Category: Endpoint Security

Improving Endpoint Security Needs to Be a Top Goal in 2020

This was post was originally published in Forbes Magazine.
Bottom Line:  Attacking endpoints with AI, bots, and machine learning is gaining momentum with cybercriminals today with no signs of slowing down into 2020, making endpoint security a must-have cybersecurity goal for next year.
Cyberattacks are growing more complex and difficult to prevent now and will accelerate in the future, making endpoint security a top goal in 2020. Cybercriminals are using structured and unstructured machine learning algorithms to hack organizations’ endpoints with increasing frequency. Endpoint attacks and their levels of complexity will accelerate as cybercriminals gain greater mastery of these techniques.
In response, endpoint protection providers are adopting machine learning-based detection and response technologies, providing more cloud-native solutions that can scale across a broader range of endpoints, and designing in greater persistence and resilience for each endpoint. The recent IDC survey published this month, Do You Think Your Endpoint Security Strategy Is Up to Scratch? completed in collaboration with HP recommends that “companies should seek to build resilience — on the assumption that breaches are inevitable — and look for “security by design” features that facilitate or automate detection and recovery.” IDC surveyed 500 senior security executives globally, finding major differences between leading organizations who realize endpoint security is essential for a unified cybersecurity strategy and followers, who don’t.
What Differentiates The Most Effective Endpoint Strategies?
IDC’s study found that leaders who integrate endpoint security into their cybersecurity plans are more effective at compliance reporting, endpoint hardening, and attack detection and response. Leaders capitalize on the data from their endpoint security strategies, creating contextual intelligence that helps protect their most vulnerable threat surfaces. The following are key insights from the IDC study showing why endpoint security needs to be an integral part of any corporate-wide cybersecurity strategy:

6% of all enterprises globally consider endpoint security to be a significant component of their overall cybersecurity strategy, with leaders 2X as likely to consider it a high priority.Close to half of all enterprises (49.4%) believe endpoint security can perform effectively as a secondary component. IDC found that the lesser the priority security leaders place on endpoint security, the more likely endpoints will fail. Instead of taking a strategic approach, organizations treat endpoint security as an isolated strategy, adding an average of 10 security agents per device according to Absolute’s 2019 Endpoint Security Trends Report. You can get a copy of the report here. Cybersecurity leaders realize that having a unified endpoint security strategy designed for persistence and resilience is far more effective than relying on an isolated one. The following findings from the IDC report illustrate how leaders view endpoint as integral to their cybersecurity strategies.
When enterprises are complacent about endpoint security, procurement standards become mediocre over time and leave digital businesses at greater risk. Followers lack security focus for everything other than desktops during procurement, for example. Though most enterprises include security requirements in procurement requests, those requirements are not specified equally for all endpoint device types, resulting in uneven security coverage and compliance risk.

IDC, DO YOU THINK YOUR ENDPOINT SECURITY STRATEGY IS UP TO SCRATCH? OCTOBER 2019

Automated operating system image recoverability, detect and recover firmware integrity breaches, and enabling software monitoring from the hardware level are the three most in-demand endpoint security features for enterprises today. Leader enterprises have relied on persistent connections to every endpoint in a network to achieve greater resilience across their global networks. Absolute is working to change this relationship, allowing remote, disconnected endpoints to remain resilient, which reflects what leaders are looking for in terms of greater control and visibility for every threat surface or endpoint. Senior security leaders, including CISOs, are taking a more integrated approach to endpoint security by designing in persistence to the device level that thwarts breach attempts in real-time. Absolute is working to change this relationship, allowing remote, disconnected endpoints to remain resilient.

IDC, DO YOU THINK YOUR ENDPOINT SECURITY STRATEGY IS UP TO SCRATCH? OCTOBER 2019

Enterprises who are cybersecurity leaders most value a device’s built-in security features when evaluating PCs, laptops, and mobile devices while followers value this feature least.33% of enterprises who are leaders prioritize devices that have built-in security capabilities that immediately provide persistent connections across the network, enabling greater resiliency. The study also makes the point that endpoint security needs to be tamper-proof at the operating system level, yet be flexible enough to provide IT and cybersecurity teams with device visibility and access to modify protections. One of the leaders in this area, Absolute, has invented endpoint security technology that begins at the BIOS level. There are currently 500M devices that have their endpoint code embedded in them. The Absolute Platform is comprised of three products: Persistence, Intelligence, and Resilience—each building on the capabilities of the other. The following graphic from the IDC study illustrates the stark contrast between enterprises who are cybersecurity leaders versus followers when it comes to adopting build-in security capabilities to harden endpoints across their networks.

