Mitigating Hybrid Risk: How To Secure A Diverse Endpoint Fleet
Expert Insights speaks to Ashley Leonard, CEO of Syxsense, to discover how organizations can more effectively manage and secure their endpoints—no matter where they’re located.
Today’s workplace is made up of office-based, remote and hybrid workers who use a combination of corporate-issued and personal devices to be able to work from anywhere. While this flexibility offers valuable benefits such as increased productivity, improved collaboration, and the ability to hire non-dependent of geolocation, it also presents a number of security challenges.
Your organization’s endpoints are doorways through which your users access company data. And the more diverse those endpoints are—be that in terms of location, device type or operating system—the more difficult they are to manage and secure.
And, unfortunately, cybercriminals are increasingly exploiting this situation. According to recent research, 28% have experienced attacks involving compromised or stolen devices, and an alarming 81% of businesses have experienced an endpoint attack involving some form of malware. Further studies have found that 80% of those breaches are caused by new or evolved malware variants that infiltrate a system unrecognized, or by the exploitation of undisclosed vulnerabilities.
Vulnerability and patch management can be a difficult undertaking in a hybrid work environment but, when not properly addressed, those vulnerabilities blow the door wide open for attackers trying to infiltrate your company network.
To find out more about how organizations can make their manage and secure their endpoints more efficiently, we spoke to Ashley Leonard, CEO and co-founder at Syxsense. Leonard has over 25 years of experience in enterprise software, sales, marketing and operations, but has spent the last decade specializing in IT and endpoint management solutions.
Founded in 2012, Syxsense is a cloud-based unified endpoint security and management platform that helps organizations manage and secure the PCs, desktop servers, and virtual, mobile and IoT devices connected to their networks. Syxsense encompasses vulnerability scanning, patch management and endpoint security—enabling organizations to align their core IT management processes with their cybersecurity strategies. Syxsense supports mid-size organizations and larger enterprises across all sectors, but numerous financial and retail businesses in particular utilize their reporting capabilities to ensure compliance.
Unifying Configuration And Security
Digitization and the increase in remote and hybrid working have made it increasingly challenging for IT teams to secure their users’ endpoints. Particularly over the course of the last two years, they’ve had to adapt to secure workforces connecting to the network via unsecure WiFi connections. And not only that, but users might also be sharing their internet connection with additional devices, such as family laptops and gaming consoles, which could be accessing potentially malicious content online.
All this means that IT teams can no longer implement security to protect a solid network perimeter; they need to be able to monitor threats at an individual device level.
In addition to the challenge of protecting an expanding, flexible device fleet, IT teams are also battling the fact that endpoint attacks are on the rise. And, as the number of attacks increases, so does the sophistication with which they’re carried out. Because of this, 68% of organizations recently experienced one or more endpoint attacks that successfully compromised their IT infrastructure and/or their data.
Despite this risk, many organizations struggle to keep on top of the most crucial step in securing their endpoints: detecting vulnerabilities and remediating them by deploying patches. In fact, across managed enterprise Android devices, only 21.2% of updates are made immediately. The rest are windowed, deferred or—in the case of alarming 48.5% of updates—not managed at all.
Unpatched devices are more susceptible to exploit via malicious applications than devices with patches deployed. Knowing this, it’s critical that IT teams take steps to actively scan their systems for vulnerabilities, as well as address them when found.
And the most effective way to do this, says Leonard, is to unify software management with security processes.
“Some tools do a very good job at reporting that you have a security problem, but show you no path to actually resolve it,” Leonard explains. “Unifying that security with a management technology means that you can actually resolve security issues, not just identify them.
“There’s recently been a lot of customer pressure—look at the Kaseya and SolarWinds breaches, for example—to reduce the number of agents that are running on endpoints. And by unifying multiple technologies into a single product or single agent, you can simplify the whole implementation of the technology, reduce the agent footprint on your workstations, and ultimately reduce costs.”
Mitigating Hybrid Risk
Around 58% of organizations around the world have workforces that “telework”. Four of the top nine security concerns when it comes to teleworking involve attacks on endpoints and, as we move into a new era of hybrid working, we can expect endpoint security to continue to be a priority, says Leonard.
“When COVID first hit, a lot of companies got caught because they had on-premises tools that just didn’t work well with highly distributed environments.
“In fact, some customers that we work with now had been trying to deploy patches through their VPN, and that crashed the whole VPN! It was crazy in the early days.
“Now, we’re seeing companies coming back to the office in a hybrid manner, and along with that we’re seeing some interesting changes. You’ve got a lot of devices that are either BYOD or corporate-owned devices, which have been in someone’s house. Now, who knows what’s been going on in that home? You’ve got children visiting who-knows-which websites, and so on.
“So, you’ve got a set of now devices that are coming back to the office and being plugged into the corporate network; they’re inside the shell of the firewall. And this creates real exposure problems.”
There are a few steps to mitigating the risk of trusted devices bringing malicious content from an external environment into the corporate network, says Leonard. First, organizations need to create an accurate map of their endpoints, including those on-premises and being used off-site. Second, they need to quarantine devices that are returning to the network from external environments, so that they can’t communicate directly with the network. This prevents the potential spread of malware throughout corporate systems connected to the network. Third, the device needs to be scanned, patched and updated.
“Finally, once it meets those minimum security requirements, you can un-quarantine the device and let it onto the corporate network, where it is allowed lateral communications,” Leonard explains.
While that might sound a little complex to carry out manually, the Syxsense platform offers the technology to make this process simple. Their Syxsense Cortex engine enables organizations to facilitate threat remediation by helping them set up the workflows needed to quarantine, secure, and release devices back into the corporate network.
“That’s why customers come to us—to leverage our workflow technologies,” Leonard says.
Gaining Insight Is Key
As the threat landscape continues to evolve, there’s one thing that all organizations can do to help protect themselves against the increasingly sophisticated endpoint attacks that we’re currently seeing, says Leonard. And that’s to gain insight into their network.
“Around 50% of companies that have a breach will be breached again within 24 months. Very frequently, for example, even if you’ve paid the ransom, there will be remnants left inside the organization.
“So, you need to get your head around exactly what’s inside your infrastructure; knowing what’s installed and what’s changed in the environment is incredibly powerful.
“At Syxsense, we can show you what the computer looked like two weeks ago and what it looks like today, and tell you what has changed during those two weeks. So, you can see that a password was changed, or that a service was installed on the device.
“Making these comparisons between environments allows you to identify any changes that might open up some back door to let an attacker in.”
Thank you to Ashley Leonard for taking part in this interview. You can find out more about Syxsense and their endpoint security platform at their website and via their LinkedIn profile.