The criticality of endpoint management in cybersecurity and operations
Most events that lead to a loss, corruption, or data theft happen on the devices we use to get a day’s work done. In computing terminology, those devices are called endpoints, and the definition extends to any computing device capable of connecting to, and communicating with, an organisation’s network.
Many endpoint devices are commonly recognisable: the smartphone in your back pocket, the desktop computer or laptop. However, endpoints can also include servers – powerful computers that provide digital services to users, such as file storage, data retrieval, or commonly used applications. When all an organisation’s endpoints are added up, they can number hundreds of thousands in large enterprises.
Often, even discovering the existence of every endpoint is challenging, a situation that has been made more complicated since the COVID-19 pandemic and the continuing habit of working remotely. Endpoints suddenly included computers in people’s homes or personal laptops used during periods of lockdown.
Within just a couple of years from 2020, the number of endpoints using a company’s network rose sharply, and the number of cybersecurity incidents involving endpoints rose in step. Additionally, the cost of each security breach rose from $7.1m to $8.94m [PDF].
The higher number of endpoints in today’s businesses also means that more devices have at least the capability to delete, corrupt or compromise valuable data. Managing endpoints, therefore, means ensuring that devices work safely, whether from the actions of bad actors, from misuse or operators’ mistakes.
It’s clear, therefore, that managing and securing these devices needs to be at the forefront of any organisation’s cybersecurity and device management priorities. A properly managed and monitored endpoint fleet gives IT teams a clear definition of the devices it’s responsible for and a head-start on tracking down and responding to incidents caused by attackers or so-called internal threats. It also shows which devices are at greater risk of possible compromise, informing teams which endpoints need updating, patching or replacing, and with what priority.
Putting in place a rigorous endpoint management system gives organisations the best ROI of any security platform, and should be the foundation of a range of measures designed to protect the organisation’s users, digital assets and intellectual property.
Best practices in endpoint management are discussed in detail in “The Endpoint Defense Playbook: Locking Down Devices with NinjaOne“, which includes advice on how large fleet management tasks can be automated. But for the purposes of this article, let’s consider some steps that any company can take to close off many of the ways that endpoints put their owners’ digital assets at risk.
Audit
Before an IT team can know what they need to monitor, manage and protect, it has to know what devices appear on the network. An audit is therefore an unambiguous first step, although it should be noted that auditing has to be an ongoing process, as day-to-day, endpoints will change as the organisation evolves and the devices used cycle over time. A real-time network map is therefore required.
Secure access
Users, like endpoints, have to be able to prove who they are, and be granted privileges to operate on the company’s network. Passwords, two-factor authentication and single sign-on (SSO) are methods by which employees show they have the rights to be present on the network.
Zero-trust
Zero-trust is a security posture that dictates users and endpoints have no privileges whatsoever on a network by default. Then, policies grant access to applications, services, and devices on a per-case basis. In cases where no policy applies, the system reverts to zero trust or no access.
Encrypt
Encryption means that any data exchange inside or from outside the network is obfuscated and therefore immune to any eavesdropping. Data at rest should also be encrypted, so physical theft of, for instance, storage drives, will not yield any readable data by third parties.
BYOD policies
Since the emergence of the modern smartphone in the mid-00’s, users often prefer the convenience of at least occasional use of their own devices. BYOD (bring your own device) policies can determine which device types are allowed, and also stipulate which versions of software may run and operate on the network. Enacted policies will prevent insecure operating systems and software from running on users’ devices and ensure a maximum level of security among what is an unpredictable population of endpoints.
Proactive scanning
Endpoint detection and response (EDR) systems scan endpoints and log activity to flag anomalous behaviour to users or to systems administrators. Alerts can tell IT staff when action has to be taken to address apparent threats or to surface unusual patterns of behaviour that need further investigation.
Patch & update
Software vendors are constantly updating their code to ensure that it is as safe as possible from malicious activity. Software on endpoints should run the latest versions of all software (including the operating system) so every device does not carry at least a potential attack vector. Zero-trust policies are applicable in this respect: endpoints not fully up-to-date can be denied access or given limited privileges by default.
Remediation planning
Despite all preventative measures, every network will always suffer some security or misuse issues. It is essential that IT teams have coherent plans that can be followed when there is the possibility of data breach or corruption. Remediation planning also requires the practise of recovery procedures, so teams are aware of the steps they need to take in the event of a possible incident.
Next steps
Endpoint management and security are mutually supportive processes that together form the basis for strong IT security and data loss prevention. In very small companies, it’s possible to manually implement endpoint management on a per-device basis. But in the majority of cases, an endpoint management software platform is necessary to oversee and, where possible, automate management policies.
Creating a strong and safe IT environment for any organisation is essential for a business to operate in 2024, and it’s a subject that requires a great deal of attention. You can read in more detail about the best practices to implement endpoint management in “The Endpoint Defense Playbook: Locking Down Devices with NinjaOne“, which is available to download now.
READ MORE
- Data Strategies That Dictate Legacy Overhaul Methods for Established Banks
- Securing Data: A Guide to Navigating Australian Privacy Regulations
- Ethical Threads: Transforming Fashion with Trust and Transparency
- Top 5 Drivers Shaping IT Budgets This Financial Year
- Beyond Connectivity: How Wireless Site Surveys Enhance Tomorrow’s Business Network