IDC, DO YOU THINK YOUR ENDPOINT SECURITY STRATEGY IS UP TO SCRATCH? OCTOBER 2019
Conclusion
When 70% of all breaches originate at endpoints, despite enterprise IT spending more than ever in cybersecurity, it’s a clear sign that endpoint security needs to be an integral part of any cybersecurity strategy. On average, every endpoint has ten security agents installed, often leading to software conflicts and frequent endpoint encryption failures. Absolute’s latest study found that over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach. They’re most commonly disabled by users, malfunction, or have error conditions or have never been installed correctly in the first place. Absolute also found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. 100% of all devices experiencing encryption failures within one year. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than avert them. These are just a few of the many factors that make improving endpoint security a top goal all enterprises need to achieve in 2020.
 
 
 

Absolute CEO Christy Wyatt Recognized as Top 50 Women Leaders in SaaS of 2019

This week, The Software Report released their Top 50 Women Leaders in SaaS of 2019. It’s a distinguished group and their list of accomplishments across the software industry is both impressive and inspiring. We’d like to congratulate all the 2019 leader awardees and give a special shout out to one honoree in particular – our CEO Christy Wyatt.

Christy’s first-position ranking comes as a result of her ‘dedication to solving Absolute customers’ greatest enterprise resiliency challenges’ and long pedigree of leadership roles across the software industry. Congratulations to everyone on the Top 50 and our own Christy Wyatt!
Read the full list here.

It’s Time To Solve K-12’s Cybersecurity Crisis

This post was originally published in Forbes magazine by Louis Columbus.

There were a record 160 publicly-disclosed security incidents in K-12 during the summer months of 2019, exceeding the total number of incidents reported in all of 2018 by 30%.
47% of K-12 organizations are making cybersecurity their primary investment, yet 74% do not use encryption.
93% of K-12 organizations rely on native client/patch management tools that have a 56% failure rate, with 9% of client/patch management failures never recovered.

These and many other fascinating insights are from Absolute’s new research report, Cybersecurity and Education: The State of the Digital District in 2020​, focused on the state of security, staff and student safety, and endpoint device health in K-12 organizations. The study’s findings reflect the crisis the education sector is facing as they grapple with high levels of risk exposure – driven in large part by complex IT environments and a digitally savvy student population – that have made them a prime target for cybercriminals and ransomware attackers. The methodology is based on data from 3.2M devices containing Absolute’s endpoint visibility and control platform, active in 1,200 K-12 organizations in North America (U.S. and Canada). Please see full report for complete details on the methodology.
Here’s the backdrop:

K-12 cybersecurity incidents are skyrocketing, with over 700 reported since 2016 with 160 occurring during the summer of 2019 alone. Educational IT leaders face the challenge of securing increasingly complex IT environments while providing access to a digitally savvy student population capable of bypassing security controls. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations. As of today, 49 school districts have been hit by ransomware attacks so far this year.

“Today’s educational IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy, and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute.
Research from Absolute found:
K-12 IT leaders are now responsible for collectively managing more than 250 unique OS versions, and 93% are managing up to five versions of common applications. The following key insights from the study reflect how severe K-12’s cybersecurity crisis is today:

Digital technologies’ rapid proliferation across school districts has turned into a growth catalyst for K-12’s cybersecurity crisis. 94% of school districts have high-speed internet, and 82% provide students with school-funded devices through one-to-one and similar initiatives. Absolute found that funding for educational technology has increased by 62% in the last three years. The Digital Equity Act goes into effect this year, committing additional federal dollars to bring even more technology to the classroom. K-12 IT leaders face the daunting challenge of having to secure on average 11 device types, 258 unique operating systems versions and over 6,400 unique Chrome OS extensions and more, reflecting the broad scale of today’s K-12 cybersecurity crisis. Google Chromebooks dominate the K-12 device landscape. The following graphic illustrates how rapidly digital technologies are proliferating in K-12 organizations:

42% of K-12 organizations have staff and students regularly bypass security endpoint controls using web proxies and rogue VPN apps, inadvertently creating gateways for malicious outsiders to breach their schools’ networks. Absolute found that there are on average 10.6 devices with web proxy/rogue VPN apps per school and 319 unique web proxy/rogue VPN apps in use today, including “Hide My Ass” and “IP Vanish.”  Many of the rogue VPN apps originate in China, and all of them are designed to evade web filtering and other content controls. With an average of 10.6 devices per school harboring web proxies and rogue VPN apps, schools are also at risk of non-compliance with the Children’s Internet Protection Act (CIPA).

While 68% of education IT leaders say that cybersecurity is their top priority, 53% rely on client/patch management tools that are proving ineffective in securing their proliferating IT infrastructures. K-12 IT leaders are relying on client/patch management tools to secure the rapidly proliferating number of devices, operating systems, Chrome extensions, educational apps, and unique application versions. Client/patch management agents fail 56% of the time, however, and 9% never recover. There are on average, nine daily encryption agents’ failures, 44% of which never recover. The cybersecurity strategy of relying on native client/patch management isn’t working, leading to funds being wasted on K-12 security controls that don’t scale:

“Wyatt continued, this is not something that can be achieved by simply spending more money… especially when that money comes from public funds. The questions they each need to be asking are if they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without key foundational elements of a strong and resilient security approach in place – things like visibility and control, it becomes nearly impossible to protect your students, your data, and your investments.”
Providing greater device visibility and endpoint security controls while enabling applications and devices to be more resilient is a solid first step to solving the K-12 cybersecurity crisis. Thwarting the many breach and ransomware attacks K-12 organizations receive every day needs to start by considering every device as part of the network perimeter. Securing K-12 IT networks to the device level delivers asset management and security visibility that native client/patch management tools lack. Having visibility to the device level also gives K-12 IT administrators and educators insights into how they can tailor learning programs for broader adoption. The greater the visibility, the greater the control. K-12 IT administrators can ensure internet safety policies are being adhered to while setting controls to be alerted of a suspicious activity or non-compliant devices, including rogue VPNs or stolen devices. Absolute’s Persistence platform provides a persistent connection to each endpoint in a K-12’s one-to-one program, repairing or replacing critical apps that have been disabled or removed.
You can download the full Absolute report here.

5 Things to Check Off Your Security Checklist in October

October is National Cybersecurity Awareness Month, and the very existence of this ‘holiday’ affirms it is more important than ever to make sure your digital data is secure. To help get you on the right track, we’ve put together a quick security checklist of five simple, but impactful, steps you can take to better protect yourself today. 
1) Update your Operating System.
Updates and patches for your Operating System and applications are made available almost daily.  In many cases, these updates and security fixes are essential to keep your computer healthy and your data safe. If you find it tiresome keeping on top of these important updates, turn on Auto-Update.
2) Download, Activate and Keep Antivirus, Anti-malware and Firewall Software Up to Date.
Antivirus, anti-malware and firewall software can protect your device and data from malicious activity in the form of corrupted files, attack code and processes. Don’t forget to install, activate and keep these essential security features up to date.
3) Pay Attention to Passwords.
Strong password hygiene is worth emphasizing and repeating. Don’t use the same password for everything; use unique combinations of 8-14 uppercase and lowercase letters, numbers, and non alphanumeric characters. You must also make sure to keep your passwords somewhere safe. Storing them digitally in an encrypted password protector is often a good choice, but you can always write them down in a book the old-fashioned way.
4) Backup your Important Files.
Determine what’s mission critical, and create and keep multiple backups of your most important data, just in case. Store the files in the cloud via a trusted service provider; on secure flash drives or external hard drives; or using physical media like DVDs. If the unthinkable happens and your primary machine is corrupted, lost, or stolen, you’ll be glad you did.
5) Do not click on suspicious links or open questionable attachments received via email.
Even if (you think) an email comes from someone that you know, use caution. Phishing and email scams are a persistent method of computer infection. Always double check the sender’s email address, attachment filenames and extensions for abnormalities. If it doesn’t feel genuine, it probably isn’t.
Have you already taken these precautions? Do you travel with your laptop often? Absolute Home & Office can provide an extra layer of security and control by enabling you to Locate your machine on a map, Lock or Delete it’s contents remotely or, in the case of an actual theft, communicate with authorities to Recover it. Absolute Home & Office Premium is available for 33% off until October 31st.

