Category: IT Asset Management

The Apple MacBook Pro Recall: What You Need to Know and What Absolute Is Doing to Speed Up the Process for IT

Life happens and things go wrong. We get it. Technology is one area that, when things go wrong, the impact can be particularly painful. By its very nature, technology is unpredictable, so you can’t eliminate every challenge. But you can be prepared for a swift response to minimize the pain.
The recent Apple recall on the batteries used in 15-inch MacBook Pro units sold between September 2015 and February 2017 is yet another reminder that modern work life is fallible. It’s also  reminiscent of the 2017 Samsung Note 7 fires that were the result of a battery issue, and let’s not forget HP in 2018 and Lenovo in 2014. The point is, recalls happen across the industry.
In Apple’s recent case, they determined that, “in a limited number of older generation 15-inch MacBook Pro units, the battery may overheat and pose a fire safety risk.” The recall was quickly followed up with a FAA ban on the laptops which then caused airlines to ban travelers from bringing them on flights either as cargo or in carry-on baggage.
So, imagine my surprise when I showed up at the airport last week and was asked to surrender my MacBook to an airport locker in order to board my flight. It got me thinking …shouldn’t enterprise IT teams have a way to quickly know and identify if any of their corporate-issued laptops are on any recall list? I, for one, am not about to hand over my laptop to any airline representative, security agent or otherwise. It’s almost 2020 – our focus as a cyber industry needs to shift to enabling IT and security teams with swift information, an “easy button” in managing their device fleets and above all, resilience.
The Power of Resilience
Minimizing potentially painful technology issues starts with full visibility into every endpoint in your fleet, where they are, and who they are assigned to. Armed with this information, you can alert your users and if need be, let them know their devices need to be replaced.
This is endpoint resilience.
With the MacBook recall, the proposed ‘fix’ from Apple is to visit a website and manually input every serial number to find out if it has been affected. Not ideal.
How to Take Swift Action on the Apple MacBook Battery Recall
Enterprise IT and Security teams need to be able to quickly look across their full inventory of device vendors, easily check for any recalled devices, and generate a report on make and model of devices, serial numbers, and the location of those devices. What they need is an ‘easy button’ for when situations like this arise.
This is just one way Absolute supports our customers. Using the Absolute console, it’s easy to create a bespoke report that inventories your fleet of devices – make, model, serial number, location, and recall status. In light of the recent Apple recall, we’ve done it for you to save you the time it would take to go through the complex process of having to sift through your device fleet or visit a website to add hundreds if not thousands of device serial numbers.
To find out if you have affected devices, Absolute customers should go to their Reports page. You will see the ‘15-inch MacBook Pro Battery Recall – Affected Devices’ report in the ‘Custom’ section.
And if you’re not yet an Absolute customer, reach out. We’re here to help.

4 Recent Data Breaches that Originated on the Endpoint

It’s estimated that by 2020, the global spend on IT security is predicted to total a staggering $128 billion. However, while companies are spending more and more of their IT budgets on security to safeguard their endpoints, data breaches originating on the endpoint are growing in frequency and severity. 
A study by Ponemon found that two-thirds of companies were compromised by attacks that originated on their endpoints in 2018. These attacks can be devastating to an organization in terms of fines, reputational damage, lawsuits, and irreparable damage to customer trust. Separately, the 2019 Cost of a Data Breach study, also from Ponemon, found:

$3.92 million: Average cost of a data breach
25,575 records: Average size of a data breach
$150: Average cost per lost or stolen record
279 days: Average time to identify and contain a breach

When IT security spending is increasing, why are endpoint attacks still so common? A new primary research study by Absolute discovered that a lot of security spending is done in vain since the efficacy of endpoint security tools diminishes significantly over time — unless those tools are deliberately controlled to improve endpoint resilience. 
Endpoint security is endpoint resilience. The spend levels indicate that there is no scarcity of tools and controls to help make these things safe. The problem is that those things are not naturally resilient. On the contrary they are fragile. The door is ajar and the compromise happens not because there are no guards, but because the guards got into a turf battle with one another, got wounded or killed, and then the main goal of keep-the-real-enemy-away was lost. They fight, they conflict, they collide, and where there is friction there is decay. This zero-sum competition reveals how lacking in resilience they are—they can’t stay there.
Avoidable Data Breaches
Results from Forrester’s latest security survey found that 15 percent of breaches are still caused by lost or missing devices. With one laptop stolen every 53 seconds, it is wise to ensure you have measures in place to prevent putting your data at risk. Let’s look at four recent breaches that originated on the endpoint to examine what you could do now to avoid a similar fate.

