SlideShare a Scribd company logo

REAL TIME ENDPOINT INSIGHTS

Accelerite
Accelerite

Accelerite Sentient helps IT administrators to find and fix critical security, compliance and configuration issues in the endpoint network within seconds. It gets real-time information across enterprise endpoints thus, classifies and presents the endpoint information obtained in visual and graphical format .

Technology
1 of 8
Download to read offline
Real-time Endpoint Insights Plugging an Important Security Gap There is a security gap with the way in which we secure today’s endpoints. This gap forces IT to work in a reactive manner, putting out the proverbial fires as they break out instead of being able to proactively monitor and manage based on information gathered and synthesized in real-time.
Organizations of recent have seen a rise in data breaches, disruptions and threats of malware attacks. Figure 1 shows the number of major data breaches and attacks that organizations have faced in just the three first months of 2016! Any delay in identifying vulnerabilities and threats due to potential security holes can have damaging financial implications. However, IT endpoint management and security still remains functional (e.g. patch deployment, configuration, etc.) dealing primarily with actions targeted towards a large set of endpoints as a monolithic activity that is far removed from the reality of each endpoint’s state. This functional view has largely been the essence of endpoint security and management for almost as long as computing endpoints have existed. JAN 25 FACC AG - email cyberattack activities - hackers steal $54.5M from Boeing supplier. FEB 8 University of Central Florida - 63K students’ SSNs exposed - $100K to notify potential victims. FEB 9 RubberStamps.Net - hackers gained access to order management system - 7K customers affected. FEB 29 UC Berkeley - hackers stole financial data of more than 80K UCB students and faculty members. MAR 10 Internal Revenue Service - identity thieves used stolen SSNs to generate IRS e-filing pins - 100K taxpayers affected. MAR 23 21st Century Oncology - cyber breach affecting 2.2M patients - results in class-action lawsuits. MAR 25 Verizon Enterprise Solutions - hackers stole and sold customer contact info - 1.5M customers affected. MAR 28 Systema Software -1.5M records compromised via Amazon Web Services - data remained exposed for 75 days. MAR 30 MedStar Health Inc. - Cyberattack forces computer system offline - attack caused by known security flaw. Introduction Figure 1: List of major data breach incidents (Q1/2016) - Source: Identity Theft Resource Center (ITRC) Data Breach Report
Traditional Endpoint Management and Security Systems Traditional computing endpoints – primarily PCs and servers – have been only recipients of changes that the IT administrators make on them based on the information they receive from various Information Sources (Figure 2). Supporting Information Sources in the context of endpoint security solutions is a matter of integrating with the right databases and security information brokers who have a list of latest vulnerability, threat and patch information – all valuable to maintaining and enhancing the security posture of any organization. Traditionally, corporate endpoints within the sheltered corporate “boundaries” – both physical and network boundaries – have been managed and secured using many different tools such as network monitoring and security tools, firewalls, website blockers, and many others. These tools have come together to comprehensively manage and secure endpoints as well as corporate servers. Endpoint management, endpoint security and OS providers have added further value towards creating a safe and secure environment for endpoints that work in the corporate environment. The Information Source consisted of software vendors, security and vulnerability databases, patch databases and so on. Corporate “Boundaries” Endpoint Information Source Software Vendors Patch DB Vulnerability DB IT Administrator Figure 2: The Trinity of Endpoints, Administrators and Information Sources for Endpoint Security
Same Endpoint But A Widening Security Gap Endpoints today – even the traditional ones such as laptops – operate in a dramatically different environment. They operate more “out” of physical and network boundaries than the earlier ones thanks to better connectivity and a more distributed and mobile workforce operating remotely and from home. They are also more dynamic (i.e. used for varying purposes undergoing significant changes in a short span of time), and are prone to variations due to a more “hostile” local environment. Approaching their security and management in the same way as traditional endpoints leaves a gaping hole in the overall IT security and management, even as endpoints undergo frequent changes in configuration and are prone to hacking, malware attacks, theft, spyware, and open vulnerabilities. Apart from periodic checkpoints that can be spread weeks or months apart, IT is essentially “flying blind”! The problem with the traditional way of managing endpoints is clear – even as IT grapples with a ton of informa- tion from its current information sources, it has limited information from the endpoints themselves! While reports provide varying degree of detail, they are built for a very different purpose. They are primarily for seeing results of past actions performed on endpoints than gathering fresh information on them (see inset for additional limitations of endpoint reports). Reports: Looking backward, not acting forward • Oriented towards results and outcomes of past actions on endpoints rather than future actions that need to be taken • Appear without any context of changes that might have happened anywhere in the endpoint universe – from the information source to corporate IT environment to the endpoint themselves • Viewed infrequently with information in them often days and weeks old • Not in the clear line of sight of the administrators while they are “acting forward” on the endpoints
This gap in endpoint management trinity of Information Source, Administrator and Endpoint is illustrated in Figure 3. As these endpoints proliferate through the organization and workforce becomes more mobile with them, this gap will only widen further. Security tools residing on the endpoints are a key mechanism to secure them against vulner- ability and attacks. However, without using endpoints themselves as an active source of information, IT will miss a critical piece of information that can help them make informed and timely decisions. Following are four key issues that IT administrators face due to this gap in their current enterprise architecture, and what they need to look for in any proposed solution: 1. According to a recent report from Hewlett Packard Enterprise called the HPE Cyber Risk Report 2016*, “Attackers have shifted their efforts to directly attack applications”. The report goes on to say that they have “shifted their focus from servers and operating systems to applications” – meaning, your endpoints. It is clearly not enough to monitor and secure the network and data from one end while the attacker is attacking the other! The solution needs to bring endpoints into the realm of information source as depicted in the diagram. Corporate “Boundaries” Endpoint Information Source Software Vendors Patch DB Vulnerability DB IT Administrator Endpoint Endpoint X Figure 3: Modern Endpoint Environment * HPE Cyber Risk Report 2016, http://techbeacon.com/resources/2016-cyber-risk-report-hpe-security