Absolute Named Leader in G2 Fall 2019 Grid Report for Endpoint Management

Thanks to high levels of customer satisfaction and positive reviews from verified users, G2 has – for the second time this year – named Absolute a leader in the Fall 2019 Grid Report for Endpoint Management Software. Absolute ranked 10th overall out of 150 total vendors in the category, and was named a top vendor based on positive verified user reviews and high levels of customer satisfaction. The reviews highlight the power of the Absolute platform in delivering endpoint security and resiliency.
With more than 790,000 verified user reviews on the platform, G2 helps buyers make more informed purchasing decisions, allowing them to compare the best software and services for their needs based on peer reviews, satisfaction scores, and synthesized social data.
“Absolute is the last-stand in our IT security profile. I like how it integrates with the BIOS to do its thing most of all. Once installed, it’s essentially and hands-off piece of software. And because it is at that low level it can do many things that similar software cannot. But I would be remiss if I didn’t mention the ability to track and recover lost or stolen laptops.” – Senior Network Administrator/IT Manager
Christy Wyatt, CEO of Absolute had this to say about inclusion in the recently released G2 Grid Report: “We are honored and grateful that our customers are willing to go to bat for us and publicly recognize our product innovation, execution, and dedication to continuous optimization and improvement. At Absolute, our number one goal is to be a trusted partner in making our customers more resilient and deliver the visibility, persistence, and intelligence they need to securely and confidently move their businesses forward.”
Get the full G2 Fall 2019 Grid Report for Endpoint Management Software here. To learn more about what real users have to say about Absolute or to leave your own review, visit our G2 profile.

Absolute Recognized as Hot 150 Cybersecurity Company to Watch in 2020

Absolute was recognized this week by Cybersecurity Ventures in their Hot 150 Cybersecurity Companies to Watch in 2020. As cyber risk climbs, so too grows the number of security vendors. This new ranking is a feature of ‘the hottest and most innovative’ cybersecurity companies in the market today.
Hot 150 selection criteria includes such as areas as: challenges addressed, feedback from CISOs, customer base and notable implementations, founder and management pedigree, company revenue growth and others. Among the Hot 150, 68 companies are headquartered in the U.S. and Canada.
See the full Hot 150 Cybersecurity Companies in Watch in 2020 in Cybercrime Magazine.
 

How Machine Learning Can Avert Cyber Disasters

High winds capable of downing power lines across a very-dry Northern California are causing officials to shutoff power this week for hundreds of thousands of residents. The decision came as a way to reduce the threat of wildfires in an area already hard-hit by natural disaster.
Mother Nature is once again flexing her powerful muscles and Californians are left to cope as best they can, with the information they have. This week’s weather event is yet another example of why researchers are working on how to use machine learning (ML) as a disaster preparedness and response tool. Because machines can quickly analyze massive amounts of data from numerous sources, the goal is to use that information to help community leaders and emergency response teams make more informed decisions.
Like natural disaster preparedness and response, ML also has important implications for endpoint security and the disaster that could originate on an endpoint while under cyberattack. As our CTO, Nicko van Someren explains in the below video prepared for National Cybersecurity Awareness Month, ML is key to improved security by way of a direct pull through from IT asset management.
An IT Asset Management Job with a Security Outcome
Within the context of IT asset management, organizations are busier than ever trying to manage the growing number of endpoint devices, applications and data. IT complexity has reached all-time highs. ML has been a very valuable tool for managing that complexity and, while doing so, can also make direct contributions to better security and more resilient endpoints. With the power of ML, you’re not only gaining improved visibility into your assets, you’re learning more about the actions and events happening there and finding patterns.
With patterns inevitably come outliers and so often, that’s where vulnerabilities hide. Being able to recognize outliers and remediating any resulting risk is how endpoints – and enterprises – become more resilient.
As Nicko explains: “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space.”
The growing number of assets is a challenge, certainly. And as security becomes an increasingly critical risk, organizations have been layering on more and more security tools – ten or more agents on each endpoint, says our research. But increased security spend does not equate to improved security. That much is painfully clear. Instead, you’re left with a complex environment full of competing, fallible agents and, consequently, a false sense of security.
Visibility is key and ML can deliver a complete data set that then gives you invaluable insight on what is happening on your endpoints. This way, you can work to reduce complexity and improve endpoint resiliency.
To learn more about the role of ML with IT complexity, watch our newest Cybersecurity Insights video below. And, subscribe to our complete YouTube series.
Complexity is Killing IT

