• Wed. May 29th, 2024

Getting cyber-resilience right in a zero-trust world starts at the endpoint

Bynewsmagzines

May 2, 2023
Getting cyber-resilience right in a zero-trust world starts at the endpoint

[ad_1]

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More


With the White House announcing a new national cybersecurity strategy that prioritizes cyber-resilience and holds software companies more accountable for how secure their products are, Absolute’s 2023 Resilience Index is noteworthy. CNN reports that the administration is working with Congress to develop legislation addressing software liability and inadequate protection against cyberattacks. 

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), calls on technology companies to take greater responsibility when it comes to the cybersecurity of their products, many of which are integral to the foundations of society. Speaking at Carnegie Mellon University earlier this year, she said, “We often blame a company today with a security breach because they didn’t patch a known vulnerability. What about the manufacturer that produced the technology that required too many patches in the first place?” 

Challenges enterprises face in becoming more cyber-resilient

Cyber-resilience minimizes a data breach’s blast radius or impact on an organization’s IT, financial and customer-facing systems and operations. Realizing that not every intrusion attempt will be predictable or easily contained enables enterprises to adopt the right mindset and become more prepared. 

Absolute’s 2023 Resilience Index accurately assesses what CIOs and CISOs are telling VentureBeat about how challenging it is to excel at the comply-to-connect trend Absolute also found in their research. Balancing security and cyber-resilience is the goal. Key insights from the study include the following:

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

 

Register Now

An increasingly chaotic IT landscape makes endpoint visibility and control a significant challenge 

Employees switching between corporate and off-corporate networks create visibility, control and cybersecurity gaps that limit an IT team’s ability to diagnose and fix end-user issues and reduce cybersecurity risks. Further stretching IT teams thin, this requires managing various networks, hardware, OS versions and patches. Absolute’s anonymized telemetry data found that Windows 10 is used on more than 80% of devices. With 14 versions and over 800 builds and patches, IT professionals struggle to keep their employees’ endpoints up to date.

Remote workers’ fluid movement between multiple global locations compounds the challenge

Absolute found that its customers had an average of four enterprise device locations per device in February 2023, up 15% year-over-year. CISOs VentureBeat spoke with at RSAC 2023 said one of their most significant endpoint challenges today is securely switching between devices and networks across remote locations.

Application sprawl proliferates, resulting in 1 in 6 devices running on outdated OS versions 

The typical enterprise device has 67 applications installed, with 10% having more than 100 installed. Regarding web application usage, enterprise devices are used most of the time to access Google Mail and Salesforce. The greater the application sprawl and workload on an endpoint, the higher the probability that an attacker will find a way to exploit memory conflicts and identify where software decay leaves a device vulnerable.  

Overloading endpoints with agents creates a false sense of security, leading to memory conflicts

Absolute found that the typical enterprise device has 11 security agents installed, creating memory and resource conflicts that attackers can exploit. Enterprise devices typically have multiple security applications for endpoint management, antivirus, antimalware and encryption. These are required by industry standards (e.g., ISO/IEC 27001, NIST CSF, PCI DSS, GDPR) and government regulations (e.g., HIPAA, HITECH, FISMA). The findings suggest that many organizations don’t know their device fleet’s software inventory, are running more security agents than needed, or believe that the more tools deployed, the safer they are.

Enterprise devices have an average of 11+ security apps.
Overloading endpoints with too many agents creates a false sense of security in enterprises, which still risk being breached due to memory and resource conflicts these many agents create. Exacerbating this risk is how each endpoint’s agents are decaying at a different rate. Source: Absolute 2023 Resilience Index.

What CISOs can do now

Like zero trust, cyber-resilience needs to be considered an ongoing framework that adapts and flexes to the changing needs of an organization. Every CEO and CISO VentureBeat interviewed at RSAC 2023 said the most fast-moving, challenging threat surfaces to protect are employee- and company-owned endpoint devices. 

Finding new ways to improve the efficacy of zero trust with endpoints is a hot topic today for CISOs across all industries. The following are recommendations of what CISOs can do now to become more cyber-resilient: 

Look to application resilience for greater efficacy gains across EPP, EDR and remote-access solutions 

As part of their Resilience Index, Absolute evaluated the top security vendors across endpoint protection platforms (EPP), endpoint detection and response (EDR) and remote access, cited as industry leaders in analyst reports and used by Absolute customers. These companies included Cisco, Citrix, CrowdStrike, Microsoft, Netskope, Palo Alto Networks, SentinelOne, Sophos, Trend Micro and Zscaler. Absolute tracked the percentage of protected or healthy devices as a baseline, then applied application resilience policies. Efficacy gains by platform varied, with the EPP/EDR category seeing a net gain of 26% and remote access seeing a 23% gain.

Enabling applications to be more resilient is table-stakes for achieving greater cyber-resilience. Source: Absolute 2023 Resilience Index.

Automate patch management to free up IT resources for more significant projects

It’s time to move beyond an inventory-based approach to patch management and consider alternatives for handling patch and configuration management at scale. Government organizations are 214 days behind on completing Windows 10 patches, while education and healthcare are 188 and 156 days behind, respectively, according to Absolute’s analysis of their telemetry data. Enterprises are 142 days behind on Windows 10 patches.    

Limit endpoint, application and system access to authorized administrators 

IT and cybersecurity teams need to automate how endpoint, application and system access is granted and revoked to improve zero trust at the endpoints. Enforcing least privileged access and knowing the access rights for every identity an endpoint supports is critical, especially when it comes to third-party contractors and outside vendors. Audit and track all identity-related activity to reduce trust gaps and insider attacks. Remove expired account access privileges.

Cyber-resilience is the future of endpoint security  

Resilient, self-healing endpoints that can regenerate operating systems and configurations are the future of EPP, EDR tools and remote access solutions. Absolute’s 2023 Resilience Index provides new insights into what’s driving the comply-to-connect trend that balances security and cyber-resilience to ensure an organization’s employees can confidently get to work and keep working, regardless of risk.

“When we’re talking to organizations, what we’re hearing a lot of is: How can we continue to increase resiliency, increase the way we’re protecting ourselves, even in the face of potentially either lower headcount or tight budgets? And so it makes what we do around cyber-resiliency even more important,” said Christy Wyatt, Absolute CEO, in a BNN Bloomberg interview earlier this year. “One of the unique things we do is help people reinstall or repair their cybersecurity assets or other cybersecurity applications. So a quote from one of my customers was: ‘It’s like having another IT person in the building.’”

[Updated 5/2/23 at 10:45 am ET to add resilience table.]

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Leave a Reply

Your email address will not be published. Required fields are marked *