One of the primary reasons firms continue to have their Security compromised is that they are unaware of the number of endpoints connected to their networks or the state in which those endpoints are. According to CISOs interviewed by VentureBeat, consolidating Endpoint security and identity management will assist in cutting down on the number of unidentified endpoints and make identity management more resistant to assaults in the future. However, most businesses are still operating in the dark regarding their knowledge of the present state of each network endpoint.
It is widely recognized that cybercriminal gangs, advanced persistent threat (APT) groups, and other cyber attackers know that most businesses possess only a general estimate of the number of endpoints within their network. These organizations also understand the significant divide between identity protection and endpoint security. They perfect their tradecraft with the help of ChatGPT and other generative AI tools and then utilize those tools to launch attacks.
Sixty percent of businesses know less than seventy-five percent of the endpoint devices connected to their network. Only 58% of companies can identify every asset on their network that has been attacked or is vulnerable to strike within 24 hours following an attack or vulnerability. It’s a digital epidemic that nobody likes to talk about since everyone is familiar with a business or a team that got in trouble for not being aware of every endpoint. It is also usual to encounter companies who cannot track up to forty percent of their endpoints in their infrastructure.
To demonstrate their worth, endpoints need to provide better resilience.
According to statements made to VentureBeat by CISOs and CIOs, expenditures for cybersecurity have come under heightened scrutiny due to revenue falling short of projections. According to CISOs from the manufacturing, financial services, and insurance industries that VentureBeat interviewed, new sales cycles are taking longer, existing customers are asking for price discounts and extended maturities, and this year is proving challenging to recruit new business customers.
Marcus Fowler, CEO of the artificial intelligence cybersecurity business Darktrace, stated that to optimize return on investment (ROI), chief information security officers (CISOs) must demonstrate investment into proactive technologies and capabilities that continuously improve their cyber resilience.
According to projections made by Boston Consulting Group, traditional endpoint protection systems and unified endpoint management will be among the most significant areas of market consolidation in cybersecurity. The Boston Consulting Group published an article titled “As Budgets Get Tighter, Cybersecurity Must Get Smarter” on April 24, 2023, as part of their “BCG’s Annual Cybersecurity Survey 2023.”
Additionally, BCG found that 78% of advanced companies routinely analyze their cyber-operational enhancements’ return on investment (ROI). As a result of the numerous interviews that it conducts with CISOs, VentureBeat has learned that consolidation is a very high priority. According to the findings of the BCG survey, the most popular areas in which chief information security officers (CISOs) want to consolidate spending are firewalls, user authentication, access management, and endpoint protection platforms. To summarize, these platforms must deliver more resilience for endpoint security solutions to maintain their budget position.
A frequently posed inquiry from organizations pertains to augmenting resilience and fortifying their defense mechanisms, despite the possibility of a reduced workforce or financial constraints. During an interview with BNN Bloomberg, Christy Wyatt, who holds the positions of President and Chief Executive Officer at Absolute Software, provided insights on cyber-resiliency. Wyatt emphasized that the current situation further heightens the significance of cyber-resiliency. Our unique selling proposition lies in our ability to aid clients in reinstalling or repairing their cybersecurity assets or applications. One of my clients made a statement that can be quoted as follows: “It is akin to having an additional IT personnel within the premises.”
The top ten problems with endpoint security, along with some possible solutions
Consolidation must be a primary focus for any firm that wants to improve its endpoint security posture management. According to the findings of the BCG survey, chief information security officers are under tremendous pressure to unify the endpoint protection systems they use. To drive additional consolidation-driven sales, you may expect the significant vendors of endpoint protection platforms (EPPs), endpoint detection and response (EDR), and extended detection and response (XDR) to either acquire more complementary technologies or fast-track research internally. Absolute Software, BitDefender, CrowdStrike, Cisco, ESET, FireEye, Fortinet, F-Secure, Ivanti, Microsoft, McAfee, Palo Alto Networks, Sophos, and Zscaler are among the companies that fall under this category of service providers.
