System.
Updates and patches for your Operating System and applications are made available almost daily.  In many cases, these updates and security fixes are essential to keep your computer healthy and your data safe. If you find it tiresome keeping on top of these important updates, turn on Auto-Update.
2) Download, Activate and Keep Antivirus, Anti-malware and Firewall Software Up to Date.
Antivirus, anti-malware and firewall software can protect your device and data from malicious activity in the form of corrupted files, attack code and processes. Don’t forget to install, activate and keep these essential security features up to date.
3) Pay Attention to Passwords.
Strong password hygiene is worth emphasizing and repeating. Don’t use the same password for everything; use unique combinations of 8-14 uppercase and lowercase letters, numbers, and non alphanumeric characters. You must also make sure to keep your passwords somewhere safe. Storing them digitally in an encrypted password protector is often a good choice, but you can always write them down in a book the old-fashioned way.
4) Backup your Important Files.
Determine what’s mission critical, and create and keep multiple backups of your most important data, just in case. Store the files in the cloud via a trusted service provider; on secure flash drives or external hard drives; or using physical media like DVDs. If the unthinkable happens and your primary machine is corrupted, lost, or stolen, you’ll be glad you did.
5) Do not click on suspicious links or open questionable attachments received via email.
Even if (you think) an email comes from someone that you know, use caution. Phishing and email scams are a persistent method of computer infection. Always double check the sender’s email address, attachment filenames and extensions for abnormalities. If it doesn’t feel genuine, it probably isn’t.
Have you already taken these precautions? Do you travel with your laptop often? Absolute Home & Office can provide an extra layer of security and control by enabling you to Locate your machine on a map, Lock or Delete it’s contents remotely or, in the case of an actual theft, communicate with authorities to Recover it. Absolute Home & Office Premium is available for 33% off until October 31st.

Absolute Named Leader in G2 Fall 2019 Grid Report for Endpoint Management

Thanks to high levels of customer satisfaction and positive reviews from verified users, G2 has – for the second time this year – named Absolute a leader in the Fall 2019 Grid Report for Endpoint Management Software. Absolute ranked 10th overall out of 150 total vendors in the category, and was named a top vendor based on positive verified user reviews and high levels of customer satisfaction. The reviews highlight the power of the Absolute platform in delivering endpoint security and resiliency.
With more than 790,000 verified user reviews on the platform, G2 helps buyers make more informed purchasing decisions, allowing them to compare the best software and services for their needs based on peer reviews, satisfaction scores, and synthesized social data.
“Absolute is the last-stand in our IT security profile. I like how it integrates with the BIOS to do its thing most of all. Once installed, it’s essentially and hands-off piece of software. And because it is at that low level it can do many things that similar software cannot. But I would be remiss if I didn’t mention the ability to track and recover lost or stolen laptops.” – Senior Network Administrator/IT Manager
Christy Wyatt, CEO of Absolute had this to say about inclusion in the recently released G2 Grid Report: “We are honored and grateful that our customers are willing to go to bat for us and publicly recognize our product innovation, execution, and dedication to continuous optimization and improvement. At Absolute, our number one goal is to be a trusted partner in making our customers more resilient and deliver the visibility, persistence, and intelligence they need to securely and confidently move their businesses forward.”
Get the full G2 Fall 2019 Grid Report for Endpoint Management Software here. To learn more about what real users have to say about Absolute or to leave your own review, visit our G2 profile.

How Machine Learning Can Avert Cyber Disasters

High winds capable of downing power lines across a very-dry Northern California are causing officials to shutoff power this week for hundreds of thousands of residents. The decision came as a way to reduce the threat of wildfires in an area already hard-hit by natural disaster.
Mother Nature is once again flexing her powerful muscles and Californians are left to cope as best they can, with the information they have. This week’s weather event is yet another example of why researchers are working on how to use machine learning (ML) as a disaster preparedness and response tool. Because machines can quickly analyze massive amounts of data from numerous sources, the goal is to use that information to help community leaders and emergency response teams make more informed decisions.
Like natural disaster preparedness and response, ML also has important implications for endpoint security and the disaster that could originate on an endpoint while under cyberattack. As our CTO, Nicko van Someren explains in the below video prepared for National Cybersecurity Awareness Month, ML is key to improved security by way of a direct pull through from IT asset management.
An IT Asset Management Job with a Security Outcome
Within the context of IT asset management, organizations are busier than ever trying to manage the growing number of endpoint devices, applications and data. IT complexity has reached all-time highs. ML has been a very valuable tool for managing that complexity and, while doing so, can also make direct contributions to better security and more resilient endpoints. With the power of ML, you’re not only gaining improved visibility into your assets, you’re learning more about the actions and events happening there and finding patterns.
With patterns inevitably come outliers and so often, that’s where vulnerabilities hide. Being able to recognize outliers and remediating any resulting risk is how endpoints – and enterprises – become more resilient.
As Nicko explains: “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space.”
The growing number of assets is a challenge, certainly. And as security becomes an increasingly critical risk, organizations have been layering on more and more security tools – ten or more agents on each endpoint, says our research. But increased security spend does not equate to improved security. That much is painfully clear. Instead, you’re left with a complex environment full of competing, fallible agents and, consequently, a false sense of security.
Visibility is key and ML can deliver a complete data set that then gives you invaluable insight on what is happening on your endpoints. This way, you can work to reduce complexity and improve endpoint resiliency.
To learn more about the role of ML with IT complexity, watch our newest Cybersecurity Insights video below. And, subscribe to our complete YouTube series.
Complexity is Killing IT

Loading

Categories