Category: Data Visibility & Protection

Reducing Data Security Complexity: Avoiding Endpoint Bloat

According to Gartner, worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018. Today, 24 percent of the overall spend is allocated to endpoint security tools.
But there’s a dangerous downside to this investment: when tools collide, when they battle for resources, all fail. This reality renders systems and assets unprotected and vulnerable. Meanwhile, the organization is left with a false sense of security.
Complexity is the single largest contributing factor to the rising security failure rate. For starters, devices can have 10 or more endpoint security agents, and still, 70 percent of breaches originate on the endpoint and 100 percent of devices will experience an encryption failure within a year.
Recent research, which analyzed more than six million enterprise devices over a one-year period to uncover what causes security tools and agents to fail, found that nine out of 10 agents installed are from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
Ultimately, this means that multiple technologies exist on any given endpoint to perform the same task and the likelihood that these agents will conflict and collide with one another is high. But why? The answer lies in the fact that every control, app, and agent is tapping into hardware and software resources — a zero-sum game in which some feast while others starve.
Endpoint complexity also puts a strain on resources. A report by Ponemon found that 50 percent of companies require more than 35 full-time employees to manage their endpoints. The same report found that 425 hours are wasted weekly on false security alerts, likely due to conflicting endpoint agents sending convoluted signals back to SIEM solutions.
Fortifying the Endpoint
Today, endpoints are fragile, degrade quickly, and create unnecessary friction amongst each other. But investing more money on more security tools does not protect enterprises from threats. It triggers risk. Here are three tips to fortify the endpoint:

Reduce Complexity: Rather than spending more, IT and security teams should strive to reduce complexity on the endpoint and focus on ensuring that existing security tools are fortified, more resilient, and less inclined to fail. Measuring IT complexity entails identifying redundancy that is self-imposed by overloaded endpoints. Begin with these questions: Where is there agent creep, driver creep or app creep within your endpoints? What are all the OS types, device types, and client types within your organization? What is the lifecycle process?

Maintain Visibility:Once the complexity problem is reeled in, it is critical to achieve ongoing and true visibility across all device activity within and outside of your network.

Get Encryption Right: Encryption is the staple security tool most often taken for granted. While it can certainly provide protection, it is not a “set it and forget it” solution — whether disabled by users or through malfunction, encryption is regularly broken, disabled, misconfigured, or missing entirely. In fact, research shows, at any given point in time, over 42 percent of endpoints experience encryption failures.

Visibility is Key
In order to strengthen endpoint security and avoid endpoint bloat, enterprises need to unlock value from existing investments. Investing more money into exciting new technologies is pointless if basic measures – visibility, control, and resilience – are not operating effectively first. Specifically, IT and security leaders must create an environment which fosters a path to:

Intelligence: Knowing what’s happening across their device fleets

Command: Seamless and automated responses to security decay

Resilience: Regenerated broken/disabled controls, apps, and agents – security immortality

Take a moment to consider your own environment. Do you have an understanding that spans time and space (intelligence histories and universal sight to all devices)? Can you validate exposures are mitigated? Can you withstand the reliable and predictable march of security decay?
These are the questions our newly minted environments are ready to answer: Yes, I know the inner workings of each device and can model moves throughout the population. Yes, I can seize command, never lose my grip, and instantly reclaim security slides and yes, my security agents are now immortal, because I have taken steps to halt endpoint entropy with the unflinching power of persistence.
Whether agents, particularly security control agents, persist over time is the only metric worth our attention, because it puts a spotlight on the greatest hidden danger of all: the naturalness of security decay. Things fall apart. Rust never sleeps. Agents topple over.
Decay is the fate of all security agents. But if these serve as the foundation of our security goals or most technical expression of security intent, then what could possibly be more important? It’s also not a question of whether security decay is happening in your environment, you can rest assured it is. What must be asked is, will you persist through it? This question demands an answer.
Ideally, organizations reduce their overall security costs by monitoring how their endpoint controls work (or don’t) to reduce endpoint security decay. They validate safeguards and eliminate compliance failures. And they respond to threats and exposures with the confidence to control devices from anywhere.
As a result, organizations can eliminate spending on ineffectual technology, and reduce the number of agents, while ensuring that endpoints are more secure than ever. Sometimes less really is more.
Originally printed in Information Management
For more information on endpoint security tool degradation, download the 2019 Endpoint Security Trends report. 

