5 Ways to Tighten Security with Endpoint Management
•Download as PPTX, PDF•
0 likes•647 views
In a world of BYOD and rapidly expanding mobility, securing and managing endpoints is more challenging than ever. This is confirmed, along with many surprising statistics, in a recent survey conducted by analyst Enterprise Management Associates (EMA). Join us for this 60-minute webinar where security experts Jason Forsgren and Eran Livne go over report highlights and share their insights on how to best address these challenges. All webinar registrants will get a free copy of the complete EMA research report.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to 5 Ways to Tighten Security with Endpoint Management
Similar to 5 Ways to Tighten Security with Endpoint Management (20)
More from Ivanti
More from Ivanti (20)
Recently uploaded
Recently uploaded (20)
5 Ways to Tighten Security with Endpoint Management
- 1. WEBINAR 5 WAYS TO TIGHTEN SECURITY WITH ENDPOINT MANAGEMENT
- 2. Expert Panel Jason Forsgren Product Manager Unified Endpoint Management Eran Livne Principal Product Manager Security
- 3. FULLY PREPARED TO SUPPORT ALL MODERN ENDPOINT MANAGEMENT REQUIREMENTS LAPTOP PCMOBILE DEVICE 35%70% 40% USE INSECURE METHODS OF SHARING COMPANY DATA PERSONALLY OWN THE DEVICES THEY WORK WITH 50% BUSINESS TASKS ARE PERFORMED OUTSIDE PHYSICAL WORKPLACE 5% © 2017 Enterprise Management Associates, Inc.
- 5. What are the biggest challenges of supporting end user productivity in your organization?
- 7. 48% 0% 10% 20% 30% 40% 50% 60% Metering software licenses Tracking assets and their use Achieving compliance requirements Reducing the cost of software Remotely accessing/supporting user devices Rapidly patching all supported endpoints Creating a consistent user experience across multiple device types Working with multiple independent management solutions Delivering common apps to a broad range of device types Supporting multi-device architectures Reducing the cost of IT management Ensuring data security © 2017 Enterprise Management Associates, Inc.
- 8. Which of the following security breaches occurred in the last 12 months in your organization?
- 9. 32% 13% 14% 14% 29% 32% 40% 50% 0% 10% 20% 30% 40% 50% 60% None of the above Internal company network security was breached Business data was transferred outside a company network A user device was rooted or jailbroken A user device was stolen A user device was lost A user downloaded a "trojaned" or malicious application A user device was infected with a virus © 2017 Enterprise Management Associates, Inc.
- 11. Only Security Only IT Security Alerts Privilege Management Server OS Patching Application Whitelisting Setting IT Access Control Panels Both
- 12. 1 2 3 4 Inventory Authorized / Unauthorized Devices Inventory Authorized / Unauthorized Software Secure Configurations for Hardware and Software Continuous Vulnerability Assessment and Remediation 5 Controlled Use of Administrative Privileges
- 13. “First 5 CIS Controls provide an effective defense against ~85% of cyber attacks” Center for Internet Security (CIS)
- 14. I NEED TO… BENEFITS …track devices in real time Monitor hardware and software usage over time …determine what devices are connected to my network and when Discover wireless access points to identify security vulnerabilities Inventory of authorized and unauthorized devices 1 2 3 4 5 You can’t manage, what you don’t know. Without an understanding of what devices are connected, they cannot be defended
- 15. Approximately what percentages of users in your organization regularly use each of the following devices? (Average)
- 16. 50% Use both PC & Mobile Device
- 17. Inventory of authorized and unauthorized software 1 2 3 4 5 …compile a comprehensive hardware and software Inventory across all OS Discover all devices. Know what you have, where it is, and how it’s used on all operating system types I NEED TO… BENEFITS …track from a single location Software inventory system tied to the hardware asset inventory so all devices and associated software is tracked from a single location …deploy application whitelisting Limit the ability to run applications to only those which are explicitly approved
- 18. What percentages of users in your organization regularly use each of the following devices?
- 19. 32% 24% 20% 4% 12% 5%3% Laptops Windows 10 Windows 7 Windows 8 Windows XP macOS Chromebooks Linux 36% 25% 24% 3% 8% 4% Desktops Windows 10 Windows 7 Windows 8 Windows XP macOS Linux © 2017 Enterprise Management Associates, Inc. 44% 43% 7% 2%4% Smartphone Apple iOS Android Windows 10 Mobile Windows Phone 7/8 BlackBerry 37% 25% 13% 12% 8% 5% Tablet Apple iOS Android Windows 10 Mobile Windows Pro 7 Windows Pro 8
- 20. How critical is support for Apple devices to the success of your business today, and how critical is it expected to be in the future?(Organizations supporting Apple devices, only)
- 21. 10% 7% 6% 6% 30% 31% 27% 27% 36% 36% 35% 26% 24% 26% 32% 41% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% current 6 months 12 months 2 years not at all critical somewhat critical critical very critical © 2017 Enterprise Management Associates, Inc.