Cybercriminals Take Aim at K-12

The school year is underway and millions of devices are now in the hands of students. More than 80 percent of today’s K-12 organizations provide computers to students and an estimated 70 percent of schools will be one-to-one by 2020.  With school-issued devices commonplace, schools have become easy targets for cyberattacks.
Since 2016, nearly 700 cyber incidents have hit K-12 organizations. And threats like ransomware have forced schools to close their doors, and even compelled Louisiana’s Governor to declare a state of emergency after several schools were wrecked by the Ryuk ransomware in the summer of 2019.
The K-12 attack surface has lured cybercriminals, but the technology itself has also become somewhat of a nightmare. In Absolute’s new study, Cybersecurity and Education: The State of the Digital District in 2020, we looked at 3.2 million devices across 1,200 schools and discovered over 6,400 unique Chrome extensions in-use, 319 security bypass apps (e.g. rogue VPN), and more than 130,000 app versions. The IT complexity is staggering.

Based on the new research, we see three key challenges facing today’s K-12 technology leaders – challenges no other industry faces.

Savvy students — more than five times as many tools for users to tunnel around security controls and policies than other sectors. (rogue apps were found in 42 percent of organizations)

Increased complexity — within five years, K-12 IT leaders have gone from managing a couple of operating systems, a handful of apps, and a few hundred devices to managing hundreds of versions of operating systems, apps, extensions, and thousands of devices. (93 percent of common apps are outdated)

Increased endpoint risk — as complexity expands, so does risk, leaving both students and schools increasingly vulnerable to cyberattacks. Case in point: schools have become the second-largest pool of ransomware victims, slightly behind local governments and closely followed by healthcare organizations. (56 percent of patch agents fail)

It is no surprise then, that 68 percent of K-12 IT leaders say cybersecurity is their top priority, and nearly half (47 percent) say their primary investment will be security controls and tools. But K-12 IT leaders must carefully consider their plans for more security spend and take aim at cyber resilience above all else.
School districts are saddled with the expectation to demonstrate ROI (the effects of the one-to-one program) but on the other hand, they need to keep tabs on security and inventory gaps in a quickly growing endpoint population. Read: Quantifying K-12 Device Use with Absolute.
How do you solve the riddle? Resilience is the key.
Winning the Battle Against Cyber Threats
It is increasingly critical school districts work to reduce IT complexity and improve endpoint resiliency by gaining visibility to every device everywhere. Then, IT leaders can identify use patterns, justify tech spend for maximum ROI, and discover device use patterns and rogue apps, how often devices are used, and what risks students are creating. K-12 IT leaders can rely on Absolute to unmask complexity risks and automate endpoint security—restoring fragile security controls, apps, and agents—to safeguard digital learning for the next generation.
To learn more about the cyber risks facing today’s K-12 schools, download the full report Cybersecurity and Education: The State of the Digital District in 2020.
 

5 Key Insights From Absolute’s 2019 Endpoint Security Trends Report

This post was originally published by Forbes Magazine and Software Strategies blog.

Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.

