By Dan Richings, Senior Vice President Product Management, Adaptiva
The average enterprise organization has thousands of endpoint devices, ranging from desktop PCs through to laptops and point of sale systems. Almost half of them are ticking security time bombs just waiting for an attacker to strike.
Adaptiva and Ponemon Institute surveyed 629 cybersecurity and IT operations professionals about the state of their endpoint management, and the results were grim. According to IT security and operations staff, 48% of their client devices were either running obsolete software or were totally invisible to the IT team. This makes them prime targets for attackers.
At first glance, this looks like a financial problem. On average, companies spend $31.50 per year protecting each of these devices, but security and IT operations professionals say that they still don’t have the resources to make all of their endpoints secure.
However, a deeper look suggests it’s not so much investment that’s lacking as innovation. Almost two thirds of survey respondents report visibility problems in endpoint security. When the biggest issue facing today’s security and operations teams is that they can’t assess or fix many of their client devices, something is clearly broken.
The disconnect is between the old way of doing things and the new reality. While companies were busy implementing yesterday’s endpoint protection measures, the world evolved around them. Understanding how is key to solving the problem.
The edge is growing quickly
The first trend was the decentralization of IT infrastructure. The last 15 years or so have seen devices shrink and grow more powerful. At the same time, computing resources gravitated to the cloud. These two developments enabled workers to take their endpoints home, or to the coffee shop. Then, the pandemic accelerated that change in working style.
Consequently, the endpoints that were once in the IT department’s control now aren’t. Few IT operations staff today have total control over their entire fleet of client devices.
Getting software and operating system updates onto those devices is more difficult than ever. The biggest challenge for survey respondents was maintaining new operating system and application versions across an entire endpoint fleet, at 62 percent. Applying patches and security updates came a close second at 59 percent. As the number of devices increases, that problem will only get worse.
Threats escalated
As endpoints migrate to an unpredictable, unmanageable network edge, the threat landscape also evolved. When Amazon first launched AWS in 2006, kicking off the modern cloud era, ransomware was a cottage industry focused on consumers. Today, ransomware breaches, which primarily attack the endpoint, are at an all-time high (and are also the biggest worry for survey respondents at 48 percent).
The second biggest fear among survey respondents is zero-day exploits. If you’re having problems securing your endpoints, then zero-days will keep you up at night. If a zero-day appears and you don’t know when you’re next going to see a client device, then the race is on between you and an army of black hats to reach that endpoint first.
Protection techniques didn’t evolve
A shifting endpoint infrastructure, combined with an increasingly aggressive threat landscape, has left conventional protection techniques ineffective. Traditional endpoint management and security methods rely on a centralized approach that doesn’t work in a decentralized environment. Many companies haven’t yet caught up.
For years, many companies kept their endpoint management resources at the center of their infrastructure. It made sense, because that’s where the client devices were. Devices would communicate with a server to get the latest software updates and configuration settings.
This approach had its inefficiencies on both the server and the client side. For example, companies had to scale their back-end distribution infrastructure to support the endpoint population. The survey found that companies maintain roughly one distribution server for every six endpoints. Client devices also had to support multiple back-end endpoint management systems. Respondents reported running an average of over seven separate agents on each client device to support their different server-based management tools.
Companies could ignore those inefficiencies when everything was on the same network and always reachable. Now that most endpoints have relocated to the edge, those centralized solutions are suffering from performance and scalability issues. That’s why IT teams report leaving half of their endpoint estate vulnerable to attack.
Companies will feel this pain more acutely as time goes on and their centralized infrastructure strains under its own weight. Six in ten of our respondents reported that their distribution servers have grown in number. Only 38% are keeping up with this distribution sprawl.
Time for a new approach
Something has to change. Companies have acknowledged the problem and are planning to spend more on improving the distribution servers that underpin endpoint management infrastructure. On average, they will increase their expenditure from 12% to 21% in the next year. However, where they spend that money will be critically important.
Simply investing more in centralized distribution infrastructures won’t solve the problem. It will increase management costs without doing much to improve device visibility, and every new security solution that bolts onto your existing stack will make it more complex and less agile. Employing more people to find and fix systems won’t work either, because they can’t fix what they can’t see.
Instead, it’s time to make those dollars work smarter. Rather than trying to control a disparate population of highly distributed endpoint devices from the center, consider managing from the edge.
Here’s how to make your dollars work smarter. Rather than relying on tools that run on centralized infrastructure to monitor and maintain widely distributed endpoint devices, consider utilizing your edge as the infrastructure instead. Shifting from centralized infrastructure, whether on-prem or in the cloud, to one powered by your edge will help keep endpoints visible, allowing them to remain up to date to protect them against threats. You’ll have complete visibility from your position of central control and be able to see with more clarity how your endpoint devices are behaving while containing costs.
This will allow you to eliminate distribution servers from your architecture, as the apps that monitor and maintain your endpoints will reside and execute on your edge rather than on unscalable centralized servers. This will create a self-sustaining, fault-tolerant, and adaptive network of peer-to-peer endpoints that heighten performance, security, and resilience. Half of our 629 survey respondents tell us that a remote workforce has made it difficult for them to distribute the security updates and patches that people need. In a new, decentralized reality, these client devices can instead use their spare computing and storage resources to distribute security patches, configuration changes, and software updates to their peers securely and reliably.
With many employees unlikely to return to the office full-time, managing endpoint security in an edge-centric world is a priority. It’s time to revolutionize endpoint management and push it to the edge.
About the Author
Dan Richings, Senior Vice President Product Management, Adaptiva
Based in the UK and with Adaptiva since 2015, Dan oversees the management of Adaptiva’s products and solutions and plays a key role in determining the product roadmap for the company and delivering on customer needs. Dan has a strong technical background in IT Systems Management across a career spanning numerous industry sectors including construction, design & consulting, software development and IT professional services.
Dan can be reached online via LinkedIn at: https://www.linkedin.com/in/dan-richings-1b7a9628/?originalSubdomain=uk Via Twitter at @dan_richings And at our company website
Source: www.cyberdefensemagazine.com