Endpoint Security and the Need for Real-time Data
Enterprise endpoints operate increasingly from remote locations and are out of the corporate network. Due to this, they are more vulnerable to changes in external environments. Current IT operations environment uses tools that are geared towards management, and these tools are different from tools for security. The silo’ed functional view of endpoint security and management that has been the norm for PCs is not relevant in the world of mobile, tablets and portable devices.
In his article, Real-Time Data is Critical to Improving Endpoint Security, Shivesh Vishwanathan, Accelerite’s Product Marketing Head proposes how the new endpoint environment itself can act in a coordinated and responsive manner with IT systems. Real-time information can help IT manage endpoints based on desired outcomes that they share with IT security. In his article, Shivesh highlights:
Increasing Endpoint Attacks
IT endpoint security and management have traditionally been operational covering patch deployment, configuration management, and others. IT has traditionally used information from vulnerability databases, vendors, and other intermediaries to secure endpoints. Since attackers are increasingly attacking the endpoints and apps, it is not sufficient any more to secure and monitor the network from just the server side.
Real-time Access to Endpoints
IT needs to be able to proactively monitor endpoints in real-time. For that, access only to vulnerability information, detection signatures, etc. is not enough. They need to also be in touch with their endpoints in real-time so that they can identify threats, and remediate them quickly. This is in contrast to traditional ways that could take days on end. So, the time needed for performing the series of actions dealing with threats and vulnerabilities just went from days and weeks to seconds and minutes!
The article elaborates on two specific challenges to endpoint security in this new paradigm:
#1. Endpoint information is much more dynamic, and handling that is a non-trivial problem.
#2. The need for “out-of-cycle” operations that is different from the regular IT operations.
Towards Smarter Endpoints
IT and security teams should be able to detect problems on endpoints and remediate them quickly. This calls for specificity of endpoint information, and that they must become even smarter with agents that can alert and self-heal easily. They must be actively included in security and management workflows. That can only happen when IT departments embrace the power of real-time.