2. Endpoint information is much more dynamic than the other sources. It changes on a daily and sometimes even hourly basis. Not getting timely information from them can give a false sense of security, which only worsens as precious days and weeks go by since the “last scan” was performed! Given the fast-changing and dynamic nature of endpoints and corporate working today, it is important for the solution to be able to provide the most current information. 3. Endpoints are diverse and numerous by nature, and covering the entire set to gather the most comprehensive information on the state of the network with the present set of functional and monolithic tools presents a formi- dable challenge for IT teams. The result is piecemeal fixes and a target that is constantly moving, which prevent IT security teams from getting a foot in and creating a watertight setup without security holes. The solution should be able to run “out-of-cycle” from the current operations, and at the same time be well-integrated with them in order to be truly effective. 4. While the attackers are sharpening their attacks on individual endpoints and applications, IT’s remediation and fixes turn out to be blunt at best, and off-the-mark at worst. The solution should provide the ability for administrators to quickly zero in on configuration items that are critical, identify patterns in them, and be able to visually view the results to ease their actions. Accelerite Sentient - Plugging the Gap Due to the above gap in the current enterprise architecture, IT is forced to work in a reactive manner, putting out the proverbial fires as they break out instead of being able to proactively monitor and manage based on information gathered and synthesized in real-time. Plugging this gap is only possible if the endpoint itself is capable of being an information source for IT administrators. But how do you go about fixing the enterprise architecture to incorporate a change of this nature? What are the key considerations and parameters that one needs to keep in mind when incorporating this change? Accelerite Sentient has been built with these questions in mind, and with considerations that most effectively fill this gap. With Accelerite Sentient, IT administrators can query endpoints for their current status – including applications installed on them and their versions, potentially malicious software they are running, existence of rogue files in them, harmful configurations, available disk space and other critical parameters.
Sentient has the following key characteristics that are critical to solving the four key issues faced by IT that we saw in the last section: 1. Real-time information for immediate action - Sentient pulls together real-time information from enterprise endpoints for IT administrators to quickly identify critical security threats and vulnerabilities, and address com- pliance and configuration issues in their endpoint network within minutes. 2. Proactive oversight and management - The solution should enable IT admins to get ahead of the problem and be able to proactively address their endpoint security and configuration. Sentient allows administrators to proactively query the current status and existence/non-existence of configurations and files from the point of view of actively unearthing issues in real-time, which is in contrast to standard reporting queries from current tools that are only targeted towards analyzing outcomes of actions that administrators have previously taken. 3. Targeted operations across diverse endpoints - With agents residing in each endpoint and responding in real-time, administrators can take more targeted actions that effect a narrower set of relevant endpoints instead of casting a wide net every time and having to put undue pressure on their network and many end-points at the same time. 4. Insights-driven for maximum impact - With so many configuration parameters to monitor, it is important for the solution to provide an easy way to query endpoints and get back visualizations and graphs that can be interpreted quickly and intelligently. Sentient classifies and presents the information gathered in visual format with drilldown information, and makes it easy for IT to locate problem areas in their network of endpoints quick- ly. The search queries in Sentient are in freeform text format, which enables IT to easily query their endpoints using natural language phrases. Sentient also provides the option to integrate with endpoint management tools (e.g. Radia Endpoint Manager), which allows for IT departments to have in-place remediation and avoid multiple systems of record for their endpoints status.
Conclusion As workforce becomes increasingly mobile, working from home, working remotely, and attackers attacking more applications than servers, endpoints need to be more proactively involved in the decision-making processes such as patching them, updating software versions, changing configurations, installing and uninstalling files or software, and so on. It is no longer enough for them to be just “managed” as a reactive measure based on only information that is external to them. They need to be made smarter and be included in information gathering for security, compliance, audits, asset utilization, etc. Accelerite Sentient provides IT departments the means to gather information from them in real-time for proactive security and management. Interested in seeing Accelerite Sentient in action? For more information, please visit accelerite.com/site/real-time-security or contact sales at +1-800-787-9540 or sales@accelerite.com. Accelerite delivers business-critical secure infrastructure software for Fortune 500s, telecom operators and SMEs around the globe. Accelerite’s product suite includes solutions for cloud life cycle management, endpoint security, enterprise mobility management, and the Internet of Things. Headquartered in Santa Clara, CA, Accelerite serves as the products business of Persistent Systems (BSE & NSE: PERSISTENT), a global leader in software product development and technology services, with 9,000 team members worldwide.

