Let no endpoint go dark



The compromise of a single enterprise endpoint can ultimately lead to a wider security incident, ransomware outbreak, data breach, costly remediation and rebuilding of lost reputation. Most organizations know this, but still struggle to obtain visibility into and control over corporate endpoints, which are often distributed throughout the world.
When a device goes dark – goes off the corporate network, is lost or stolen, or operating without security controls – organizations have a limited window of time to remediate vulnerabilities and mitigate risk. These efforts are slowed or thwarted when the very software controls designed to protect are corrupted or removed.

Persistence technology helps security controls self-heal

Endpoint security company Absolute has a unique solution for that: firmware-embedded Persistence technology that allows endpoint security and management controls to “self-heal” or reinstall if they’ve been removed or compromised. This technology, a key component of the company’s endpoint visibility and control platform, gives IT security organizations a resilient connection to their endpoints for the insight and control to protect users, data and devices on or off the corporate network.
self-healing endpoint visibility
Absolute’s patented Persistence technology has been around for over a decade, and is already embedded in the firmware of over a billion endpoint devices globally. If your workforce is using desktops, laptops, smartphones and tablets by Dell, Lenovo, HP, Asus, Microsoft, Samsung and dozens of other hardware manufacturers, Persistence is already built in at the factory, waiting to be activated via Absolute’s cloud-based platform. (The company offers Apple add-on support that isn’t embedded at the factory.) After Absolute Persistence is activated, it can’t be deactivated by anyone except the customer.
Persistence lives up to its name, checking on endpoint controls and making sure they are present and healthy. If it detects that the control has been removed – whether accidentally or on purpose – it will automatically repair and reinstall it. In fact, there is no way for rogue employees, thieves or other attackers to prevent this “self-healing” process, as it can’t be thwarted by things like a replaced hard drive, flashed firmware, device re-imaging, or a smartphone/tablet clean wipe to factory settings.
self-healing endpoint visibility
This self-healing capability extends across a broad range of endpoint controls from the Absolute endpoint visibility and control platform to third-party agents to help companies build a strong endpoint defense and keep it that way. If an organization has a VPN client or a critical endpoint protection or encryption tool on the device and they want to protect the health of that application, they can use the same embedded technology to do so.

Enabling the always-connected endpoint

Many endpoint visibility and control solutions rely on a device being on the corporate network in order to work as intended. Other solutions offer off-network visibility and remediation, but are dependent on uncompromised software controls and additional on-premise infrastructure.

Security posture and alerts

The platform also provides insights into endpoint security risk via a security vitals dashboard, which displays a quick snapshot of the overall environment as well as its security posture.
Here, organizations can drill-down and see details about particular devices – information about hardware, operating system, software that’s installed – and see which data (potentially at risk) is present on each device.
This feature is policy-based, and can scan files stored on managed devices for data such as credit card numbers, Social Security/Social Insurance numbers, personal health and financial information, custom information unique to the organization, and so on.
self-healing endpoint visibility
This is especially important for compliance reasons, and even more so because of the imminent introduction of the EU General Data Protection Regulation (GDPR) – the regulation mandates that breaches must be reported within 72 hours when sensitive data has been put at risk, or the organization can be hit with severe financial penalties.
The reality is this: devices can be stolen or misplaced, and employees will leak data, whether intentionally or by accident. But with Absolute, organizations can immediately check if sensitive data is at risk and if they need to report a breach. From there, they can act on the information and freeze the device (lock it down) to prevent further access to sensitive data.
Organizations can set up their own alerts and set up different thresholds. Anything that can be reported on can be an alert: e.g. if the device leaves a particular geofence, if it contains healthcare information, if the hard drive changes, if a new program has been detected, if warranty is about to end, if a self-healing call has been made, etc. Customers can create an alert based on any of the variables and combine multiple variables, as well.

