THE STATE OF ENDPOINT PROTECTION & MANAGEMENT WHY SELF-HEALING IS THE NEW MANDATE ENTERPRISE WHITEPAPER
100% VISIBILITY OF ENDPOINT STATUS IS SURPRISINGLY (AND UNACCEPTABLY) SELDOM ATTAINABLE, WITH THE AVERAGE TYPICALLY FALLING IN THE 80-90% RANGE. 1 Devices with sensitive data may get lost or stolen; and the very endpoint agents that are critical for seeing and controlling the devices become broken. Employees also go off the corporate network for long stretches of time without the latest patches, updates and security files thus leaving them exposed to advanced threats. Critical software agents are also lost when firmware is flashed, the device is re-imaged, the hard-drive is replaced, or if the OS is reinstalled. All of these scenarios create dark endpoints which fracture visibility and open up unacceptable vulnerabilities to insider threats, malicious attacks or other risks affecting business operations. Dr. Larry Ponemon, chairman of the Ponemon Institute, quantifies the dark endpoint situation by noting that 67 percent of enterprises are unable to detect employee use of insecure mobile devices 2. Despite best efforts to patch these applications, if the security agent is not active on the endpoint, organizations have zero visibility and control of the application. And that s a problem for both Security and IT Operations. This white paper delivers the first ever released statistics from the unique vantage point that Absolute has as the only infrastructure company that device manufacturers around the world use for embedded persistence technology in the firmware of desktops, laptops, tablets and smartphones. The white paper aims to answer some of the top questions Security and IT Operations executives face: How do you know if all devices are 100% compliant with IT and Security policies when they go off the network or critical security agents are missing? What do you do if the mission critical endpoint applications you ve invested in are removed or corrupted? This white paper will examine and debunk prevailing myths on the state of endpoint protection and asset management as it relates to visibility and control. We also propose a novel solution to these challenges with the Absolute s Application Persistence capability that delivers uncompromised visibility and real-time remediation. ATTACKING JUST THE SYMPTOMS CREATES MORE PROBLEMS For many organizations, their internal IT teams must constantly patch, fix, update and perform tedious tasks as most remediation today is still performed manually. On average, as an IS Decisions survey 3 found, most organizations spend three or more hours per compromised host on incident respond. IT and Security teams need a better way to ensure and strengthen the presence, health and value of endpoint security and management controls. Overall, these teams need to improve: Management and total visibility of endpoint assets at all times, anywhere The response time for remediation when a device with sensitive data goes dark How can you secure what you can t see? Automation so uncontrolled devices do not require staff intervention ENTERPRISE WHITEPAPER 2
Most organizations invest heavily in security and asset management infrastructure to address these needs. As powerful as these solutions are, understaffed and overworked security teams still scramble to investigate and respond to incidents and vulnerabilities. Let s look at some of the common misconceptions that keep staff battling symptoms rather than the root cause of security risks. TOP 5 ENDPOINT PROTECTION MYTHS DEBUNKED Myth #1: We have over 95% of endpoints compliant with required applications, all patched with the latest version. Fact: Based on Absolute s base of thousands of endpoints under management, research shows that the majority of organizations have only 80-85% of their endpoint devices actually running critical applications. This figure implies there is a greater risk of breach, non-compliance as well as potential impact on productivity and an organization s reputation. It also means that organizations that have spent substantial dollars and resources on deploying state of the art security and asset management software are not getting the full return on their dollars since well less than 100% of endpoints are running critical applications. Myth #2: All of our endpoints are already encrypted and data is protected, so we don t need to worry. Fact: The reality is that only 80-85% of endpoints are actively running the encryption software that their organization invested in to boost their security posture. That 15-20% gap represents unacceptable risks for nearly all organizations but especially intolerable for those in financial and healthcare organizations where sensitive information (personal, financial, medical records) is vital to protect. Myth #3: Eventually, all of our devices will get updated when they re back on the network. Fact: The truth is that most organizations have a substantial population of devices (as high as 20%) that are off the network and may not receive the latest patches, updates, security files for weeks or months leaving them vulnerable. This highlights the need for automated self-healing so that endpoints are in compliance at all times whether or not they are on the corporate network. How is that possible? Clearly the solution must be resident in the device firmware itself so it activates