The Complexity Gap

It’s no secret – the demand for trained, experienced cybersecurity professionals far exceeds supply. Enterprise Strategy Group (ESG) has been one of several organizations tracking the cybersecurity skills shortage and they have been sounding an alarm for many years. While a few tactical programs have attempted to address this shortfall, most view them more as lip service rather than a real solution.
Alarmingly, the situation appears to be getting much worse — as positions get filled with inadequately trained personnel or don’t get filled at all and the IT environment gets more complex, we increasingly experience a ‘complexity gap.’
Rise of Security Controls
As manpower dwindles, the threat landscape is rapidly expanding. IT environments today have an overwhelming number of distributed devices and a worldwide mobile workforce. Device resilience now requires exponentially more effort. Why? Because every control, app, and agent depends upon the same hardware and software resources on a device. They are in a zero-sum competition: some controls feast while others starve.
Read: 2019 Endpoint Security Trends Report
Consider how labor-intensive it is to see, control, respond to, and secure endpoints. The metrics involve IT and IT security staff, users, devices, and the growing number of controls within those devices. Each of these considerations come together in what can be called, “Device Hygiene Care.” Namely: what must be accounted for to keep devices secure and operating effectively? As the graph illustrates, ensuring that endpoints have sufficient hygiene has become increasingly difficult as device distribution grows and the skills shortage worsens.
In 2000, the value for Device Hygiene Care (C) was 2. IT resources were 2x higher than the level of effort required for device hygiene. In short, IT and IT security teams once had bandwidth: there weren’t too many controls, devices, or data distributed among worldwide users. Today, bandwidth is a thing of the past for nearly all IT and IT security groups. Personnel resources would have to be multiplied 12x (C-12) to have adequate coverage to achieve device resilience.
Widening Divide of Tools and People
Dealing with rising IT complexity risk is no easy task. Add to that the growing divide between IT complexity management and the personnel resources to support it and you get what I call the “Complexity Gap.” The graph below shows how the rise of more controls and devices is dramatically outpacing the staff needed to manage them all.
 

Where does this lead? According to ESG, 63% of IT professionals admit that the staff/skills shortage in their organization has had negative impact to security operations. Additionally, 40% stated that their cybersecurity team is too small and cannot keep up with the work demanded by the business, “the biggest contributor to security incidents.”
Growing Insecurity
The skills shortage and the complexity gap feed on each other and this leads to negative outcomes like data breaches, data integrity and compliance failures, criminal prosecution, limited value from existing tools, and delays to respond to the business’s needs.
When no one is minding the control switches, breaches happen.
For more information on the complexity gap, watch the video below. While you’re at it, subscribe to our full Cybersecurity Insights video series on YouTube.

 
Video Transcript
Hello! Josh here from Absolute. Today’s IT environments are brimming with complexity, let’s see what we can do about it.
Today, IT complexity is just part of the game.
This tangled web has turned endpoint resilience into a riddle. But how did that happen?
No more than 10 years ago – securing devices was straightforward; there were fewer agents, all sharing a device home without too much drama. Those days are long gone…
Now, device resilience requires 12 times the effort. Why? Because every control, app, and agent depends on hardware and software resources. They are in a zero-sum competition: some feast while others starve.
This agent friction leads to some startling results:

At any given time, 28% of antivirus/antimalware agents fail.
42% of encryption agents go to an early grave.
..in an era where patching is already a struggle, 1-in-5 patching agents break every month.

Oh, and when patching agents — like Tanium, SCCM, AirWatch, Ivanti — do fail, they are repeat offenders, with more than 5 failures every month.
The maniacal pursuit to stuff endpoints with controls, apps, and agents creates new breeds of risk. Spending more on security tools does not make us safer; it increases exposure.
So, IT complexity expands attack surface. Risks are hidden. And the garrison meant to keep us safe are tumbling into one another and shattering at every moment.
Unless we PERSIST them, apps, and agents die. With failures as predictable as a clock.
Risk is not a bug…it’s a feature of IT complexity.
To be RESILIENT, we must first admit much of the trouble is self-inflicted. Endpoints have become a knife fight in a phone booth filled with agents duking it out for survival. When they collide the friction causes failure, so, we must regenerate them, bring them back to life. This is persistence.
And when the time comes to demonstrate, prove, and validate our security posture, we can be audit-ready, and close the complexity gap, with ceaseless visibility and control.
Remember to like, subscribe, and share (oh, and comments below are always a good way to keep the conversation going).
I’ll see you next time!
 