To better understand the challenges organizations have securing the proliferating number and type of endpoints, Absolute launched and published their 2019 Endpoint Security Trends Report. You can get a copy of the report here. Their findings and conclusions are noteworthy to every organization who is planning and implementing a cybersecurity strategy. Data gathered from over 1B change events on over 6M devices is the basis of the multi-phased methodology. The devices represent data from 12,000 anonymized organizations across North America and Europe. Each device had Absolute’s Endpoint Resilience platform activated. The second phase of the study is based on exploratory interviews with senior executives from Fortune 500 organizations. For additional details on the methodology, please see page 12 of the study.
Key insights from the report include the following:

Increasing security spending on protecting endpoints doesn’t increase an organizations’ safety and in certain cases, reduces it. Organizations are spending more on cybersecurity than ever before, yet they aren’t achieving greater levels of safety and security. Gartner’s latest forecast of global information security and risk management spending is forecast to reach $174.5B in 2022, attaining a five-year Compound Annual Growth Rate (CAGR) of 9.2%. Improving endpoint controls is one of the highest-priority investments driving increased spending. Over 70% of all breaches are still originating at endpoints, despite millions of dollars spent by organizations every year. It’s possible to overspend on endpoint security and reduce its effectiveness, which is a key finding of the study. IBM Security’s most recent Cost of a Data Breach Report 2019 found that the average cost of a data breach in the U.S. grew from $3.54M in 2006 to $8.19M in 2019, a 130% increase in 14 years.
The more complex and layered the endpoint protection, the greater the risk of a breach. One of the fascinating findings from the study is how the greater the number of agents a given endpoint has, the higher the probability it’s going to be breached. Absolute found that a typical device has ten or more endpoint security agents installed, each conflicting with the other. MITRE’S Cybersecurity research practice found there are on average, ten security agents on each device, and over 5,000 common vulnerabilities and exposures (CVEs) found on the top 20 client applications in 2018 alone. Enterprises are using a diverse array of endpoint agents, including encryption, AV/AM, and Endpoint Detection and Response (EDR). The wide array of endpoint solutions make it nearly impossible to standardize a specific test to ensure security and safety without sacrificing speed. Absolute found organizations are validating their endpoint configurations using live deployments that often break and take valuable time to troubleshoot. The following graphic from the study illustrates how endpoint security is driving risk:

Endpoint security controls and their associated agents degrade and lose effectiveness over time. Over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach. They’re most commonly disabled by users, malfunction or have error conditions or have never been installed correctly in the first place. Absolute found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. 100% of all devices experiencing encryption failures within one year. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than avert them:

4. One in five endpoint agents will fail every month, jeopardizing the security and safety of IT infrastructure while prolonging security exposures. Absolute found that 19% of endpoints of a typical IT network require at least one client or patch management repair monthly. The patch and client management agents often require repairs as well. 75% of IT teams reported at least two repair events, and 50% reported three or more repair events. Additionally, 5% could be considered inoperable, with 80 or more repair events in the same one-month. Absolute also looked at the impact of families of applications to see how they affected the vulnerability of endpoints and discovered another reason why endpoint security is so difficult to attain with multiple agents. The 20 most common client applications published over 5,000 vulnerabilities in 2018. If every device had only the top ten applications (half), that could result in as many as 55 vulnerabilities per device just from those top ten apps, including browsers, OSs, and publishing tools. The following graphic summarizes the rates of failure for Client/Patch Management Agent Health:

5. Activating security at the device level creates a persistent connection to every endpoint in a fleet, enabling greater resilience organization-wide. By having a persistent, unbreakable connection to data and devices, organizations can achieve greater visibility and control over every endpoint. Organizations choosing this approach to endpoint security are unlocking the value of their existing hardware and network investments. Most important, they attain resilience across their networks. When an enterprise network has persistence designed to the device level, there’s a constant, unbreakable connection to data and devices that identifies and thwarts breach attempts in real-time. 
Bottom Line:  Identifying and thwarting breaches needs to start at the device level by relying on secured, persistent connections that enable endpoints to better detecting vulnerabilities, defending endpoints, and achieve greater resilience overall.
 

What is Cyber Resilience and How Can You Achieve It?

