Let no endpoint go dark
The compromise of a single enterprise endpoint can ultimately
lead to a wider security incident, ransomware outbreak, data breach,
costly remediation and rebuilding of lost reputation. Most organizations
know this, but still struggle to obtain visibility into and control
over corporate endpoints, which are often distributed throughout the
world.
When a device goes dark – goes off the corporate network, is lost or
stolen, or operating without security controls – organizations have a
limited window of time to remediate vulnerabilities and mitigate risk.
These efforts are slowed or thwarted when the very software controls
designed to protect are corrupted or removed.
Persistence technology helps security controls self-heal
Endpoint security company Absolute
has a unique solution for that: firmware-embedded Persistence
technology that allows endpoint security and management controls to
“self-heal” or reinstall if they’ve been removed or compromised. This
technology, a key component of the company’s endpoint visibility and
control platform, gives IT security organizations a resilient connection
to their endpoints for the insight and control to protect users, data
and devices on or off the corporate network.
Absolute’s patented Persistence technology
has been around for over a decade, and is already embedded in the
firmware of over a billion endpoint devices globally. If your workforce
is using desktops, laptops, smartphones and tablets by Dell, Lenovo, HP,
Asus, Microsoft, Samsung and dozens of other hardware manufacturers,
Persistence is already built in at the factory, waiting to be activated
via Absolute’s cloud-based platform. (The company offers Apple add-on
support that isn’t embedded at the factory.) After Absolute Persistence
is activated, it can’t be deactivated by anyone except the customer.
Persistence lives up to its name, checking on endpoint controls and
making sure they are present and healthy. If it detects that the control
has been removed – whether accidentally or on purpose – it will
automatically repair and reinstall it. In fact, there is no way for
rogue employees, thieves or other attackers to prevent this
“self-healing” process, as it can’t be thwarted by things like a
replaced hard drive, flashed firmware, device re-imaging, or a
smartphone/tablet clean wipe to factory settings.
This self-healing capability extends across a broad range of endpoint
controls from the Absolute endpoint visibility and control platform to
third-party agents to help companies build a strong endpoint defense and
keep it that way. If an organization has a VPN client or a critical
endpoint protection or encryption tool on the device and they want to
protect the health of that application, they can use the same embedded
technology to do so.
Enabling the always-connected endpoint
Many endpoint visibility and control solutions rely on a device being
on the corporate network in order to work as intended. Other solutions
offer off-network visibility and remediation, but are dependent on
uncompromised software controls and additional on-premise
infrastructure.
Security posture and alerts
The platform also provides insights into endpoint security risk via a
security vitals dashboard, which displays a quick snapshot of the
overall environment as well as its security posture.
Here, organizations can drill-down and see details about particular
devices – information about hardware, operating system, software that’s
installed – and see which data (potentially at risk) is present on each
device.
This feature is policy-based, and can scan files stored on managed
devices for data such as credit card numbers, Social Security/Social
Insurance numbers, personal health and financial information, custom
information unique to the organization, and so on.
This is especially important for compliance reasons, and even more so
because of the imminent introduction of the EU General Data Protection
Regulation (GDPR)
– the regulation mandates that breaches must be reported within 72
hours when sensitive data has been put at risk, or the organization can
be hit with severe financial penalties.
The reality is this: devices can be stolen or misplaced, and
employees will leak data, whether intentionally or by accident. But with
Absolute, organizations can immediately check if sensitive data is at
risk and if they need to report a breach. From there, they can act on
the information and freeze the device (lock it down) to prevent further
access to sensitive data.
Organizations can set up their own alerts and set up different
thresholds. Anything that can be reported on can be an alert: e.g. if
the device leaves a particular geofence, if it contains healthcare
information, if the hard drive changes, if a new program has been
detected, if warranty is about to end, if a self-healing call has been
made, etc. Customers can create an alert based on any of the variables
and combine multiple variables, as well.
Reaching out to the endpoints, mitigating immediate risks
Absolute is great for data awareness and risk assessment, but also for risk response and remediation.
With Absolute Reach,
the latest addition to the platform, IT security departments can
execute custom workflow and task automation commands to remediate dark
endpoints, evaluate and harden security posture, reduce vulnerabilities
across all endpoints, and receive confirmation that the action has been
performed successfully (or not).
It’s a simple matter of selecting a PowerShell (for Windows machines)
or Bash script (for Macs), going through the wizard (change some of the
conditions) and then running that particular script on the target
device.
The performed interventions can vary from small things like changing a
desktop background to more critical actions such as stopping malicious
processes or closing vulnerable ports.
For example, when WannaCry
went on a rampage, Absolute Reach could have been used to identify
enterprise devices susceptible to vulnerabilities in the Microsoft SMB
Service, and then turn off the vulnerable service or temporarily isolate
the devices from the enterprise network if they didn’t have the right
patch installed.
But that’s just one example – there are hundreds of different things
Absolute customers are using Reach for. In fact, the company’s newly
launched Reach Library provides a basic library of prebuilt scripts that
can be used to address common challenges and rapid query and
remediation of emerging threats. Customers can also create their own
scripts, and as the number of customers using Absolute Reach grows, the
company intends to launch the Absolute Script Community, where users can
share and reference scripts created by their peers (and validated by
Absolute) to solve common query and remediation use cases.
It used to be that endpoints were static and always connected to the
corporate network, but now workers are mobile and endpoints are on the
move, going on and off the corporate network many times a day.
Organizations are finding it difficult not only to see the devices that
carry enterprise data, but to also secure them.
Absolute Reach solves that problem: it provides organizations with
visibility into devices living off the corporate network, and they can
act on the received information to manage and actively secure endpoints.
Easy to deploy and easy to use
Absolute also provides for the ability to initiate an investigation
to recover stolen or lost devices. Once an organization files a
loss/theft report, Absolute deploys forensic tools onto the device to
begin the monitoring process and collect evidence, working with local
law enforcement to recover the device. This capability has allowed
Absolute to recover over 30,000 devices in over a hundred different
countries so far.
The company is also working on a plan to solve for the final piece of
the security puzzle: user behavior analytics. By looking at how users
interact with their devices, the applications they use, data they access
and so on, they can provide baseline profiles and help customers
identify suspicious behavior before it becomes a security incident.
Absolute provides organizations with the ability to reach their
entire endpoint population at any time, and take immediate custom
actions in just a few clicks. Endpoints need to be equipped with the
software control, but no other infrastructure is needed – customers
reach the endpoints via the cloud-based console. And with the unique,
patented Persistence technology, endpoints are always “seen” whether
they are on or off the corporate network, and can always be reached to
mitigate the risks they are open to.
Nice blog... This blog share valuable information on endpoint security. I found this blog very helpful. Thanks for sharing
ReplyDelete