Managing and Securing the Digital Classroom

The use of technology in classrooms has revolutionized the learning environment for both teachers and students. It democratizes education by allowing a greater number of resources to be available to a wider range of students. Textbooks are being replaced by digital devices and virtual classrooms, expanding the idea of the ‘classroom’ and enabling teachers to shift the education model to help students develop the skills needed for the digital future.
While there has never been a doubt that technology is beneficial to learning, there was less certainty about how to manage and secure the devices used by students. Heightening the situation, school districts usually operate with lean IT teams and limited budgets, leaving two big challenges to be solved:
1) how can schools rationalize and maximize technology budgets; and,
2) how can they ensure their technology is safe for students, educators, and staff?
Growing Budget and Keeping It
Finding the funds for technology in an already overburdened budget isn’t easy. Most school administrators know the key to securing funding is found in the results or strong learning outcomes. If students learn more, faster and with greater efficiency, digital classrooms are a no-brainer. The hurdle, however, is translating exactly how technology supports improved student learning and then communicating that fact with credibility.
In education, as is the case in every other industry today, data is required to make a strong business case for increased resources. Detailed student technology analytics is a key component to understanding device use and correlating that use to improved academic performance. Data provides you with the foundation for solid decision-making as well as a way to justify ROI and secure further budget. School boards and other stakeholders want to invest in technology for learning, but schools must prove that they are good stewards of that investment in order for it to continue.
Protecting At-Risk Devices and Data
With new technology comes added risk, including major data privacy concerns. Cybersecurity is now the number one priority for K-12 IT teams according to the latest K-12 leadership survey by COSN. In fact, there have been 479 cybersecurity incidents during the last two to three years, and schools with known one-to-one programs are often targeted by thieves. Kids themselves are also increasingly the victims of theft as they walk to and from school, or even within the school grounds.
In addition, students regularly lose or misplace devices which can lead to exposed sensitive information and/or unauthorized access to the school network. The theft or loss of a device has many repercussions. A stolen student device, school-owned or BYOD, greatly impact that student’s learning ability, as device replacement through insurance can take up to eight weeks.
Within K-12 specifically, the need to ensure that the content accessed by students is also sanctioned. If not adequately protected, the information contained on or accessed through these devices could pose threats that lead to data breaches and fines by the ICO.
Safe, Smart, Secure Schools
In order to sustain digital classrooms, technology must be managed and secured regardless of form, factor or operating system. In our highly mobile environment with devices continuously on-the-move and off the school network, persistent visibility and control is no longer a nice-to-have. It’s a must.
Read: Better Device Security in 3 Steps for Education
With one single solution, IT should be able to determine the status of each device, manage typical IT maintenance requirements, and take immediate security actions when required. This streamlined, automated management option not only provides important security but also improved operational efficiencies that can cut down on hundreds of IT hours.
It may seem like a steep curve, but it is possible to support the shift to digital learning while also helping to protect school districts’ investment in technologies. Absolute’s Persistence technology is embedded in the core of devices at the factory, providing a reliable two-way connection so that education organizations can confidently manage mobility, investigate potential threats, and maintain the safety of students who use these devices. Student Technology Analytics allows schools to prove the positive impact of technology to secure continued investment and ensure no student gets left behind.
It’s an exciting time to be an educator. Learn more about how Absolute is uniquely positioned to help manage and secure your Edtech investment in the IDC commissioned report, Student Technology Analytics: How K-12 Leaders Make the Case for Better Technology in the Classroom.

3 High-Maintenance Endpoint Agents

Without the proper intelligence and control, high-maintenance endpoint security agents fail us more often than we know.
Not all endpoint agents are created equal. With some, you can take a set-it-and-forget-it approach. With others, like endpoint security, you need a more thoughtful maintenance strategy to ensure your devices are protected and not creating data security risks for your organization.
Recent research has demonstrated that fundamental endpoint security tools — encryption, client management tools, antivirus, antimalware, and so on — are more high-maintenance than they appear. Without the proper controls and maintenance in place, these agents degrade over time — and fail us often.
High-Maintenance Endpoint Agents

42% of a device population has encryption failure at any point given time.
20% of devices require at least one client/patch management repair monthly.
28% of devices have missing or outdated AV/AM tools.