Eir: Stolen laptop had been decrypted by a faulty security update the previous working day.
Raley’s: Stolen laptop. Company could not confirm that encryption was in place.
Health Plan: Stolen laptop. Company could not confirm that encryption was in place.
Government of Canada: Stolen laptop was a new device. The encryption process either failed or was missed.

Irish telecom company, Eir leaks data of 37,000 customers
In August 2018, the data of 37,000 customers of Ireland’s largest telecom provider, Eir, was compromised when an unencrypted device was stolen from outside an office building. The laptop contained personally identifiable information (PII) including names, email addresses, phone numbers, and Eir account numbers. The laptop had been decrypted by a faulty security update the previous working day.
Because of the nature of the breach, the company was forced to report the incident to the police as well as the Data Protection Commissioner. Under new European GDPR rules, companies face higher fines and punitive action for losing or misusing customer information.
Stolen laptop exposes data of 10,000 Raley’s customers
In September 2018, Raley’s experienced a data breach affecting 10,000 pharmacy customers. The data on the laptop included patients’ first and last names, gender, date of birth, medical conditions, healthcare plans, and identification numbers, prescription drug records, and Raley’s Pharmacy visit dates and locations. Raley’s could not confirm whether the data had been accessed or misused, nor could they confirm if encryption was in place.
The company responded quickly to notify authorities, the press, and the people affected and has since put encryption in place added encryption to all laptops.
Stolen laptop compromises Houston’s Health Plan
In February 2018, a laptop stolen from an employee’s car may have contained PHI records of the city’s staff, including names, addresses, dates of birth, social security numbers, and medical information. The organization couldn’t tell if data was accessed or if encryption was in place, so they had no choice but to treat the incident as a data breach.
It took 21 days for the City to notify police. Generally speaking, any delay in notifying authorities about a breach is not looked on favorably by the regulators who reward quick, decisive action.
Stolen laptop exposes health data of 80 percent of NWT residents
In May 2018, a laptop was stolen from a locked vehicle in Ottawa, Ontario containing protected health information (PHI) of 33,661 residents of Canada’s Northwest Territories. The data included names of patients’ names, their birth dates, home communities, healthcare numbers, and, in some cases, medical conditions. The stolen laptop was a new device so the encryption process either failed or was missed.
Officials waited over a month before disclosing the breach publicly, and the department now faces stricter rules around remote workers and removing devices from the confines of the physical office location.
These examples show how easy an unnecessary breach can occur. There is a common thread across all of these cases — a lack of endpoint visibility and an inability to prove that:

All security technology was in place and functioning at the time the device went missing
No data was accessed post incident
The device was remotely disabled and all personal data was deleted

If you don’t have visibility into your devices, you must presume that the data on that device was breached and follow the relevant breach notification processes in your industry or region.
Back to Basics on Endpoint Security
According to the 2019 Endpoint Security Trends report, when it comes to endpoint security, less may, in fact, be more. This is reflected in wider industry trends as IT and security and risk professionals focus on streamlining and simplifying when it comes to securing their organizations’ data.
We need to get back to the basics of cybersecurity and hone in on the three ingredients for ensuring data protection at scale — people, process, and technology.
To learn more about the inevitable decay of endpoint security tools and what to do about it, read the full 2019 Endpoint Security Trends Report.

Secure More, Work Less

As digital transformation initiatives drive more hi-tech processes and connected devices, the threat landscape is more like a thicket, and IT security teams are already stretched. Device fleet security is already a heavy lift; the clever cybercriminals and skyrocketing vulnerabilities, that’s just a bonus (in reverse).
The Need for ML and AI
Mounting cyber risk is a global concern — the 2019 CEO Imperative Study from Ernst & Young shows CEOs now believe cybersecurity is the top threat to the global economy over the next five to ten years. And the rising cybersecurity skills shortage, as well as potential career burnout by existing IT security staff, makes this an international emergency.
In response to cyber fragility and the need for more effective IT operations, we recruited machines to help us meet this challenge—machine learning (ML) and artificial intelligence (AI). In a report from Capegemini, 69% of executives believe AI will be necessary to respond to cyberattacks and 73% of enterprises are testing use cases for AI for cybersecurity.
In a recent Forbes magazine article, Why AI is the Future of Cybersecurity, Absolute’s CTO Nicko van Someren puts it this way:
“It’s no surprise that Capgemini’s data shows security analysts are overwhelmed. The cybersecurity skills shortage has been growing for some time, and so have the number and complexity of attacks; using machine learning to augment the few available skilled people can help ease this. What’s exciting about the state of the industry right now is that recent advances in machine learning methods are poised to make their way into deployable products.”
The Power of Automation: Absolute Unveils New Updates to Enterprise Resilience Edition
As ML and AI balance the workload and improve response to cyber threats, automation is also the key to endpoint resilience. The Absolute Reach Library — the query and response capability in the Absolute platform —enables IT automation with 118 ready-made commands in the most recent release of the Absolute platform. Nothing is out of reach (pardon the pun), allowing IT and security teams to command any device anywhere, on or off the corporate network.
New Reach ready-to-use workflows introduced this week simplify security policy deployments and remotely manage your devices, including:

Windows Update Command: Pinpoint vulnerable devices with pending or failed Microsoft OS updates
Automated Log Analytics: Detect initial signs of endpoint security exposures and potential incidents by automatically discovering frequent and common issues from event logs
Windows Configuration Enforcement: Audit Windows features and local accounts on devices, as well as modify settings to maximize energy savings and ensure an optimal and consistent user experience

Absolute has also rolled out new Live Chat Support to give enterprise IT and security teams the consumer-like experience to realize endpoint resilience — no tickets, no email, no toll-free numbers. On-demand chat support removes the dependency on outdated modes of technology support, ensuring Absolute customers receive real-time answers and information, so they can focus on their organization’s resilience.
And there’s one, more thing… Policy is the bedrock of any security program. Because at its core, policy says, “This can do that. That cannot do this”. So, Absolute made policy simple and easy. With changes to your Absolute policy groups, you can swiftly and fluidly direct devices to dynamic policies without cycles of enroll/unenroll/reenroll that wastes valuable IT time and brain power.
Read: Creating an Information Security Policy That Works
With easy to manage and staggering speed, IT and security teams get the bedrock protection they demand (airtight policies), without the grind of manual cleanup.
Today’s threat landscape requires the automation of updates, patches and security policies in real-time. Short of that, exposures become exploits and endpoint resilience is lost.
Learn more about Reach and how Absolute enables IT to remote manage devices and seamlessly and fluidly apply and adjust security policies to any endpoint or group of endpoints.
 
 

Managing and Securing the Digital Classroom

The use of technology in classrooms has revolutionized the learning environment for both teachers and students. It democratizes education by allowing a greater number of resources to be available to a wider range of students. Textbooks are being replaced by digital devices and virtual classrooms, expanding the idea of the ‘classroom’ and enabling teachers to shift the education model to help students develop the skills needed for the digital future.
While there has never been a doubt that technology is beneficial to learning, there was less certainty about how to manage and secure the devices used by students. Heightening the situation, school districts usually operate with lean IT teams and limited budgets, leaving two big challenges to be solved:
1) how can schools rationalize and maximize technology budgets; and,
2) how can they ensure their technology is safe for students, educators, and staff?
Growing Budget and Keeping It
Finding the funds for technology in an already overburdened budget isn’t easy. Most school administrators know the key to securing funding is found in the results or strong learning outcomes. If students learn more, faster and with greater efficiency, digital classrooms are a no-brainer. The hurdle, however, is translating exactly how technology supports improved student learning and then communicating that fact with credibility.
In education, as is the case in every other industry today, data is required to make a strong business case for increased resources. Detailed student technology analytics is a key component to understanding device use and correlating that use to improved academic performance. Data provides you with the foundation for solid decision-making as well as a way to justify ROI and secure further budget. School boards and other stakeholders want to invest in technology for learning, but schools must prove that they are good stewards of that investment in order for it to continue.
Protecting At-Risk Devices and Data
With new technology comes added risk, including major data privacy concerns. Cybersecurity is now the number one priority for K-12 IT teams according to the latest K-12 leadership survey by COSN. In fact, there have been 479 cybersecurity incidents during the last two to three years, and schools with known one-to-one programs are often targeted by thieves. Kids themselves are also increasingly the victims of theft as they walk to and from school, or even within the school grounds.
In addition, students regularly lose or misplace devices which can lead to exposed sensitive information and/or unauthorized access to the school network. The theft or loss of a device has many repercussions. A stolen student device, school-owned or BYOD, greatly impact that student’s learning ability, as device replacement through insurance can take up to eight weeks.
Within K-12 specifically, the need to ensure that the content accessed by students is also sanctioned. If not adequately protected, the information contained on or accessed through these devices could pose threats that lead to data breaches and fines by the ICO.
Safe, Smart, Secure Schools
In order to sustain digital classrooms, technology must be managed and secured regardless of form, factor or operating system. In our highly mobile environment with devices continuously on-the-move and off the school network, persistent visibility and control is no longer a nice-to-have. It’s a must.
Read: Better Device Security in 3 Steps for Education
With one single solution, IT should be able to determine the status of each device, manage typical IT maintenance requirements, and take immediate security actions when required. This streamlined, automated management option not only provides important security but also improved operational efficiencies that can cut down on hundreds of IT hours.
It may seem like a steep curve, but it is possible to support the shift to digital learning while also helping to protect school districts’ investment in technologies. Absolute’s Persistence technology is embedded in the core of devices at the factory, providing a reliable two-way connection so that education organizations can confidently manage mobility, investigate potential threats, and maintain the safety of students who use these devices. Student Technology Analytics allows schools to prove the positive impact of technology to secure continued investment and ensure no student gets left behind.
It’s an exciting time to be an educator. Learn more about how Absolute is uniquely positioned to help manage and secure your Edtech investment in the IDC commissioned report, Student Technology Analytics: How K-12 Leaders Make the Case for Better Technology in the Classroom.