- 22. Which of the following types of management platforms does your organization currently use and expect to use in the future for PC and mobile device management?
- 23. 27% 41% 57% 31% 33% 22% 21% 9% 7% 17% 11% 4% 5% 7% 10% 0% 20% 40% 60% 80% 100% Currently use Within the next year Within the next 3 years single unified management platform independent management platforms PC management platform only mobile management platform only None
- 24. Which of the following best describes your organization’s primary driver(s) for adopting a unified endpoint management solution? (UEM adopters only)
- 25. 13% 13% 16% 16% 19% 22% 31% 34% 41% 41% 47% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Simplify application delivery Consolidate user profiles Reduce management costs Improve workforce morale/rentention Achieve compliance requirements Facilitate data loss prevention Improve user experiences Increase workforce productivity Simplify device management Reduce adminsitration complexity Centralize management of security policies © 2017 Enterprise Management Associates, Inc.
- 26. I NEED TO… BENEFITS …build a secure image Build a secure image to build all new systems in the enterprise. Any existing system that becomes compromised should be re-imaged with the secure build. …use tools compliant with SCAP Use tools compliant with the Security Content Automation Protocol (SCAP) in order to streamline reporting and integration Secure Configurations for Hardware and Software 1 2 3 4 5 Secure configuration for hardware and software on mobile devices, laptops, workstations, and servers
- 28. I NEED TO… BENEFITS …patch operating systems Deploy automated patch management tools for operating system on all systems, even those that are properly air-gapped …patch third-party application vulnerabilities Automatic, ongoing, and proactive installation of updates to address software vulnerabilities Continuous Vulnerability Assessment and Remediation 1 2 3 4 5 Deploy automated patch management tools and software update tools
- 29. 20-36% Use manual / partly automated patch process
- 30. During an average week, how much administrator time is spent on each of the following tasks?
- 31. 25% 23% 22% 18% 20% 17% 10% 7% 8% 42% 30% 35% 41% 36% 33% 27% 28% 23% 29% 41% 34% 31% 33% 32% 41% 41% 38% 5% 5% 9% 10% 11% 15% 16% 22% 24% 2% 1% 1% 1% 4% 6% 3% 8% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Installing/configuring a new PC Installing/configuring a new mobile device Managing user policies/profiles Auditing IT Assets Patching/updating Distributing/publishing new software Troubleshooting user desktop problems Troubleshooting user application problems Ensuring data security little or no time some time average amount of time significant amount of time majority of time © 2017 Enterprise Management Associates, Inc.
- 32. I NEED TO… BENEFITS …remove unnecessary system rights or permissions Avoid local system or even domain administrator rights which might lead to misuse Controlled Use of Administrative Privileges 1 2 3 4 5 Ensure employees have the system rights, privileges, and permissions they need to do their job – no more and no less than necessary
- 33. 1 2 3 4 Inventory Authorized / Unauthorized Devices Inventory Authorized / Unauthorized Software Secure Configurations for Hardware and Software Continuous Vulnerability Assessment and Remediation 5 Controlled Use of Administrative Privileges 5 Ways to Tighten Security with Endpoint Management
Editor's Notes
- Let’s dive into the research highlights 70 percent of mobile device users and 35 percent of laptop PC users report they personally own the devices they use to perform their jobs 40 percent of surveyed end users report they regularly use insecure methods for sharing company data On average, 50 percent of all business tasks are performed outside the physical workplace Only 5 percent of surveyed organizations indicate they are fully prepared to support all modern endpoint management requirements
- The information we are reviewing today Research conducted by EMA on UEM surveying 100 respondents IT Directors and above Digital Workspaces Survey surveying 200 End users and 100 IT Managers Best Practices from the Center of Internet Security
- What are the biggest challenges of supporting end user productivity in your organization? A typical IT support organization must today support a minimum of four different operating environments, each with unique configurations, applications, services, and security protocols. the need to support multi-device architectures ranks among the top three challenges in supporting user productivity. the other two leading challenges (ensuring data security and reducing IT management costs) are directly related to multi-device support requirements. Q: why do you think ensuring data security increases in direct proportion to multi-device support requirements? Achieving security is difficult because each device architecture has its own set of constantly-changing vulnerabilities. Protecting business applications and data requires monitoring, authentication, encryption, resource isolation, and patching solutions all tailored to meet the exacting requirements of the endpoint devices from which they are being accessed. Similarly, the cost of IT management increases proportional to the number of device architectures in the support stack, as each requires dedicated tools and administrators specifically trained on their use.