What Is Cyber Resilience?
As the cyberthreat landscape darkens each day, the term, cyber resilience is increasing in importance.
A cyber resilient company is in the best position to prepare for, respond to, and recover from a cyberattack. Being resilient, however, means much more than attack prevention or response. A cyber resilient enterprise can continue to function during an attack and is agile enough to adapt and recover from the incident.
While a protection-focused approach may have worked in the past, today’s enterprise must now move to adopt a strategy that is based more on endpoint resilience which, beyond protection, emphasizes adaptability, exposure reduction, information gathering and discovery.
Cyber resilience transcends technology and can protect the interests of everyone involved, including the C-suite, staff, shareholders, and the board of directors.
Resilience comes down to having a self-healing capability. Think of it this way: if your company must rely on an external source to resurrect you, then you can’t call yourself resilient. Only those organizations with a self-healing property (being able to recover without human intervention) can be truly classified as resilient.
Ultimately, if the organization has its eye on becoming more resilient, then it must incorporate technologies with the capacity of self-healing. Running around putting things back together isn’t the preferred state of a resilient enterprise.
Self-healing: The Only True Resilience
In the hardware world, we buy and deploy redundant systems: multiple firewalls, routers, switches, clouds, and cables. We do this because we expect our hardware defenses to fail; there’s even a name for it: “failover”. The other term used often is High Availability, which just means more hardware deployed for failover.
In the software universe, the equivalent is resilience. But unlike hardware, you can’t just have clones of the same tools, controls, apps, and agents that play understudy to the primary control. When the primary control fails, the clone steps into the spotlight is not an idea that exists with software.
So, enterprises need to rely on resilient software controls, apps, and agents. But the only way you can claim you are resilient is if you have a self-healing capability. Without it, you don’t have the replacement, so there is no failover. It’s a crack in your security fabric.
It All Starts With A Framework
While this resiliency may sound daunting and difficult to achieve, thankfully there is an existing framework from which the enterprise can leverage to improve their resiliency. The NIST Cybersecurity Framework (NIST CSF) outlines specific actions that organizations can perform to see success in their cybersecurity programs.
Related: See Everything With the NIST Cybersecurity Framework
The five pillars or actions of the NIST CSF are:
IDENTIFY

Identify each endpoint for a comprehensive inventory
Identify authorized and unauthorized hardware and software
Prioritize endpoints based on classification, criticality, and business use
Benchmark device controls against security standards and policy
Quantify risk based on device vulnerabilities and exposures
Catalog device, data, user, and application relationships across the end point population

PROTECT

Gain physical access control and geofencing for distributed endpoints
Freeze, delete, and wipe devices through remote commands
Enable secure remote access systems (e.g. VPN) on all endpoints
Validate and restore encryption for at-risk data
Automate validation for data integrity in software, firmware, and cloud storage apps
Control communication from endpoints to the corporate network or domain
Authorize telemetry analysis and remote command for maintenance and repair

DETECT

Establish baseline behaviors for users, data, devices, and applications
Unify asset intelligence across the device population
Monitor user activity and enforce role-based security controls
Score high-risk users with access to sensitive data
Access geo-tracking and user-device awareness
Detect and log configuration changes

RESPOND

Utilize dynamic remediation and control changes
Perform role-based access control for in-console response commands
Deliver continuous device logs and forensic documentation
Isolate a device or group of devices for containment
Push control changes to prevent spread of detected compromise
Command hotfixes to mitigate indicators of exposure (IOEs)

RECOVER

Enforce policies within device controls
Monitor device use and locally accessed sensitive data
Control incident investigations, digital forensics, and documentation
Augment and push new controls for endpoint hygiene
Access documentation instantly for continuous improvement to endpoint hygiene and data protection

A Blueprint for Resilience
Each focal point of the NIST CSF is designed for resilient cyber defense and protection and aims to ensure data confidentiality, integrity, and availability. Much of the work that’s needed to be resilient is simply doing the basics: patching, strong authentication, control monitoring, etc.
What’s practical about something like NIST CSF (or CIS Top 20 or ISO or any others for that matter) is that it is a blueprint. Just like a blueprint to a building, the CSF is like having the architect’s plans for a well-engineered structure.
With NIST in particular, the goal is resilience —especially in the protect and recover sections. The Protect (initial resilience) and Recover (learn and grow more resilient) steps are emphasized as the target/goal.
Learn more about Absolute Persistence technology. With it, IT and security teams get an unrivaled view and command of their device population to enable data protection and improve security posture — all through automated endpoint hygiene.
 

Loading

Categories