The following are the top ten difficulties that will determine their mergers and acquisitions, development operations, and technological partnership strategies:
1. Inadequate real-time telemetry data prevents endpoint lifecycles from being extended and prevents the identification of breaches and attacks.
For an endpoint security strategy to be successful, it must collect real-time telemetry data from endpoints. This data is necessary for determining whether or not an intrusion or breach is currently taking place. It is also essential to identify the hardware and software configuration of the endpoint down to every level, including the file, process, registry, network connection, and device data.
Major vendors such as Absolute Software, BitDefender, CrowdStrike, Cisco, Ivanti, and Microsoft Defender for Endpoint, which ensures endpoint data security in Microsoft Azure, utilize real-time telemetry data to produce endpoint analytics. Microsoft Defender for Endpoint protects endpoint data within the Microsoft Azure environment.
Calculating indicators of attack (IOAs) and indications of compromise (IOCs) in real-time requires using real-time telemetry data, which CrowdStrike, ThreatConnect, Deep Instinct, and Orca Security use. Regardless of the malware or vulnerability utilized in an attack, the primary aim of IOAs is to determine the attacker’s objectives and discover their purpose. Indicators of compromise (IOC), which provide forensic evidence to show that a network has been compromised, complement IOAs.
The automation of IOAs is necessary to provide precise and up-to-date information for the purpose of comprehending the motives of attackers and thwarting their attempts at intrusion. CrowdStrike was the pioneering organization in the field to create IOAs that leverage artificial intelligence to safeguard endpoints through the utilization of up-to-the-minute telemetry data. As per the enterprise’s statement, IOAs that are powered by AI operate in an asynchronous manner in conjunction with sensor-based machine learning and additional sensor-based protective measures.
2. configured and overloaded endpoints are security catastrophes waiting to happen.
As per the data shared by Chief Information Security Officers (CISOs), it is a frequent occurrence for endpoints to possess numerous endpoint agents, sometimes even exceeding a count of twelve. Upon the departure of a Chief Information Security Officer (CISO) and the subsequent hiring of a replacement, it is common practice for the incoming CISO to prioritize the installation of their preferred endpoint system. It is anticipated that memory-related issues, including but not limited to conflicts, errors, and reduced performance, may arise. As per the findings of the Absolute 2023 Resilience Index, it has been observed that endpoint devices of enterprises commonly possess over 11 security applications installed. On average, endpoint management encompasses 2.5 applications, while antivirus/anti-malware involves 2.1 applications and encryption involves 1.6 applications. As per the data furnished by Chief Information Security Officers (CISOs), endpoint overload is a common issue that arises with the implementation of new security teams and managers.
Because endpoints are so overbuilt with required Software for each client, this is one of the most challenging difficulties to overcome because it is one of the most difficult problems. CISOs recommend doing an exhaustive audit of the master images for each endpoint type or category, after which the photos should be consolidated to include just the absolute essential agents. This contributes to a reduction in expenditures while also improving efficacy, visibility, and control.
3. Using outdated patch management solutions that require device inventories as a primary method
According to Chief Information Security Officers, their teams are already working at total capacity to keep networks, systems, and virtual employees secure. They frequently do not have enough time to apply patches before the deadline. 71% of IT and security professionals believe that patching is too tricky and time-consuming, and 53% spend the majority of their effort organizing and prioritizing significant vulnerabilities.
After conducting past interviews with CISOs and CIOs, VentureBeat has discovered that taking a data-driven strategy can be beneficial. Artificial intelligence (AI) and machine learning (ML) are two more forms of cutting-edge technology used by several suppliers as a solution to this issue.
According to the Ivanti State of Security Preparedness 2023 Report findings, patch management operations are re-started 61% of the time due to an external event, an attempted intrusion, or a breach. The sector’s ethos is still one of reaction and response, despite companies hurrying to protect themselves from cyberattacks.