Recommended

Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 

Recommended

Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak PreventionTanvir Hashmi
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring PrimerRocco Magnotta
 
Why uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityWhy uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityCincoC
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012Icomm Technologies
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectJermund Ottermo
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threatAraf Karsh Hamid
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 

More Related Content

What's hot

Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak PreventionTanvir Hashmi
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring PrimerRocco Magnotta
 
Why uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityWhy uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityCincoC
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectJermund Ottermo
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 

What's hot (17)

Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data Classification
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring Primer
 
Why uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityWhy uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-security
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
 
Prevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in RetrospectPrevention is futile in 2020 - Gartner Report in Retrospect
Prevention is futile in 2020 - Gartner Report in Retrospect
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 

Similar to REAL TIME ENDPOINT INSIGHTS

Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threatAraf Karsh Hamid
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygieneThiagu Haldurai
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
i2 Contact Tracing One Pager
i2 Contact Tracing One Pageri2 Contact Tracing One Pager
i2 Contact Tracing One PagerSydney Wolff
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterpriseinfra-si
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0Fabrizio Cilli
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 

Similar to REAL TIME ENDPOINT INSIGHTS (20)

Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threat
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
i2 Contact Tracing One Pager
i2 Contact Tracing One Pageri2 Contact Tracing One Pager
i2 Contact Tracing One Pager
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterprise
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