- Question in report: “Which of the following security breaches occurred in the last 12 months in your organization? Security was repeatedly noted as a primary focus for IT managers across EMA’s survey results. In addition to being the most challenging to support, security was identified as the most time-consuming, the most difficult, and the most costly administration practice. Even with all this attention, organizations continue to experience significant breaches in endpoint security. More than half of all IT managers surveyed by EMA indicated they had to deal with a malware event (e.g., a virus infection or Trojaned application) in just the last year. Also, 45% reported a device was lost or stolen, which may have placed the company at risk if those devices contained any sensitive data or access to business services. In total, 68% of respondents indicated a security breach occurred in the last year, and these are just the ones they knew about. Far more insidious are security breaches that occur and are not detected by organizations simply because they lack the essential monitoring tools to enable risk management.
- Security wants everything locked-down and IT is user-oriented (freedom, ease of use). Competing philosophies. Operational Security – dictated by security, implemented by IT guys
- CIS is an example of a bridge of IT and security (requirements are security but highly operational)….good example to start “The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks. A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results … They were created by the people who know how attacks work - NSA Red and Blue teams, the US Department of Energy nuclear energy labs, law enforcement organizations and some of the nation's top forensics and incident response organizations.” https://www.sans.org/critical-security-controls
- The first 5 CIS Controls are often referred to as providing cybersecurity "hygiene," and studies show that implementation of the first 5 CIS Controls provides an effective defense against the most common cyber attacks (~85% of attacks). https://www.cisecurity.org/controls/
- This Control requires both technical and procedural actions, united in a process that accounts for and manages the inventory of hardware and all associated information throughout its life cycle” CIS Control 1 Inventory of Authorized & Unauthorized Devices This CIS Control helps organizations define a baseline of what must be defended. Without an understanding of what devices and data are connected, they cannot be defended. The inventory process should be as comprehensive as possible, and scanners (both active and passive) that can detect devices are the place to start. After an organization has accurately inventoried their systems, the next step is to prevent unauthorized devices from joining a network—this is where implementation of network level authentication excels. The initial goal of CIS Control 1 is not to prevent attackers from joining the network, as much as it is to understand what is on the network so it can be defended
- the average business professional regularly employs at least 2 computing devices—including desktops, laptops, tablets, and smartphones—to perform job tasks. Roughly half of all workers utilize both a PC and a mobile device in the course of a typical day at the office.
- CIS Control 2 Inventory of Authorized & Unauthorized Software The purpose of this CIS Control is to ensure that only authorized software is allowed to run on an organization’s systems. While an inventory of software is important, application whitelisting is a crucial part of this process, as it limits the ability to run applications to only those which are explicitly approved. While not a silver bullet for defense, this CIS Control is often considered one of the most effective at preventing and detecting cyberattacks. Implementing CIS Control 2 often requires organizations to reconsider their policies and culture—no longer will users be able to install software whenever and wherever they like. But this CIS Control, already successfully implemented by numerous organizations, will likely provide immediate returns to an organization attempting to prevent and detect cyber attacks. Deploy software inventory tools throughout the organization covering each of the operating system types in use.” “The software inventory systems must be tied into the hardware asset inventory so all devices and associated software are tracked from a single location” “Deploy application whitelisting…”
- Approximately what percentages of users in your organization regularly use each of the following devices? (PCs by platform)
- Approximately what percentages of users in your organization regularly use each of the following devices? We live in a multi-device world. According to EMA primary research, the average business professional regularly employs at least 2 computing devices—including desktops, laptops, tablets, and smartphones—to perform job tasks. Roughly half of all workers utilize both a PC and a mobile device in the course of a typical day at the office. While desktop and laptop PCs continue to be the primary resources for performing job tasks, increased requirements for supporting workforce mobility has led to the broad adoption and use of mobile devices as well. Q: what is your take on that and what does this mean from an endpoint and security perspective? Roughly half of all business tasks are now performed outside a physical workplace and beyond the control of secured networks. All of these factors conspire together to radically increase the burden of endpoint management requirements on IT support professionals. Less than a decade ago, organizations principally standardized endpoint environments on a single platform: Windows. Since then, the extensive adoption and use of mobile devices has not only exponentially increased the number of physical endpoints that need to be supported; it also broadened the number of operating systems that must be secured and managed. While Apple iOS and Android devices have consistently dominated the mobile market, Microsoft Windows has recently gained significant growth in the enterprise tablet market. Q: How do you see the impact of Windows 10 on organizations, … Much of this success can be attributed the introduction of Windows 10, which was architected to unify the operating system across all endpoint devices, allowing common applications to be used on different devices without any rebuilding or recompiling. EMA market trending analysis indicates Windows 10 tablet adoption is directly stealing market share from Android devices and is frequently employed by organizations that are purchasing tablets for their workers.