2019 RSA Conference Takeaways

RSA Conference (RSAC) is a true reflection of the information security industry: the one constant is change. Attendee numbers grow each year, vendors come and go, and the over-arching event theme changes with the times. 2019 was my fifth consecutive RSA Conference and even in those few years, I’ve seen a significant shift in the conference tone, and our industry as a whole.
Ease of Use
A few short years ago, RSAC reflected everything cloud. What is it, what are its advantages and disadvantages and of course, what were the risks? From cloud, conference goers moved into talk about automation, orchestration and threat detection. How could InfoSec practitioners rely on security tools to find and address the overwhelming number of threats out there?
Then came the shift to data. There was, and continues to be, much talk (and a whole lot of FUD) around big data, data analytics, artificial intelligence, and machine learning. Many of us are still trying to sort out how these important data-centric approaches fit with and aide security efforts.
This year, conversations shifted from ‘the what’ of risk to ‘the how.’ And for many, the desire is ease.
There was much less evidence of the-world-is-a-scary-place (think shady hackers in hoodies) and your only hope is dependence upon some cool new widget. Instead, this year, we saw a transition to a call for simplification: reduce complexity to increase security.
Zero Trust Model
One important sub-topic to this year’s conference was zero trust. How can you reduce complexity and improve security using the assumption of zero trust?
Zero trust is the notion there is no trust within your environment across networks, devices, people, applications and, at the center of it all, your data. Data doesn’t trust your device or any other element and conversely, none of the other elements trust the other. At the foundation of zero trust is the assumption that trust is a vulnerability – authentication must take place before trust can be issued.
In my conversations with analysts, Absolute customers, and many other buyers and sellers of security products, the topic of authentication and conditional access came up time and again. Conditional access is a computation that asks questions about worthiness. For example: yes, this user is who he/she says she is. Or, yes, this device is in fact where it should be…
Authentication has its challenges certainly but, in the case of endpoints, you must start with accurate, contextual asset intelligence. You can’t authenticate what you don’t know you have.
Read NIST Cybersecurity Framework: First, See Everything
Asset intelligence is Absolute’s role in this approach; we help orchestrate the zero trust dynamic at the endpoint. Our solution is already embedded in much of the hardware out there today and our platform supports application and security control persistence. Are all of your elements enabled and working? We provide IT with that information quickly and automatically.
Likewise, nearly every RSA vendor also has a role to play in the zero trust approach. Standing on the packed show floor, you got a strong visual of how different vendors approach and provide the authentication that goes to worthiness. Collectively then, you could ask yourself, how could these different tools work together to authenticate access. Most important to the conversations this year at RSAC, was how can IT maximize all of the tools they use to authenticate, secure, and provide confidence (and documentation) that they are all working for the betterment of your organization’s security posture?
RSA is known for bringing together many different perspectives that then drive compelling conversations around the problems we can solve together. This year didn’t disappoint. Effectively solving security issues while also reducing complexity for our IT teams will continue to be a focus in the year to come.
To learn more about how to increase your visibility and control over your endpoints and reduce your risk, read the 2019 Endpoint Security Trends Report

Expert Tips to Protect Personally Identifiable Information (PII)

Protecting personally identifiable information (PII), while staying audit-ready for a growing number of state, federal, and global data privacy regulations is no easy task for IT teams. While the goal feels frighteningly out of reach at times for many organizations, there are a few back-to-basics data privacy tips that can help you stay ahead of the long chase.
3 Tips to Protect PII

See everything. Reducing your risk exposure starts with comprehensive IT asset management. But when mapping out your long list of IT assets, keep in mind each one represents far more than the visible machine. Beyond the basic hardware, you must consider how the asset encompasses not only devices but also data, apps, and users. Taking it one step further, identify all asset locations, how they’re being used, and by whom.