Source: 2019 Endpoint Security Trends Report
Endpoint security agents require continuous monitoring
Absolute’s 2019 Endpoint Security Trends Report documents how three of our most conventional and widely-trusted security tools — encryption, client management tools (CMT), and anti-virus/anti-malware (AV/AM) are also the most high-maintenance agents on the endpoint. The research studied more than six million devices over a one-year period and examined one billion change events to see how security solutions performed.
Here’s what we discovered:
1. Encryption gives us a false sense of security
Encryption is often considered to be the most important security solution on the endpoint. We put so much trust in it to protect intellectual property, protected health information, and other sensitive data stored on the endpoint.
Absolute’s study found that encryption tools are regularly broken, disabled, misconfigured, or missing entirely from the endpoint. At any given point in time, over 42 percent of endpoints had an encryption failure and 100 percent of devices experienced encryption failure within one year.
Encryption recovery times are equally as concerning — the average window of vulnerability for unencrypted devices was 12 days, but 30 percent of devices remained unencrypted for more than two months.
The bottom line is that while encryption is important and necessary, it is also a high-maintenance agent that requires persistent controls and continuous monitoring to ensure it is operating effectively at all times. It only takes one failure on the wrong endpoint at the wrong time to cause a data breach.
2. Client and patch management tools are as vulnerable as the clients and agents they patch
The 20 most common client applications published over 5,000 vulnerabilities in 2018. If a device had just half of these applications, it would experience up to 55 vulnerabilities. Thankfully client and patch management tools exist to ensure vulnerabilities are addressed as they arise, right? Wrong. Like encryption, client management and patching tools such as Tanium, Ivanti, SCCM, and AirWatch also break reliably and predictably.
In fact, almost 20 percent of endpoints required at least one client/patch management repair monthly. Of those patching agents requiring repair, 75 percent reported at least two repair events and fifty percent reported three or more repair events.
Client patch management agents are even more high-maintenance than encryption, failing at double the rate encryption agents do.
3. Anti-virus/anti-malware are complex and leave almost one third of devices unprotected at any time
Anti-virus/anti-malware is a must-have security solution on any endpoint. Absolute’s research revealed that, at any point in time, 21 percent of AV/AM tools are outdated and 7 percent are missing altogether. In other words, 28 percent of all endpoints are unprotected on any given day.
The research also found that, on average, there is 1.2 AV/AM agents present on any device. This increases the risk of these agents colliding with or overriding one another. These unsafe interactions among components create dangerous blind spots which make endpoint infrastructures increasingly vulnerable over time.
Enhanced endpoint intelligence leads to more resilient devices
The high-maintenance nature of our most important endpoint security agents is concerning, especially since in the last 12 months, two-thirds of companies have been compromised by attacks that originated on their endpoints.
If basic visibility, control, and resilience measures are not in place, investment in encryption, CMT, AV/AM, or any other security solution is a waste of time and money. Absolute estimated that as much as 40% of all endpoint security spend is squandered on agents that fail often.
Organizations must address the root of this failure by ensuring that existing security controls remain in place and functioning correctly at all times. That’s where Absolute can help. Absolute’s technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. Because it’s the only embedded security solution, it is the only cloud-based platform that maintains a constant, persistent connection to devices, regardless of user behavior or device performance.
This always-on connection ensures high-maintenance endpoint agents always performing as they should.
Interested in taking a deeper dive into the current state of endpoint security? Read the full report: 2019 Endpoint Security Trends Report.
 

The State of Endpoint Health in 2019

The endpoint has quickly become valuable real estate for security tools and controls, as traditional network perimeters have given way to cloud-based models in support of the digital workforce. By 2020, global IT security spend is expected to reach $128 billion with 24 percent of it allocated to endpoint security tools. In fact, organizations today use an average of 80 security vendors’ products.
Yet, over 70 percent of breaches still originate on the endpoint. According to a recent Absolute study of six million enterprise devices representing 12,000 organizations across North America and Europe, much of endpoint security spend is voided because tools and agents fail, reliably and predictably.
The Inevitable Decay of Security Controls
It is widely agreed that the universe naturally gravitates toward chaos. These same principles that govern space apply to security environments as well. Endpoint devices are not immune. They, too, are subject to entropy, which means they will go from order to disorder. The security posture of a device will regularly drift or decay.
When I refer to a control or tool or agent failing reliably and predictably, this security decay is not the design of malevolent threat actors or evidence of negligent users. It’s a natural and ordinary outcome from increasing the number of tools fighting for underlying resources (hardware and software) — and every additional security tool only increases the probability of failure and decay.
Complexity Causes Endpoint Fragility and Risk
In reality, the organizations we typically tout for being ‘sophisticated’ are actually the ones with the most severe endpoint entropy. Why? Because what we reallymean when we say ‘sophisticated’ is ‘they own a lot of security tools’.
We have to change our definition of ‘sophisticated’ to account for true up-leveling; reserving such honors for those who halt endpoint security decay. To do so, we need to recognize that complexity of the landscape is an exposure, it makes it increasingly difficult for IT and security teams to have visibility, and comes with the constant demand to uphold security controls.
For organizations with a boatload of controls, apps, and agents, it’s not necessarily that a control, app, or agent isn’t chinning the bar of their potential, but something more tragic: each tool adds an incremental risk, because the expected security benefits are nullified by a negative externality: agent collision.
When agents compete for device resources, some are starved while others feast. When starved, the agent fails. This means security tools are actually increasing the frequency of collision, and the effect of collision is a breakdown in the security posture. Increased security spending does not increase safety.
Understanding and Achieving Endpoint Resilience
To recap, evolving security threats have caused enterprises to layer on more and more endpoint controls, increasing complexity, impacting performance, and the collision of these controls is leaving the endpoint exposed.
We need to understand the dangers of equating IT security spending with security and risk maturity. From here, we need to stop spending another dime on new tools and, instead, accurately reassess the effectiveness of existing security investments – especially when cybercrime threatens to cost the world $6 billion annually in damages by 2021.
To secure the endpoint, the security tools already in place must be made resilient. Resilience is a property of the agent or tool itself, which is demonstrated by an ability to persist in spite of collision or friction. I am resilient when I recover from an infection or automobile accident. I have demonstrated the capability to persist in the face of entropy-accelerating events.
Tools and agents experience the same thing. But the resilient ones bounce back, they heal, they recover, and sometimes, they’re even resurrected from the dead. This only comes when we have the courage to go deeper into the endpoint system, analyze the friction points within agent resources, and mitigate the risk of collision. With that unimpeded view of the device underworld, anyone can recreate the landscape and prevent the entropic-events that lead to security decay.
Originally published by SC Magazine.
If you’d like to learn more about how reducing IT complexity can lead to resilience for your endpoints, listen in as Josh and Forrester analyst, Renee Murphy discuss real-world actions in the webinar: The State of Endpoint Security in 2019.