automatically when it detects the absence of critical application software running and can re-install it even if off network. In other words, the endpoint application must persist or remain present no matter what happens to the device. Myth #4: 100% of our endpoints are reporting in for security, IT asset management and compliance tracking. Fact: Absolute has found that typically more than 5% of endpoints are simply NOT reporting in because the required software agents are not running on the endpoint. This is the fractured visibility that causes the core issue that you can t secure or manage what you can t see. The dark or missing endpoints not only represent a security threat but also reduce the ROI on your infrastructure spending because mission critical applications are not fully deployed on each and every endpoint and actively running non-stop. Dark endpoints may also be devices that have long since been retired or decommissioned and should no longer count toward your software license count or compliance reporting. Absolute has found that as many as 10% of endpoints do not contain the required encryption solutions, often caused by devices that are off network, re-imaged, lost/stolen, or simply NOT managed. The necessary remediation impacts endusers, burns up IT helpdesk resources, which has significant financial costs, not to mention the regulatory penalties and reputational damage should a data breach occur. ENTERPRISE WHITEPAPER 3
Myth #5: Data breaches are caused by outside attackers so that s what we need to protect against. Fact: Insiders (malicious or unintentional users) are becoming the fastest growing source of threats, according to Symantec 4. Employees are often putting sensitive data at risk by not updating security endpoints, downloading data to personal devices, removing security agents, etc. Insider threats and malicious intent are also obvious factors that can contribute to data breaches. According to an IS Decisions study, 35% of organizations in the US and UK with over 10,000 employees have suffered an internal security breach in the past 12 months. 5 Clearly, these compromised endpoint agent controls create fractured visibility that must be corrected immediately. Unfortunately, it takes a considerable amount of manual IT effort, which often disrupts endusers, to get those machines back in compliance and hardened from risk of insider threats. There are tools available today that can help, and chances are that you have already invested extensively in such infrastructure. However, the challenge is that they require the device to be connected to the network and all the endpoints controls to be present and healthy. What s needed to protect against insider threats is a solution that automatically remediates the endpoint regardless of being on or off the network. RECOMMENDATIONS FOR AUGMENTING ENDPOINT PROTECTION AND MANAGEMENT Organizations must move from the current IT laborintensive and largely reactive measures to a more proactive and automated self-healing. IT Operations and Security teams are already burdened investigating incidents, remediating risks, and tracking down devices that have gone dark. To protect your organization, you need to fill in the visibility gaps and build upon your existing endpoint protection. Absolute recommends the following best practices: 1 IDENTIFY THE SHORT LIST OF ABSOLUTELY CRITICAL SOFTWARE THAT MUST ALWAYS, ALWAYS RUN ON EVERY ENDPOINT NO MATTER WHAT HAPPENS TO THE DEVICE. 2 LOOK FOR A SOLUTION THAT ENSURES 100% OF YOUR ENDPOINT SOFTWARE AGENTS ARE RUNNING EFFECTIVELY REGARDLESS OF NETWORK STATUS. 3 DEMAND SELF-HEALING CAPABILITIES OF YOUR ENDPOINT SECURITY AND MANAGEMENT VENDORS. 4 USE TECHNOLOGY TO AUTOMATE AND REDUCE END-USER DISRUPTION AND SUPPORT RESOURCES TO ACHIEVE COMPLIANCE. ENTERPRISE WHITEPAPER 4
It s not about replacing all your endpoint security measures but rather building a more resilient security stack that promotes automatic, real-time self-healing remediation. Absolute brings to the enterprise resilient technology that has already been embedded in the firmware of leading device manufacturers for over a decade. Application Persistence, powered by patented technology embedded in over 1 billion devices globally, helps augment existing infrastructure for additional layers of security. With Application Persistence, organizations are always aware of the presence, health and compliance of endpoint controls. Application Persistence benefits include the ability to: Ensure Application Resiliency: Absolute provides the exclusive ability to see and control devices, applications and data both on and off the network to ensure critical endpoint applications are always available and effective. Automatically Repair Breaches: An attempt to disable an endpoint control triggers an automatic reinstall and repair of the agent to maintain compliance in an increasingly persistent threat environment. ORGANIZATIONS UNDER PERSISTENT ATTACK NEED PERSISTENT SELF- HEALING ENDPOINT DEFENSES. THE WORLD WILL BE MORE SECURE WHEN ALL ENDPOINT AGENTS CAN REPAIR THEMSELVES TO PRESENT A UNITED FRONT IN THE BATTLE AGAINST PERSISTENT ATTACKERS AND INSIDER THREATS. HOW APPLICATION PERSISTENCE LEVERAGES EXISTING INVESTMENTS Traditional security tools, which may include existing security investments, cannot protect devices when they are off the network or the agent is somehow