REAL TIME ENDPOINT INSIGHTS

  • 1. Real-time Endpoint Insights Plugging an Important Security Gap There is a security gap with the way in which we secure today’s endpoints. This gap forces IT to work in a reactive manner, putting out the proverbial fires as they break out instead of being able to proactively monitor and manage based on information gathered and synthesized in real-time.
  • 2. Organizations of recent have seen a rise in data breaches, disruptions and threats of malware attacks. Figure 1 shows the number of major data breaches and attacks that organizations have faced in just the three first months of 2016! Any delay in identifying vulnerabilities and threats due to potential security holes can have damaging financial implications. However, IT endpoint management and security still remains functional (e.g. patch deployment, configuration, etc.) dealing primarily with actions targeted towards a large set of endpoints as a monolithic activity that is far removed from the reality of each endpoint’s state. This functional view has largely been the essence of endpoint security and management for almost as long as computing endpoints have existed. JAN 25 FACC AG - email cyberattack activities - hackers steal $54.5M from Boeing supplier. FEB 8 University of Central Florida - 63K students’ SSNs exposed - $100K to notify potential victims. FEB 9 RubberStamps.Net - hackers gained access to order management system - 7K customers affected. FEB 29 UC Berkeley - hackers stole financial data of more than 80K UCB students and faculty members. MAR 10 Internal Revenue Service - identity thieves used stolen SSNs to generate IRS e-filing pins - 100K taxpayers affected. MAR 23 21st Century Oncology - cyber breach affecting 2.2M patients - results in class-action lawsuits. MAR 25 Verizon Enterprise Solutions - hackers stole and sold customer contact info - 1.5M customers affected. MAR 28 Systema Software -1.5M records compromised via Amazon Web Services - data remained exposed for 75 days. MAR 30 MedStar Health Inc. - Cyberattack forces computer system offline - attack caused by known security flaw. Introduction Figure 1: List of major data breach incidents (Q1/2016) - Source: Identity Theft Resource Center (ITRC) Data Breach Report
  • 3. Traditional Endpoint Management and Security Systems Traditional computing endpoints – primarily PCs and servers – have been only recipients of changes that the IT administrators make on them based on the information they receive from various Information Sources (Figure 2). Supporting Information Sources in the context of endpoint security solutions is a matter of integrating with the right databases and security information brokers who have a list of latest vulnerability, threat and patch information – all valuable to maintaining and enhancing the security posture of any organization. Traditionally, corporate endpoints within the sheltered corporate “boundaries” – both physical and network boundaries – have been managed and secured using many different tools such as network monitoring and security tools, firewalls, website blockers, and many others. These tools have come together to comprehensively manage and secure endpoints as well as corporate servers. Endpoint management, endpoint security and OS providers have added further value towards creating a safe and secure environment for endpoints that work in the corporate environment. The Information Source consisted of software vendors, security and vulnerability databases, patch databases and so on. Corporate “Boundaries” Endpoint Information Source Software Vendors Patch DB Vulnerability DB IT Administrator Figure 2: The Trinity of Endpoints, Administrators and Information Sources for Endpoint Security
  • 4. Same Endpoint But A Widening Security Gap Endpoints today – even the traditional ones such as laptops – operate in a dramatically different environment. They operate more “out” of physical and network boundaries than the earlier ones thanks to better connectivity and a more distributed and mobile workforce operating remotely and from home. They are also more dynamic (i.e. used for varying purposes undergoing significant changes in a short span of time), and are prone to variations due to a more “hostile” local environment. Approaching their security and management in the same way as traditional endpoints leaves a gaping hole in the overall IT security and management, even as endpoints undergo frequent changes in configuration and are prone to hacking, malware attacks, theft, spyware, and open vulnerabilities. Apart from periodic checkpoints that can be spread weeks or months apart, IT is essentially “flying blind”! The problem with the traditional way of managing endpoints is clear – even as IT grapples with a ton of informa- tion from its current information sources, it has limited information from the endpoints themselves! While reports provide varying degree of detail, they are built for a very different purpose. They are primarily for seeing results of past actions performed on endpoints than gathering fresh information on them (see inset for additional limitations of endpoint reports). Reports: Looking backward, not acting forward • Oriented towards results and outcomes of past actions on endpoints rather than future actions that need to be taken • Appear without any context of changes that might have happened anywhere in the endpoint universe – from the information source to corporate IT environment to the endpoint themselves • Viewed infrequently with information in them often days and weeks old • Not in the clear line of sight of the administrators while they are “acting forward” on the endpoints
  • 5. This gap in endpoint management trinity of Information Source, Administrator and Endpoint is illustrated in Figure 3. As these endpoints proliferate through the organization and workforce becomes more mobile with them, this gap will only widen further. Security tools residing on the endpoints are a key mechanism to secure them against vulner- ability and attacks. However, without using endpoints themselves as an active source of information, IT will miss a critical piece of information that can help them make informed and timely decisions. Following are four key issues that IT administrators face due to this gap in their current enterprise architecture, and what they need to look for in any proposed solution: 1. According to a recent report from Hewlett Packard Enterprise called the HPE Cyber Risk Report 2016*, “Attackers have shifted their efforts to directly attack applications”. The report goes on to say that they have “shifted their focus from servers and operating systems to applications” – meaning, your endpoints. It is clearly not enough to monitor and secure the network and data from one end while the attacker is attacking the other! The solution needs to bring endpoints into the realm of information source as depicted in the diagram. Corporate “Boundaries” Endpoint Information Source Software Vendors Patch DB Vulnerability DB IT Administrator Endpoint Endpoint X Figure 3: Modern Endpoint Environment * HPE Cyber Risk Report 2016, http://techbeacon.com/resources/2016-cyber-risk-report-hpe-security