Better Device Security in 3 Steps for Higher Education

Universities and colleges have diverse challenges when it comes to risk management. To provide a progressive learning and research environment, broad, collaborative network access must be made available to a wide range of users. Decentralized data systems and countless user endpoints – that leave the campus daily – result in blurred perimeters.
To compound the issue, the vast amounts of personal information held by every higher education institution, as well as valuable intellectual property, makes education an attractive, high-value target for cyber criminals. And the sensitive nature of the data they keep also means education is highly regulated — which only ups the stakes for everyone. How can these institutions keep students and devices safe without sacrificing their charter?
Better Security in 3 Steps
When building a security program for your institution, start with what is most vulnerable – endpoints. Continuous visibility and control will deliver improvements, even when faced with a limited budgets.

Track and Manage Assets — Because you can’t secure what you can’t see, you first need visibility into all of your devices, their applications, and your users. Absolute’s patented Persistence® technology provides an unbreakable connection to every device, keeps inventory automatically up-to-date, collects hardware, software and geolocation data points, reveals waste and inefficiency, as well as pinpoints security risks and compliance failures.
Automate Security Agent Resilience — Examine endpoint resilience and compliance drift, and regenerate security controls — such as encryption, anti-malware, VPN, EDR or DLP — whenever necessary. With Absolute, endpoints become self-healing machines, capable of safeguarding the distributed data they contain, enabling IT to keep control of every endpoint and freeze or wipe it remotely at any time.
Maintain Continuous Compliance — Conduct ongoing and flexible checks according to a cybersecurity framework or your own standards. Specifically, many have found the NIST Cybersecurity Framework particularly comprehensive and worthwhile. (Watch this explainer video: NIST Cybersecurity Framework.) Absolute can help you identify where compliance may have failed and will restore controls that cause compliance drift when disabled or outdated.

On or Off the Network
No matter where your devices are, you need to see, understand and control your entire endpoint population at all times. The loss of sensitive information brings with it costly compliance fines but even more damaging, broken trust among students, educators and staff. Higher education data security isn’t always straight forward but step-by-step, progress can be made.
To learn more about how to identify your institutions sensitive data and improve both visibility and control over it, view Absolute for Higher Education. 

The Importance of Zero Trust: Top 3 Benefits

Most CSOs today will tell you, the concept of Zero Trust is an important cornerstone of their data security strategies. In the last few years, the idea has gained popularity – for good reason. With the number of data records being stolen each year now numbering in the billions, it’s time to re-evaluate our approach. There are important benefits to Zero Trust – starting with the baseline assumption that flips conventional wisdom on its head and demands continuous authentication before access to data is ever granted, with each and every step.
Historically, we’ve put networks, devices, data, apps and users in a ‘trust’ relationship. For example: this is Sarah’s machine. It runs these apps and she and the machine has access to this data. In this environment, these relationships are trusted, with little verification after it’s first granted. That automatic trust is often where cyber criminals find their way to their prize.
Read our tutorial: What You Need to Know About Zero Trust
So rather than assume trust, consider it a vulnerability.
Trust is a Vulnerability
With a mass exodus from corporate data centers to cloud-based everything, network perimeters are all but extinct. Countless mobile devices, reliance on a distributed workforce and other remote work trends have widened the threat landscape and pushed traditional security approaches to their breaking point.
The idea of not trusting all of those exploited apps, missing devices and unsuspecting users makes a lot of sense. Continuous verification helps keep the bad guys out certainly, and it brings 3 additional benefits to the organizations who employ it:

Improved Intelligence: When you’re continually authenticating identity and access, these ‘security checkpoints’ produce valuable intelligence for security teams. Far beyond a log of who is doing what, these events also establish regular connections with IT and provide administrator insight into how well the security tools are working.
Faster Containment: Zero trust is often bundled with an architectural shift toward segmentation. With partitions in place, containment is easier and faster because you’re able to ‘trap’ threats within an individual segment and foreclose the opportunity for the threat to advance.
Better Performance: With fewer hosts and endpoints within each segment, system traffic is more easily modulated from one segment to the next. By segmenting, you use fewer resources and those resources are less likely to be overwhelmed.

 
Zero Trust Starts with Asset Intelligence
The foundation to Zero Trust is Asset Intelligence. Without knowledge of your data, devices, users, and apps, there’s no way to know what needs verifying. Absolute is embedded in your device’s firmware at the factory. This digital tether creates an unbreakable grip on every device and streams asset intelligence into a single cloud-based console – giving you absolute visibility, control and resilience.
If you would like more information on Zero Trust, watch the next episode of our Cybersecurity Insights video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.

Video Transcript:
Imagine walking through an airport and having to validate your trustworthiness with every stride. That’s zero trust!
But trust has to be earned, verified. And that’s where things get tricky.
For decades, we put networks, devices, data, apps, and users into a ‘trust’ relationship, but without much verification. Introduced by John Kindervag, in 2010…zero trust has become a touchstone for those who demand cyber resilience and persistent security.
You know the mantra ‘trust is a vulnerability’? Well, it comes with three benefits:

Improved Intelligence
Faster Containment, and…
Better Performance

First, zero trust gives IT and security teams the INTELLIGENCE they need by monitoring how access is granted (or denied)…in every pocket of the environment.
With more ‘security checkpoints’ comes validation events, when you have more validation events, you get better models for how security controls are working.
Second…faster CONTAINMENT. Zero trust is often bundled with an architectural shift toward segmentation.
With partitions, containment is easier and faster because we’re able to ‘trap’ threats within an individual segment and foreclose the opportunity for the threat to advance.
And 3: Better PERFORMANCE
With fewer hosts and endpoints per segment, system traffic is more easily modulated from one segment to the next. By segmenting, we use fewer resources and those resources are less likely to be overwhelmed – giving us ‘better performance’.
Asset INTELLIGENCE is the foundation of zero trust; without knowledge of data, devices, users, and apps, there’s no way to know what needs verifying.
If PERSISTENT security is the goal, zero trust is one of the most effective ways to get there.
Trust IS a vulnerability, get rid of it! And enjoy cyber RESILIENCE.
Remember to like, subscribe, and share (oh, and comments below are always a good way to keep the conversation going). I’ll see you next time!

7 Ways to Secure Your Distributed Workforce

There’s no looking back when it comes to the growing trend of remote work. Researchers at Strategy Analytics predict the total number of distributed workers — or a combination of employees and contractors who work at least partly from outside of the office — to hit 1.87 billion worldwide by 2022.
The rising popularity of a distributed workforce comes with good reason. It provides organizations with a much broader talent pool and it requires a smaller real estate footprint, to name a few corporate benefits. In turn, the flexibility also leads to happier, more productive employees. But mobile workers also complicate data security efforts. How can you secure your distributed workforce?
The Call for Greater Data Security
In 2018, more than 5 billion records were stolen in publicly-known data breaches. Individual impact, company reputational damage and costly compliance fines are top of mind concerns for most businesses. Reliance on a workforce that lives outside your traditional network defenses puts you at even greater risk. With so many endpoints out there, all with the potential of granting access to your sensitive data, your attack surface is exponentially larger. Even the most well-meaning workers too-often follow lax security protocols from their homes or perhaps worse, a coffee shop WIFI, and they lack the skills to address a potential threat.
When it comes to working with a distributed workforce, be it employees, contractors, freelancers or even partners, organizations should consider these 7 data security best practices:

Conduct, and respond to, regular risk assessments: Examine both how data is stored and how data is accessed.
Maintain and enforce security controls: Because you can’t secure what you can’t see, maintain visibility over all of your endpoints. Then, monitor and restore when necessary the health of security controls such as encryption, anti-malware, or any other application or configuration, and make sure the operating system is up to date. Read: 2019 Endpoint Security Trends Report for details on how quickly security tools degrade.
Harden access: Ensure internal system access requires strong authentication and apply strict limits on information available to the outsider. Two-factor authentication techniques, such as a combination of a token and a password, for external access is a best practice.
Isolate access: Cordon off externally-accessed systems and networks from the rest of the internal network using internal firewalls (similar to a network DMZ used to isolate sacrificial servers). Log and review traffic that traverses the internal firewalls to the externally-accessed systems.
Log and audit: Automate and regularly review logs of external access. Unexpected access may turn out to be a false alarm but check and verify.
Regularly review: Business partners, freelancers and contractors come and go and their IT needs may change over time. Restrict or revoke access as necessary. Streamline remote worker transitions by remotely freezing or wiping devices regardless of location, user, or network status.
Be prepared for a breach: Prepare a data breach response plan and train a team to handle the incident. This can help both mitigate the breach and its fallout.

For more on how you can better protect the data in your care, regardless of where it may reside at any given point in time, download our eBook, 3 Overlooked Data Privacy Considerations.

Endpoints At-Risk: Too Many Security Tools are the Cause

A recent study highlights the increased risk caused by application bloat and endpoint complexity.
According to a new report by Absolute, when it comes to endpoint security, less may, in fact, be more. The 2019 Endpoint Security Trends Report studied more than six million devices over a one-year period and examined one billion change events to see how security solutions performed — or failed to perform — during that timeframe. The results were eye-opening. It turns out the problem isn’t not having enough security tools, it’s that devices have too many.

100%: Number of devices that experience an encryption failure in a year
28%: Endpoints with missing or outdated AV/AM at any given time
19%: Endpoints requiring at least one repair within 30 days

Source: 2019 Endpoint Security Trends Report
The security solutions that we rely on to protect our devices — and the data that lives on them — fail often. The biggest contributing factor to the frequent failure rate? Endpoint complexity.
Endpoint Complexity is Causing Risk
Absolute’s analysis found that devices can have 10 or more endpoint security agents installed. Nine of those agents come from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
Read about Uncovering the Fragility of Endpoint Security
Ultimately, this means that multiple technologies exist on any given endpoint to perform the same task. For example, the report identified more than one AV/AM agent per device on the majority of devices studied (an average of 1.2 AV/AM agents per endpoint).
The likelihood that these agents will conflict and collide with one another is high. This creates a poor user experience and — more importantly — creates blind spots for security teams and disrupts key security controls.
“We should be testing this stuff before we put it out there. If we have 10 to 12 agents per device, we need to understand how they’re interacting with one another before they’re released into the wild. How do we know we’re not completely poisoning the well? Because that is an expensive well to un-poison.”
– Renee Murphy, Principal Analyst for Security and Risk Professionals, Forrester Source: The State of the Endpoint in 2019 Webinar
Complexity Puts a Strain on Resources
Endpoint complexity also poses a management and resourcing problem. A report by Ponemon found that 50 percent of companies require over 35 full-time employees to manage their endpoints. The same report found that 425 hours are wasted weekly on false security alerts, likely due to conflicting endpoint agents sending confusing signals back to SIEM solutions.

50% of companies require 35+ full-time employees to manage endpoints
425 hours wasted weekly on false security alerts

Source: The Cost of Insecure Endpoints, Ponemon, 2017
Furthermore, the vast number of tools identified in the report introduces a virtually unlimited number of combinations. This makes it almost impossible for resource-strapped IT teams to properly test devices prior to deployment.  In most cases, enterprises are forced to validate the combinations in live deployments — where results show that they all eventually break.
Read our blog post about The Complexity Gap
The Bottom Line: More is Not Better
While IT and security professionals have a huge range of tools and technologies at their disposal, the 2019 Endpoint Security Trends Report found that more security does not equate to more secure devices. In fact, much of endpoint security spend is wasted on solutions that simply don’t work (due to missing or broken agents or disabled controls).
Rather than throwing good money after bad, IT and security teams should, instead strive to reduce complexity on the endpoint and focus on ensuring that existing security tools are fortified, more resilient, and less inclined to fail.
Absolute acts like a watchdog on the endpoint. Absolute’s proprietary Persistence® technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. Because it’s the only embedded security solution, it is the only cloud-based platform that maintains a persistent connection to devices, regardless of user behavior or device performance. This persistent connection enables IT and security professionals to keep a close eye on existing security controls to ensure they’re always performing as they should.
As a result, Absolute is an efficient way to maximize the value of your existing investments. A Forrester TEI report found that Absolute delivers a 146% return on investment. It can also help organizations get a greater return on investment on existing security solutions.
Interested in taking a deeper dive into the state of endpoint security? Read the full report: 2019 Endpoint Security Trends Report.
 