Read Why IT Asset Management is key to Data Security

Analyze the risk. PII is spread across more endpoints than you think. To identify all the pockets where sensitive data resides, use lexicographic crawling — the equivalent of Google for all of your endpoint data – that will alert you to any data hiding out there in dark corners. This step sees you transitioning from a mindset of traditional IT asset management to one of embracing assets as providing an intelligence service for your organization.
Apply rapid response. You need the ability to find data for individuals who request you delete it, for regulators who require proof of protections, and validation that you are mitigating exposures quickly and, of course, before hackers can gain unauthorized access to it. Make sure you can reach any device with fine-tuned commands to restore privacy protections and meet applicable legal requirements that demand proof of protections and validation that you are mitigating exposures quickly.

Data privacy is continually growing in urgency as hackers get smarter and change their tactics, and global laws – like GDPR – are being created and enforced. So, how should your organization stay on top of this evolution?  Promote a strong data privacy culture across your organization and maintain vigilance over your data privacy strategies.
For more information and expert tips on how to improve your organization’s data privacy efforts, watch the next episode of our Cybersecurity Insights video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.

Video Transcript:
Welcome back! Josh here from Absolute. In our last episode, we looked at the latest in data privacy. Now, let’s consider how to maintain privacy with confidence.
In 2018, 33% of successful attacks targeted personally identifiable information.
At the same time these criminals are doing their thing, data privacy regulations are popping up all over the world.
You’re trying to win the battle on two fronts: defeat would-be attackers and stay audit-ready for regulators. That’s hard.
But here are some tips to meet the challenge for your IT and security teams.
First, see everything. Try to think of IT assets as more than just machines – physical or virtual – and consider a new definition of ‘asset’ that embraces devices, data, users, and apps.
Start by pinpointing all the places these assets are and how they’re being used.
This moves us away from run-of-the-mill IT asset management into a mindset that sees asset management as an intelligence service for your organization.
Having scooped up all that asset intelligence, let’s identify all the pockets of sensitive data.
Now that we can see the landscape, we need to start crawling through the assets to find sensitive data.
The preferred technique is called lexicographic crawling, because the crawler is continuously looking for key data markers like names, addresses, phone numbers, and other personal identifiers. When you get a ‘hit’, you know where the data is camped.
Now that we’ve located sensitive data, we move on to our next step: analyze the risk.
By assessing the risks that are unique to your organization, you’re able to rationalize which follow up actions are needed based on risk tolerance, instead of assumptions or intuition.
This brings us to the final step for protecting data privacy: rapid response. Most of the legal requirements demand proof of protections and validation that you are mitigating exposures quickly.
We need the ability to REACH any device with fine-tuned commands to restore privacy protections.
By automatically regenerating controls, apps, or agents when they’re disabled, you’re positioned to thwart the criminals and bring smiles to the faces of regulators, auditors, and most of all…those individuals whose data you have.
Protecting privacy is a moral concern because it has the potential to cause harm to real-life people, but with the steps we’ve outlined here, you can be audit-ready and withstand the onslaught of cybercriminals.
Pull every asset into view, crawl for sensitive data, analyze the ‘hits’ for risk, and respond in an instant to restore protection.
Be sure to subscribe and don’t hesitate to drop your comments below. I’ll see you next time!
 

The Importance of the CMDB

A Configuration Management Database (CMDB) is the core of ITIL processes. CMDB is a database of information related to all the components of an information system; it contains information about the configuration items (CI) in the IT infrastructure. CIs can be hardware, software, personnel or documentation. As it relates to IT Asset Management, a CMDB is a comprehensive ‘map’ of your entire IT, helping you to keep track of the state of endpoint devices, software and data, useful to detection and response to security incidents.
The CMDB describes CIs using three configurable attributes: technical, ownership and relationship. In plain terms, the CMDB is like the index for the components in the IT environment, helping understand their attributes, relationships and configurations. A key success factor in implementing a CMDB is the ability to automatically discover information about the CIs and to track changes as they happen. CMDBs are important in IT decision making, allowing users to identify dependencies among processes, people, applications and IT infrastructure to find opportunities for change, faster resolution of incidents fewer errors and more.