According to Dr. Srinivas Mukkamala, the Chief Product Officer of Ivanti, in a recent interview with VentureBeat, the complexity and time-consuming nature of patching is not surprising to IT and security professionals, given the current identification of over 160,000 vulnerabilities. The statement made requires a citation to support its validity. Mukkamala’s remarks were elicited by an inquiry regarding the impact of patching on professionals in the fields of information technology and security. As a consequence, it is imperative for organizations to incorporate artificial intelligence (AI) solutions in order to assist their teams in prioritizing, validating, and implementing patches. The forthcoming security landscape is poised to delegate mundane and iterative responsibilities, which are deemed suitable for automation, to AI copilots. This will enable IT and security teams to concentrate on strategic initiatives that are aligned with the organization’s objectives.
Automox, Ivanti Neurons for Patch Intelligence, Kaseya, ManageEngine, and Tanium are among the companies that are considered to be industry leaders in this area.
4. Maintaining the most recent settings of BYOD assets while ensuring compliance
Most of the effort that security teams can dedicate to endpoint asset management is spent on maintaining the accuracy and conformity of the configurations of corporate-owned devices. Teams seldom get to BYOD endpoints, and IT organizations’ restrictions about employees using their own devices are frequently too vague to be of any use. Workflows for setting and deploying corporate and BYOD endpoint devices must be streamlined and automated by endpoint security platforms to meet industry standards.
CrowdStrike Falcon, Ivanti Neurons, and Microsoft Defender for Endpoint are examples of industry-leading endpoint platforms capable of doing this now at scale and have already deployed their solutions to organizations. These platforms correlate threat data from emails, endpoints, identities, and apps.
5. Implementing a focused UEM approach to prevent attacks on top management conducted via their mobile devices
The most recent cybercrime is whale phishing, affecting thousands of C-suites. According to the findings of the Ivanti State of Security Preparedness 2023 Report, CEOs have a probability of being victims of phishing that is four times higher than that of employees. Phishing scams have fooled nearly one-third of CEOs and members of senior management at some point, either by tricking them into clicking on a link or convincing them to pay money.
A unified endpoint management (UEM) platform is necessary to ensure every mobile device’s safety. The danger of a breach can be reduced with the help of advanced UEM platforms’ ability to automate configuration management and assure corporate compliance.
UEM platform suppliers should merge to give more value at reduced costs, as requested by CISOs. The influence that chief information security officers have had on product strategy at companies such as IBM, Ivanti, ManageEngine, Matrix42, Microsoft, VMWare, Blackberry, Citrix, and others is reflected in the most recent Magic Quadrant for Unified Endpoint Management Tools published by Gartner.
6. There are an excessive number of IT, security, and contractor team personnel who have administrative access to endpoints, applications, and systems.
Auditing access privileges and locating former workers, contractors, and suppliers who still have admin privileges configured in Active Directory, identity and access management (IAM), and privileged access management (PAM) systems is the first step CISOs must take to meet their responsibilities. Auditing and tracking any identity-related activity is necessary to close trust gaps and lower the risk of insider attacks. Eliminating unnecessary access privileges, such as those associated with deactivated accounts, is required.
Kapil Raina, the Vice President of Zero-Trust Marketing at CrowdStrike, has expressed his endorsement of the notion that auditing and identifying all credentials, both human and machine, is a commendable strategy. This approach can help identify attack paths, including those originating from shadow admin privileges, and subsequently adjust privileges either through automated or manual means.
7. The various identities comprising an endpoint require a more efficient administration regarding both keys and digital certificates.
The administrators of a network need to be able to identify each machine in the network to effectively monitor and safeguard the connections and communications between the devices. However, endpoints increasingly take on different identities, making it difficult to simultaneously secure each identity and the endpoint itself.
Because of this, there needs to be a greater emphasis placed on the administration of keys and digital certificates. SSL, SSH keys, code-signing certificates, TLS, and authentication tokens are the mechanisms that are used to assign digital identities. Attackers in the digital realm go after SSH keys, attempting either to circumvent code-signed certificates or to compromise SSL and TLS certificates.