 

3 Myths Debunked in the 2019 Endpoint Security Trends Report

New research challenges misconceptions about the security of our endpoint devices.
The only thing worse than no security is a false sense of security. While there are few, if any, enterprise organizations that have no endpoint security in place, a recent study by Absolute identified a serious cause for concern — the fundamental endpoint security tools in which so much faith is placed, fail us regularly.
The research studied more than six million devices over a one-year period and examined one billion change events to see how security solutions performed — or failed to perform — during that time frame. The findings were staggering and categorically discredit some long-held myths about the state of endpoint security.
Myth #1: More third-party security tools result in more secure devices
Our research found that devices have an average of 10 endpoint security agents installed.
These include encryption, antivirus/ anti-malware (AV/AM), client/patch management, and other endpoint protection tools from a variety of different vendors.
On the devices we examined, more security tools did not equate to more secure devices. Paradoxically, the complexity introduced by multiple agents actually leaves organizations more vulnerable to attack. When it comes to endpoint security, the more dangerous outcome is not too little technology, but too much.
For example, we identified more than one AV/AM agent per device on the majority of devices studied (1.2 AV/AM agents per endpoint). The likelihood that these agents will conflict and collide with one another is high as they compete for device services and resources and create blind spots for security teams.
It’s clear that access to endpoint security solutions is not a problem — most organizations have sufficient budget to cover the costs. The real problem organizations face is in ensuring that these controls remain in place and are functioning correctly at all times.
If basic visibility, control, and resilience measures are not in place, adding additional security tools to already bloated devices will only exacerbate the problem.
When it comes to endpoint security, the more dangerous outcome is not too little technology, but too much. 
Myth #2: Only a negligible subset of your device population is unprotected at any one time

100 percent of your devices will experience encryption failure within one year. Encryption is often considered the principal endpoint data security solution. And while it is necessary, it requires persistent controls and continuous maintenance to ensure it’s operating effectively. Our study found that encryption is regularly broken, disabled, misconfigured, or missing entirely. At any given point in time, over 42 percent of endpoints had an encryption failure and 100 percent of devices experienced encryption failure within one year. Encryption recovery times are equally as concerning — the average window of vulnerability for unencrypted devices was 12 days, but 30 percent of devices remained unencrypted for more than 60 days.
Your CMT tools break frequently. Client management and patching tools fail regularly. This is astounding since these agents are in place to ensure patch management is effective. However, almost 20 percent of endpoints required at least one client/patch management repair monthly. Of those patching agents requiring repair, 75 percent reported at least two repair events and fifty percent reported three or more repair events.
28 percent of your devices have missing or outdated AV/AM tools. AV/AM is endpoint security 101. However, our analysis revealed that, at any point in time, 21 percent of AV/AM solutions are outdated and 7 percent are missing altogether. In other words, 28 percent of all endpoints are unprotected on any given day.

Myth #3: More budget for advanced endpoint security technology is required
Security budgets continue to rise year over year in an effort to mitigate the ever-increasing data security risks. The global spend on IT security is predicted to total $128 billion by next year. However, our research indicates that this spending could be done in vain. As much as 40 percent of endpoint security spend is squandered on solutions that simply don’t work.
It is certainly important to keep pace with advances in endpoint security technology — but investing more money into exciting new technologies such as blockchain, artificial intelligence, and machine learning is futile if the basics are not operating effectively.
The fact remains, the efficacy of any endpoint security tool diminishes significantly over time — unless those tools are deliberately controlled to improve their resilience.
Key Takeaway from 2019 Endpoint Security Trends Report: Strengthen Existing Security Solutions
Our analysis doesn’t mean that existing security tools are useless — they just need a watchdog to ensure they remain resilient.
Absolute’s technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. Because it’s the only embedded security solution, it is the only cloud-based platform that maintains a persistent connection to devices, regardless of user behavior or device performance.
This persistent connection enables IT and security professionals to keep a close eye on existing security controls to ensure they’re always performing as they should. It helps you unlock the value of your existing investments while enabling you to feel secure in the knowledge that your devices are protected — and if they’re not, you have controls in place to either fix them or lock them down.
Interested in taking a deeper dive into the state of endpoint security? Read the full report: 2019 Endpoint Security Trends Report.

Loading

Categories