  • 6. 2. Endpoint information is much more dynamic than the other sources. It changes on a daily and sometimes even hourly basis. Not getting timely information from them can give a false sense of security, which only worsens as precious days and weeks go by since the “last scan” was performed! Given the fast-changing and dynamic nature of endpoints and corporate working today, it is important for the solution to be able to provide the most current information. 3. Endpoints are diverse and numerous by nature, and covering the entire set to gather the most comprehensive information on the state of the network with the present set of functional and monolithic tools presents a formi- dable challenge for IT teams. The result is piecemeal fixes and a target that is constantly moving, which prevent IT security teams from getting a foot in and creating a watertight setup without security holes. The solution should be able to run “out-of-cycle” from the current operations, and at the same time be well-integrated with them in order to be truly effective. 4. While the attackers are sharpening their attacks on individual endpoints and applications, IT’s remediation and fixes turn out to be blunt at best, and off-the-mark at worst. The solution should provide the ability for administrators to quickly zero in on configuration items that are critical, identify patterns in them, and be able to visually view the results to ease their actions. Accelerite Sentient - Plugging the Gap Due to the above gap in the current enterprise architecture, IT is forced to work in a reactive manner, putting out the proverbial fires as they break out instead of being able to proactively monitor and manage based on information gathered and synthesized in real-time. Plugging this gap is only possible if the endpoint itself is capable of being an information source for IT administrators. But how do you go about fixing the enterprise architecture to incorporate a change of this nature? What are the key considerations and parameters that one needs to keep in mind when incorporating this change? Accelerite Sentient has been built with these questions in mind, and with considerations that most effectively fill this gap. With Accelerite Sentient, IT administrators can query endpoints for their current status – including applications installed on them and their versions, potentially malicious software they are running, existence of rogue files in them, harmful configurations, available disk space and other critical parameters.
  • 7. Sentient has the following key characteristics that are critical to solving the four key issues faced by IT that we saw in the last section: 1. Real-time information for immediate action - Sentient pulls together real-time information from enterprise endpoints for IT administrators to quickly identify critical security threats and vulnerabilities, and address com- pliance and configuration issues in their endpoint network within minutes. 2. Proactive oversight and management - The solution should enable IT admins to get ahead of the problem and be able to proactively address their endpoint security and configuration. Sentient allows administrators to proactively query the current status and existence/non-existence of configurations and files from the point of view of actively unearthing issues in real-time, which is in contrast to standard reporting queries from current tools that are only targeted towards analyzing outcomes of actions that administrators have previously taken. 3. Targeted operations across diverse endpoints - With agents residing in each endpoint and responding in real-time, administrators can take more targeted actions that effect a narrower set of relevant endpoints instead of casting a wide net every time and having to put undue pressure on their network and many end-points at the same time. 4. Insights-driven for maximum impact - With so many configuration parameters to monitor, it is important for the solution to provide an easy way to query endpoints and get back visualizations and graphs that can be interpreted quickly and intelligently. Sentient classifies and presents the information gathered in visual format with drilldown information, and makes it easy for IT to locate problem areas in their network of endpoints quick- ly. The search queries in Sentient are in freeform text format, which enables IT to easily query their endpoints using natural language phrases. Sentient also provides the option to integrate with endpoint management tools (e.g. Radia Endpoint Manager), which allows for IT departments to have in-place remediation and avoid multiple systems of record for their endpoints status.
  • 8. Conclusion As workforce becomes increasingly mobile, working from home, working remotely, and attackers attacking more applications than servers, endpoints need to be more proactively involved in the decision-making processes such as patching them, updating software versions, changing configurations, installing and uninstalling files or software, and so on. It is no longer enough for them to be just “managed” as a reactive measure based on only information that is external to them. They need to be made smarter and be included in information gathering for security, compliance, audits, asset utilization, etc. Accelerite Sentient provides IT departments the means to gather information from them in real-time for proactive security and management. Interested in seeing Accelerite Sentient in action? For more information, please visit accelerite.com/site/real-time-security or contact sales at +1-800-787-9540 or sales@accelerite.com. Accelerite delivers business-critical secure infrastructure software for Fortune 500s, telecom operators and SMEs around the globe. Accelerite’s product suite includes solutions for cloud life cycle management, endpoint security, enterprise mobility management, and the Internet of Things. Headquartered in Santa Clara, CA, Accelerite serves as the products business of Persistent Systems (BSE & NSE: PERSISTENT), a global leader in software product development and technology services, with 9,000 team members worldwide.