Security teams aim to ensure the accuracy, integrity, and dependability of every identification. CheckPoint, Delinea, Fortinet, IBM Security, Ivanti, Keyfactor, Microsoft Security, Venafi, and Zscaler are the industry’s most prominent service providers.
8. unreliable endpoint systems that fail frequently report excessive false positives and need significant time to repair.
According to CISOs who spoke with VentureBeat, this is the most difficult challenge since it involves endpoints that either can’t reset themselves after a reconfiguration or require human workarounds that need excessive monitoring resources.
Getting rid of legacy endpoint systems and replacing them with self-healing endpoints is an effective way to cut down on software agent sprawl. Self-healing endpoints will, by definition, power themselves down and evaluate their essential components, beginning with the operating system. After that, patch versioning will be performed, and then the endpoint will automatically reset itself to an optimal configuration without any assistance from a human.
Absolute Software offers a non-erasable digital rope attached to any PC-based endpoint to track and validate real-time data requests and transactions. Several panes provide self-healing endpoints, the most prominent of which are Beinaremai, Ivanti, Malwarebytes, Microsoft, SentinelOne, Tanium, and Trend Micro. The Resilience platform from Absolute is notable for its ability to provide real-time visibility and control of any device, regardless of whether or not the device is connected to the network.
9. Relying on a collection of standalone tools to fill endpoint gaps or obtain a comprehensive view of threats is insufficient.
Normalizing reports generated by multiple standalone technologies is challenging, time-consuming, and costly. To work around this limitation, SOC teams must manually correlate threats across endpoints and identities. Viewing all activities on a single page is impossible because different tools use various alerts, data structures, reporting formats, and variables.
The Chief Information Security Officers that VentureBeat interviewed for this piece all had the same vision as Mukkamala: to manage every user profile and client device from a single pane of glass.
10. Multi-factor authentication (MFA) and passwordless technologies fill the security holes left by identity-based endpoints.
CISOs and security teams should begin by incorporating multi-factor authentication (MFA) into processes and limiting its impact on user experiences to increase the likelihood that employees across the firm will support MFA. Additionally, teams have a responsibility to remain current on passwordless solutions, which, in the long run, will eliminate the requirement for MFA and result in a more simplified user experience.
Microsoft Azure Active Directory (Azure AD), OneLogin Workforce Identity, Thales SafeNet Trusted Access, and Windows Hello for Business are among the most prominent suppliers of passwordless authentication.
As more companies move their workforces online, compliance with identity management protocols on mobile devices has emerged as a critical necessity. Ivanti’s Zero Sign-On (ZSO) is the only solution in this sector that offers passwordless authentication, zero trust, and a streamlined user experience on its unified endpoint management (UEM) platform. This makes it unique among the solutions available in this sector.
The solution offered by Ivanti is designed to facilitate the use of biometric authentication methods, such as Apple’s Face ID, as a supplementary means of verifying the identity of users seeking access to personal or shared corporate accounts, data, and systems. By employing FIDO2 authentication techniques, Ivanti ZSO eliminates the necessity for users to recall and input passwords. As per the details furnished to VentureBeat by Chief Information Security Officers (CISOs), the configuration of the aforementioned system can be accomplished on any mobile device sans the need for supplementary agents to ensure its up-to-dateness.
10. The future has arrived thanks to AI-driven security breaches.
Attackers are honing their skills to take advantage of unprotected endpoints, make the most of gaps between unprotected identities and endpoints, and engage in whale phishing at a higher rate. In response, security and information technology teams need to take on the problems of increasing endpoint security. Revolutionizing endpoint security is artificial intelligence (AI) and machine learning (ML), and the ten issues that are briefly covered in this article are driving new product development across a wide variety of cybersecurity startups and leading vendors.
Every company must take these precautions to defend itself from attackers already using generative AI, ChatGPT, and other complex, comprehensive assaults to steal identities and privileged access credentials and compromise endpoints without being discovered.