Unlike a traditional database, the CMDB pulls in data from other sources in such a way that original sources retain control of said data. The CMDB can help you understand data in an organized way, examining it from a multitude of perspectives. According to the ITIL recommended specifications, there are four tasks involved in configuration management:

Identify the CIs to be put in the CMDB
Control the data so that it is only changed by authorized individuals
Ensure the current status of incoming CI is always recorded and updated
Maintain data accuracy through audits and reviews

A CMDB may be accessed by many individuals, so many companies find it useful to make it more user-friendly by adopting a web interface.
How to Automate Your CMDB (Configuration Management Database)
Automation is the name of the game for IT teams struggling to keep up with a range of seemingly countless manual tasks. Some of these tasks are tedious and others are increasingly complicated as companies push toward digital transformation. Asset management is one area where IT is finding success with the automation of time-consuming tasks, particularly in updating the Configuration Management Database (CMDB) for an accurate asset inventory.
Whether you call it a CMDB or not, everyone has ‘a list’ of company-owned assets. This includes hardware, software licenses, documentation and even personnel. Depending upon your organization, your CMDB may go so far as to serve as a map of all that is IT. More likely though, your CMDB is a static spreadsheet that lists devices and pre-loaded software given to a new employee on their first day.
CMDB in a Perfect World
In its truest form, a CMDB is a database of all configurable items in your IT infrastructure, including laptops, desktops, phones, printers, servers, and more. Going beyond a simple inventory of items however, the database should also include three configurable attributes for each item: technical details (including the software running on them), user information and the asset’s relationship with other people, processes and technologies in the organization.
An accurate, up-to-date CMDB can be thought of as the anchor of your IT asset management program. When done well, it should:

Provide you and any auditor who asks with an accurate, efficient, at-a-glance view of company assets, where they are, what they are running, and inter-dependencies on other organizational assets.
Serve as a financial tracker so you aren’t buying more of what you already have or aren’t using. It can also help leadership build out an organizational valuation.
Help you meet compliance requirements including GDPR, HIPAA and several other regulations related to personal data privacy.
Improve your security posture. Because you can’t secure what you can’t see or don’t even know you have in your environment, an up-to-date CMDB will give you the confidence that you are securing all of your endpoints. Pushing security updates to an outdated list of assets will leave you with many vulnerabilities.

The Trouble with Manual Updates
While CMDBs should outline what’s listed above, they usually don’t when updates are left to manual, human effort. Firstly, it’s simply too much to keep up with. Secondly, manual processes aren’t a solution for devices that fall off the corporate network. You can’t accurately inventory and monitor what you can’t even see.
Read more about: Cybersecurity 101
Automation is both an effective and efficient way to maintain an up-to-date CMDB, as long as the solution you rely on doesn’t require your endpoints to have a network connection. Another common challenge with most endpoint management solutions is that the health of the agent is not stable. If the agent you rely on is disabled or corrupt when a device is off the network, your visibility into that device is typically gone.
Employees, their devices, and the data that resides on them are always on the move; you need to be able to track the devices (and their security controls) as they travel. Manual effort toward this goal is time wasted, especially when you consider the numerous other tasks left undone while you are trying to keep an updated inventory.
To automate your CMDB, start with your assets. Learn more about how Absolute helps with Asset Intelligence.
 

 

What is Endpoint Management?

At a high-level, the definition of endpoint management is the process an organization undergoes to detect, provision, deploy, update, and troubleshoot its endpoint devices. Sounds simplistic, and it is.
What is an endpoint?
To get a good grasp of endpoint management, the first step is to ensure we have a solid understanding of what constitutes an endpoint.
An endpoint is essentially any remote device that sends and receives communications with the network to which it’s connected.
Endpoints can include:

Desktops/workstations
Laptops
Smartphones
POS Systems
Tablets
Servers

The critical issue surrounding endpoints is that they represent one of the key areas of vulnerability for businesses, and can be an easy entry point for cybercriminals.
Through endpoints, attackers may execute code and exploit vulnerabilities on and with our assets. Today, the workforce is more mobile than ever, with employees connecting to internal networks from outside the office and from endpoints anywhere in the world.
Read: Absolute Named the Leader in the G2 Crowd Grid® Report for Endpoint Management
Now that we’ve established the “what,” we can move on to the “why.”
Why is endpoint management so critical in 2019?
It all starts on the endpoint.
Perhaps the most pressing reason for endpoint management is that most successful breaches begin at the endpoint. In fact, according to an IDC study, the endpoint was the cause of 70 percent of successful breaches.
This stat is no surprise since endpoints represent all the devices connecting to your network. Therefore, if those devices are not well-managed, attacks can quickly morph from a brushfire to a widespread blaze.
Maintaining visibility and control of your endpoints is crucial.
Not enough resources to keep up
The definition of a secure endpoint has changed over the years and is much more complex in 2019 than it was even a few years ago.
New critical threats materialize all the time, and for most IT and security teams, it’s a constant struggle to prioritize the threats that can cause the most harm. When your company lacks sufficient visibility into potentially infected enterprise endpoints, vulnerabilities are patched haphazardly, leaving you more vulnerable.
It’s probably no surprise that in a recent Ponemon study, a mere 37 percent of companies surveyed said they had sufficient resources to minimize risk, despite 69 percent of them acknowledging that endpoint security risk has significantly increased.
Not your typical malware.
Attacks aimed at endpoints are hurtling toward us at an unprecedented rate. In 2019, the attackers are getting stealthier. Bad actors (hackers) may not be changing the strains of their attacks, but their tactics, techniques, and procedures are more sophisticated than ever.
Expect to see more zero-day attacks (where a security hole known to the software vendor exists without a patch in place to fix the flaw) this year. Another attack to watch out for is a file-less attack – which avoids downloading malicious executable files by leveraging exploits or launch scripts and macros from memory in order to circumvent detection by antivirus solutions.
The Ponemon study mentioned above, The State of Endpoint Security Risk, found that “76 percent of successful attacks leveraged unknown and polymorphic malware or zero-day attacks, making them four times more likely to succeed in compromise compared to traditional attack techniques.”
Risks of selecting the wrong type of endpoint management system
Investing in any security solution is a critical decision requiring careful consideration. Think about it – you’re going to be trusting the provider with your critical data. The team behind the endpoint management system you choose is essentially a partner that will help you secure all of your endpoints — preferably for the long-term. After all, who wants to go through the process of evaluating, rolling out, and deploying a solution more than once?
One of the most significant ramifications for choosing the wrong product would be if your endpoint management has promoted a false sense of security within your organization. Assuming you’re secure when you are not may be just as disastrous as not having a solution at all.
In your selection process, make sure the solution is easy to manage and isn’t too complicated. Anything with too much complexity may suit highly-trained IT staff, but most businesses don’t have the time or resources to navigate the choppy waters of an overly confusing management console.
The next generation of endpoint security
We’ve learned that what constitutes a secure endpoint has changed over time. As our endpoints also become weaker over their lifespan, the problem compounds. When you add bad actors to the mix, we have a recipe for potential disaster and an exponential curve downward toward decay.
The next generation of endpoint management is one of self-healing. OS manufacturers may make their operating systems more restorative, but they won’t be self-healing. Next-generation solutions will be organization-specific and customized to your business with its unique set of endpoints.
Read: Comprehensive Security and Why Self-Healing is Imperative
Now, where do I start with endpoint management?
Getting started with endpoint security is not simple, nor is it something you can do in a single day – it takes a lot of time, planning, resources, training, and practice to build a solid foundation.
To help you along, download our whitepaper: Four Essential Strategies For Endpoint Security And Protection.
To see how our endpoint management platform can work in your organization, request a demo or contact our sales team.

How L.A. Tourism Secures a Distributed Workforce

The structure of work is changing rapidly. Driven by technology advancement, a global economy and a constant push for more productivity, there is a fast-moving trend toward enabling a distributed workforce. A 2018 study by Upwork illustrates the prevalence of remote work:

63 percent of companies now have remote workers (homebound employees, partly homebound employees, freelancers and those that co-work)
48 percent of companies use freelancers and work done by freelancers increased 168 percent in one year
3 times as many people over the previous year believe offices will become temporary anchor points versus daily travel destinations