Reaching out to the endpoints, mitigating immediate risks

Absolute is great for data awareness and risk assessment, but also for risk response and remediation.
With Absolute Reach, the latest addition to the platform, IT security departments can execute custom workflow and task automation commands to remediate dark endpoints, evaluate and harden security posture, reduce vulnerabilities across all endpoints, and receive confirmation that the action has been performed successfully (or not).
It’s a simple matter of selecting a PowerShell (for Windows machines) or Bash script (for Macs), going through the wizard (change some of the conditions) and then running that particular script on the target device.
The performed interventions can vary from small things like changing a desktop background to more critical actions such as stopping malicious processes or closing vulnerable ports.
For example, when WannaCry went on a rampage, Absolute Reach could have been used to identify enterprise devices susceptible to vulnerabilities in the Microsoft SMB Service, and then turn off the vulnerable service or temporarily isolate the devices from the enterprise network if they didn’t have the right patch installed.
But that’s just one example – there are hundreds of different things Absolute customers are using Reach for. In fact, the company’s newly launched Reach Library provides a basic library of prebuilt scripts that can be used to address common challenges and rapid query and remediation of emerging threats. Customers can also create their own scripts, and as the number of customers using Absolute Reach grows, the company intends to launch the Absolute Script Community, where users can share and reference scripts created by their peers (and validated by Absolute) to solve common query and remediation use cases.
It used to be that endpoints were static and always connected to the corporate network, but now workers are mobile and endpoints are on the move, going on and off the corporate network many times a day. Organizations are finding it difficult not only to see the devices that carry enterprise data, but to also secure them.
Absolute Reach solves that problem: it provides organizations with visibility into devices living off the corporate network, and they can act on the received information to manage and actively secure endpoints.
self-healing endpoint visibility

Easy to deploy and easy to use

Absolute also provides for the ability to initiate an investigation to recover stolen or lost devices. Once an organization files a loss/theft report, Absolute deploys forensic tools onto the device to begin the monitoring process and collect evidence, working with local law enforcement to recover the device. This capability has allowed Absolute to recover over 30,000 devices in over a hundred different countries so far.
The company is also working on a plan to solve for the final piece of the security puzzle: user behavior analytics. By looking at how users interact with their devices, the applications they use, data they access and so on, they can provide baseline profiles and help customers identify suspicious behavior before it becomes a security incident.
Absolute provides organizations with the ability to reach their entire endpoint population at any time, and take immediate custom actions in just a few clicks. Endpoints need to be equipped with the software control, but no other infrastructure is needed – customers reach the endpoints via the cloud-based console. And with the unique, patented Persistence technology, endpoints are always “seen” whether they are on or off the corporate network, and can always be reached to mitigate the risks they are open to.

Comments

  1. jonathanDecember 27, 2018 at 6:24 AM

    Nice blog... This blog share valuable information on endpoint security. I found this blog very helpful. Thanks for sharing

    ReplyDelete

Post a Comment

Popular posts from this blog

تحميل اصدارات برنامج njRAT لاختراق الاجهزة 2017

Image
تحميل   اصدارات برنامج  njRAT  لاختراق الاجهزة  2017 ---------------------------------------------------------------------------------------------- السلام عليكم ورحمة الله تعالى وبركاته تحميل جميع اصدارات برنامج  njRAT  الشهير لاختراق الاجهزة مع تشفيرة متواضعة  لستب njRAT 5 نتيجة فحص تشفيرة الستب http://pscan.xyz/results.php?id=VbGXRoAJjWiEeSHH الان ناتي الى التحميل njRAT_v0.3.5 للتحميل https://up.top4top.net/downloadf-483nr2oz4-rar.html njRAT_v0.4.1 https://up.top4top.net/downloadf-483nhv6j2-rar.html njRAT_v0.5.0 للتحميل https://up.top4top.net/downloadf-483nihol1-rar.html njRAT-v0.6.4 للتحميل https://up.top4top.net/downloadf-483dr2zk1-rar.html njRAT-v0.7d
Read more

Cybersecurity in 2018: Three predictions and one hope

Image
Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining, at
Read more

Which phishing messages have a near 100% click rate?

Image
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated
Read more