- Approximately what percentages of users in your organization regularly use each of the following devices? (PCs by platform)
- How critical is support for Apple devices to the success of your business today, and how critical is it expected to be in the future? (Organizations supporting Apple devices, only) While Windows 10 adoption has also been very aggressive in the PC market, the enterprise use of Macs has also increased (doubling since 2015), and the introduction of Chromebooks to many workplaces has only served to further increase endpoint heterogeneity. As organizations increasingly adopt Apple devices to accommodate user preferences and evolving business requirements, the importance placed on support for Apple devices is growing proportionally. 24% of survey respondents from organizations that manage Apple devices indicated support for MacOS and iOS platforms was “very critical” to their business success. However, respondents also indicated that that number can be expected to rise to 41% within the next two years. Comparing MacOS adoption rates with EMA research results from one year prior indicates the business use of Apple laptops and desktops has increased by roughly 40% in that timeframe. Additionally, iPhones and iPads continue to dominate the enterprise mobile management market. There is no indication that these trends are slowing down, so organization are increasing being pressured to provide more extensible support for Apple devices Q: What impact will this rise in Apple devices have on organizations and what should they take into consideration to better support, manage and secure their heterogeneous environments? This implies an expanding IT management challenge is evolving since organizations supporting Apple devices reported a greater-than-average difficulty in performing related management practices. This is indicative of the fact that MacOS and iOS platforms require specialized support resources that are not commonly included in management solutions that were principally designed to support Windows architectures.
- CIS Control 3 Secure Configurations for Hardware & Software on Mobile Devices, Laptops, Workstations, & Servers By default, most systems are configured for ease-of-use and not necessarily security. In order to meet CIS Control 3, organizations need to reconfigure systems to a secure standard. Many organizations already have the technology necessary to securely configure systems at scale, such as Microsoft® Active Directory Group Policy Objects and Unix Puppet or Chef. By utilizing configuration standards such as the CIS Benchmarks, most organizations can successfully implement this CIS Control. The consensus-driven CIS Benchmarks are freely available for most operating systems, middleware and software applications, and network devices. ”…building a secure image that is used to build all new systems that are deployed in the enterprise. Any existing system that becomes compromised should be re-imaged with the secure build” “…use tools compliant with the Security Content Automation Protocol (SCAP) in order to streamline reporting and integration.”
- Https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-37910
- CIS Control 4 Continuous Vulnerability Assessment & Remediation The goal of this CIS Control is to understand and remove technical weaknesses that exist in an organization’s information systems. Successful organizations implement patch management systems that cover both operating system and third-party application vulnerabilities. This allows for the automatic, ongoing, and proactive installation of updates to address software vulnerabilities. In addition to patch management systems, organizations must implement a commercial vulnerability management system to give themselves the ability to detect and remediate exploitable software weaknesses. “Deploy automated patch management tools and software update tools for operating system and software/applications on all systems ... Patches should be applied to all systems, even systems that are properly air gapped.”
- There can be no question that IT administrators are excessively busy supporting the constant barrage of end-user requests and business requirements. Among the many management practices, security accounts for the most administration time, with one-third of survey respondents indicating security tasks take a significant amount or the majority of administrator time to complete. should invest in a more robust monitoring, authentication, and risk mitigation platform to simplify support requirements and improve operational cost-effectiveness. Additionally, real-time response to security threats is essential to reducing or eliminating breach events. The longer it takes to identify potential risks and remediate security threats, the more likely it is that an attack will be successful.
- Eran: what are the security implications Jason: what are the challenges of running a machine without admin rights CIS Control 5 Controlled Use of Administrative Privileges This CIS Control ensures that workforce members have only the system rights, privileges, and permissions that they need in order to do their job—no more and no less than necessary. Unfortunately, for the sake of speed and convenience, many organizations allow staff to have local system or even domain administrator rights which are too generous and open the door for abuse, accidental or otherwise. The simple answer for CIS Control 5 is to remove unnecessary system rights or permissions. For larger organizations struggling with this task at scale, privilege management vendors can provide endpoint solutions to help lessen the administrative burden.
- Summary Tie into UEM Jason: discover – provide insight – take action with UEM solutions “The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks. A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results … They were created by the people who know how attacks work - NSA Red and Blue teams, the US Department of Energy nuclear energy labs, law enforcement organizations and some of the nation's top forensics and incident response organizations.” https://www.sans.org/critical-security-controls