disabled. What s needed is always-on visibility and instant remediation of all devices even when off the corporate network. Proactively Minimize Risks: Security pros can now keep critical applications on devices, minimizing security risks and reducing vulnerabilities. With no IT intervention, agents can be restored across all endpoints. Ensure Compliance: With automated control remediation, IT can easily maintain correct application versions to meet compliance requirements. Deploy Instantly: Absolute s core technology is already embedded in more than one billion popular PCs, laptops and other mobile devices, so customers only need to activate via a cloud-based platform for fast results. Application Persistence addresses the problem of dark endpoints because it maintains a constant connection with the device, whether it s on the network or off, or otherwise compromised. And that connection enables self-healing by triggering the re-installation of critical software. ENTERPRISE WHITEPAPER 5
ABSOLUTE CURES THE ROOT CAUSE OF ILLNESS, NOT JUST SYMPTOMS Humans have a remarkable immune system that triggers selfhealing whenever an attacking body intrudes on the system or develops from within. This self-healing strategy pays off big dividends by giving humans astounding resilience. In a similar way, the IT and Security industry needs self-healing infrastructure to build robust immunity to thwart illnesses from attacks from within (insider threats) as well as from the outside (exfiltration). Absolute enables self-healing built into every endpoint, which is the key to enterprise resilience in the face of unrelenting attacks and never ending vulnerabilities. Fortunately, Application Persistence illuminates these dark endpoints, attacks the core of the security illness, and empowers your organization with innovative real-time selfhealing remediation. It s not about replacing your existing security investments; it s about strengthening them and taking a holistic approach to security. With over ten years of experience in self-healing endpoint technology, Absolute s partnership with leading device manufacturers ensures Persistence technology is already embedded in over 1 Billion laptops, tablets and smartphones globally. Simply stated, Absolute is already there in your enterprise s devices. All that is required is activation of Application Persistence. Your organization too can leverage self-healing infrastructure with Absolute s Application Persistence solution. For more information about Application Persistence, contact Absolute for an audit and security assessment. Get more insights on Application Persistence at absolute.com/products/application-persistence. FOOTNOTES: 1) IBM and Ponemon Institute 2016 Cost of Data Breach Study 2) Ponemon Institute The Cost of Insecure Mobile Devices in the Workplace 3) Insider Threat Security Manifesto, IS Decisions Study 4) Symantec Internet Security Threat Report 2016 CONCLUSION 5) IS Decisions Study Endpoint security and asset management assumptions and myths must be challenged as the advanced threat landscape, the way we work, and emerging platforms constantly change and evolve. But with this flux, endpoints are no longer just on the network or within traditional firewalls. Dark endpoints, including many that are perceived to be reporting in and secure, are breeding grounds for data breaches. The current approach to endpoint security is often fragmented, takes a considerable amount of manual IT effort, and is mainly treating the symptoms, not the illness. ENTERPRISE WHITEPAPER 6
ABOUT ABSOLUTE Absolute is the leader in self-healing endpoint security with a fundamentally new approach that ensures uncompromised visibility and real-time remediation to stop breaches at the source. Our SaaS platform puts IT and security professionals in total command and control of devices, data and applications whether they are on or off the network--to improve IT asset management, ensure compliance, protect data and reduce insider threats. Our core technology advantage, Absolute Persistence, is embedded in over a billion popular devices, giving our platform and other endpoint controls the power to self-heal and withstand user errors or malicious attacks while returning to an original state of safety and efficacy. With this trusted two-way connection, our customers can see it all and secure it all with zero impact on users. More than 25,000 organizations and the world s leading device manufacturers including Acer, Dell, Fujitsu, HP, Lenovo, Samsung, and others rely upon Absolute s selfhealing endpoint security solutions for the ultimate awareness and resilience. For more information, visit www.absolute.com. Always There, Already There. Only Absolute gives you the uncompromised visibility and real-time remediation to stop security breaches at the source. This is made possible by our Absolute Persistence self-healing technology, embedded in over a billion popular endpoint devices for the power to withstand user error or malicious attacks and return to an original state of safety and efficacy. No other technology can do this. For more information, visit absolute.com. 2017 Absolute Software Corporation. All rights reserved. Absolute and Persistence are registered trademarks of Absolute Software Corporation. All other trademarks are property of their respective owners. ABT-endpoint-protection-WP-E-020917