Remote work is already status quo for the Los Angeles Tourism & Convention Board. As the official marketing and sales organization for the City of Los Angeles, the L.A. Tourism inspires travelers around the world to visit L.A. for leisure, business, conventions, and events. The very nature of their business requires a highly distributed workforce. To do their jobs effectively, sales and marketing teams must be able to work collaboratively from every corner of the globe.
To accommodate out of office workers, the entire organization recently moved to a 100 percent mobile device fleet model. This enabled productivity but, as work increasingly gets done outside the corporate network, securing the devices and the apps and data that resides on them became exponentially more difficult. The organization knew they needed a comprehensive IT asset management program for full visibility, global asset intelligence, regulatory compliance, and lease management.
The Power of Absolute
By taking advantage of Absolute’s endpoint visibility and control platform, L.A. Tourism now has an unbreakable connection to their entire device fleet at all times. This level of visibility allows their IT team to know where their endpoints are located, understand when users drop off the network or the domain, or inadvertently change the device configuration. In addition, they now have enhanced levels of control that enable them to fix device issues remotely.
With the power of the Absolute platform, L.A. Tourism has a stronger security posture and increased team efficiency. The transparency and connection to the devices they use allows L.A. Tourism to better understand where their sensitive data is stored and prove compliance with data security standards and regulations.
Additionally, whenever a laptop is misplaced or stolen, or an employee or a contractor leaves the organization, L.A. Tourism’s IT team is now able to freeze the device to render it useless or wipe it clean remotely to protect any sensitive data that it may contain.
For more on how L.A. Tourism gained a clear view of their global endpoint population, download the full story: Red Carpet Event: L.A. Tourism Secures Endpoint Population with Absolute. For additional insight, learn practical guidelines for securing public sector data with the whitepaper, Implementing the NIST Cybersecurity Framework in Government.  

Why IT Asset Management Is Key to Data Security

Information security is a growing concern for many organizations and while the ways you access and protect your data continue to evolve, the reasons for it stay the same – your data is the driving force of your organization. To effectively protect it, you need visibility and control over all your assets.
IT asset management is the foundation of many risk management frameworks for good reason. Having an informed understanding of your IT environment – your expectations for performance, configuration, and behavior – across the complete lifecycle of your assets will improve not only your operational awareness but your security posture too.
It’s tempting to consider IT asset management as mundane work. And that would be true if your approach to it was creating a simple device register and then setting it aside for your next inventory audit. In reality, though, true IT asset management is your key to managing the explosion of devices and systems your organization is likely experiencing.
It also serves as your canary in a coal mine. A strategic IT asset management program will help you identify risk earlier in the event of a security breach and deliver a quick, effective response.
3 Objectives of an Asset Management Program
When thinking through an IT asset management program, it helps to first break it down into three primary objectives:
1.      Plan and organize your devices
Setup your asset management tools to reflect your organization’s plan. Consider all of your devices no matter whether they are on or off your corporate network. Then, document the purpose of each device. What business functions do they perform? How and where are they used? Who is responsible for them? Also, document the expected lifespan of each device including the refresh cycles, lease date or end of life warranty.
Last but certainly not least, determine whether or not it might hold or access sensitive, confidential information. If it’s to be used by the CEO or HR, for example, the answer is yes.
Establishing your expectations before you place devices in the hands of your end users ensures that you can detect and control unexpected changes as they happen, minimizing their impact and increasing your effectiveness.
2.      Keep devices visible and healthy
Developing and implementing your IT asset management plan ensures that you have a living baseline to measure your population against. With this knowledge, you can effectively monitor your devices’ performance, health, and risk exposure, and make informed decisions about changes to your environment.
Are your security applications working and up-to-date?  Users regularly delay patches, remove and/or disable applications, unwittingly putting the devices at risk. How are you able to identify the scope of unexpected changes in your environment and how can you address them at-scale when they occur?  What’s your action plan if a device is lost or stolen? How will you discover that it’s gone?
Also Read Lost or Stolen Devices: What to Do in 4 Steps.
3.      Retire devices
To have an effective IT asset management plan and a capable information security practice, you need to trust your data and ensure that the devices important to you are monitored and protected. This means that your devices need a retirement plan. Establishing a process for your devices’ end of life from the time they first enter your environment means that your devices are collected, secured, sanitized, and removed from your environment when the time comes. It also means that the information you rely on to make critical information security and IT operations decisions is accurate and the alerts you receive when something unexpected happens are real.
How will you manage device returns when employees leave or change roles? How do you manage timely and secure device end-of-life? How can you confirm that are they safely decommissioned from your organization? Having a process in place enables you to answer these questions.
As the population of devices your organization comes to rely on grows and the volume of data you hold rises, it’s critical you maintain visibility and control. Proactive IT asset management is how you accomplish that goal.
If you would like more information on how to effectively manage your growing number of assets across their lifecycle as well as how to deploy, manage, monitor, and decommission your IT assets using Absolute, join our webinar: Effective Lifecycle Management with Absolute.

Loading

Categories