Cybersecurity has always been challenging, but with the cloud becoming more complex, the Internet of Things more advanced and remote work more embraced, security and endpoint management face a host of new challenges. Experts weighed in on the subject at the recent Syxsense Synergy event.
Jump to:
The Syxsense Synergy event last week featured a range of analysts, end users and company spokespeople with a central theme of the convergence of endpoint management and security – two areas that have traditionally remained apart. That separation is no longer feasible, however, due to rising complexity via the cloud, the ever-advancing Internet of Things, remote and hybrid work, and the surge in cybercrime effectiveness.
According to a recent survey by the Enterprise Strategy Group, the average user now has as many as seven devices – when you take into account office and personal use. That same ESG survey found a correlation between the number of security and endpoint management tools used in an enterprise and the volume of breaches. Six percent of organizations had fewer than five tools in use, 27% used 5 to 10, 33% and used 11 to 15. The rest used more than 15 tools.
“Those with the most tools were found to have suffered the most attacks,” said Gabe Knuth, a senior analyst at Enterprise Strategy Group. “That’s why there is a growing need for the convergence of the security and endpoint management groups within organizations to address attack surface management, vulnerability protection and automated remediation.”
SEE: Report: Too many enterprises have shadow IT – unlocked doors with no cameras (TechRepublic)
Lack of security, endpoint management tool training increases risk
This doesn’t mean that security and endpoint management tools are bad. Ashley Leonard, Syxsense founder and CEO, believes that a big reason for the correlation between the quantity of attacks and the number of tools is lack of training.
“If people are not properly trained and grooved in on their endpoint and security tools, you are going to find devices and systems misconfigured, not maintained properly and with critical patches undeployed,” said Leonard. “Training is vital, but it is much easier to train people on a single tool,” he added.
Accordingly, his company has brought patching, vulnerability scanning, endpoint management, mobile device management, zero trust and automated remediation into one platform. By converging functions, there are fewer gaps in coverage and the organization gains the ability to respond faster and more effectively to threats, Leonard said.
SEE: For credentials, these are the new Seven Commandments for zero trust (TechRepublic)
Endpoint management, security convergence challenges
ESG research highlights, however, that there are definite barriers standing in the way of convergence.
Some organizations are blocked by existing reporting and organizational structures that cling firmly to old ways. Separate endpoint management and security teams report on different channels. The CIO or CTO might look after one team while the CISO looks after another. Such structures may resist consolidation.
Similarly, some teams are organized by device type only: one group looks after PCs or laptops, and another takes care of smartphones. Budget structures, too, may stand in the way.
“Some organizations prefer to keep things the way they are and avoid disruption of end users,” said Knuth. “In my experience, it is more successful when teams work closely together.”
Automation and convergence
Yet adding many endpoint and security functions into one tool only works if everything is integrated.
“The more you can automate, the quicker you can respond, which frees up resources to work on strategic activities,” said Leonard.
He gave an example of patch management to highlight both the importance of automation and the degree of complexity that exists in the workflows utilized by different tools. Patches need to be tested, but that testing must be done rapidly if a security flaw is going to be handled before a breach takes place. Patch deployments need to be carried out in stages, starting with only a few devices to verify that nothing breaks – Leonard cited instances of Microsoft and other updates crashing endpoints and applications.
Once a few patches have been deployed successfully, roll them out to a larger group, he advised. This group should not be too extensive. It should include representatives from IT, finance, marketing and other groups within the organization to make sure that everything continues to perform effectively. From there, the deployment can scale up, taking into account the capabilities of the network. Automated endpoint and security tools should be able to automate these steps and verify safety every step of the way.
“Most endpoint and security tools don’t include this kind of automation or compliance reporting about patch deployment and vulnerabilities remediated,” said Leonard.
Convergence is inevitable
Ongoing trends in IT and cybersecurity make convergence inevitable, Leonard said. The more tools you have, the more risk there is of errors and the greater the likelihood of cyberattackers finding a chink in the enterprise security armor. The more simplicity and automation that can be introduced, the lower the risk.
Dave Gruber, an analyst at ESG, concurs.
“Convergence of endpoint management and security is an observable macrotrend,” he said. “The better you can coordinate functions such as attack surface management, asset discovery, vulnerability assessment and vulnerability remediation, the easier it is to prevent malware from getting in and the simpler becomes the security job,” he added.
Read next: Patch Management plays a critical role in layered endpoint cybersecurity