Closing the Endpoint Visibility Gap: Critical Questions to Ask

Eliminate the manual work of collating endpoint information when security incidents occur by gaining rapid, actionable insights into device data.

istock 1086701238
iStock

The future of work involves connecting everyone and everything across a widely distributed, global business environment. At the same time, this ecosystem must be securely resilient to mitigate threats to the rapidly growing volume of connected devices.

To do that, you must be able to see what you are defending — and quickly. Once an incident occurs, response must be rapid to contain and remediate the attack, and avoid significant business disruption.

However, gaining fast insights into the vast number of endpoints in today’s hybrid workforce and IT environments is not an easy task. For starters, there’s the sheer volume of endpoints connecting to IP networks. In 2018 there were 18.4 billion networked devices, according to the Cisco Annual Internet Report. That’s expected to jump to 29.3 billion by 2023.

Another significant challenge: It’s nearly impossible to react to something you can’t see. Massive amounts of data from siloed solutions only adds to the complexity. Many solutions aren’t designed to consolidate, discover, and normalize all the data from all these devices. This deficiency causes considerable upfront work when an attack occurs to understand the identity of the endpoint — as well as if, and how widely, the event has spread.

“It’s a problem anywhere or anytime you don’t have integration among different security products,” says Aaron Woland, Distinguished Engineer, Cisco.

For example, Woland says it’s common for security investigators to use spreadsheets for their endpoint asset inventories, or they might be using scripts they’ve written to pull together data from different security tools. “This makes it an extremely painful process to figure out during an incident what an endpoint looks like, whether the organization is vulnerable, whether a firewall had been turned off, if the endpoint is meeting security policies, etc.” 

All this manual work slows the ability to respond and remediate. And the longer it takes, the greater the potential for damage or downtime.

Faster and actionable endpoint insights

To gain greater visibility across a multitude of security tools, Woland suggests that IT security leaders start by asking themselves several questions, including:

  • How many devices and endpoints are within the IT environment? How regularly is the IT asset inventory updated?
  • Do the security operations center (SOC) team and investigators have access to all the information necessary to complete an investigation with any level of certainty about the status and security of endpoints?
  • Do SOC investigators have detailed endpoint information at their fingertips — obtainable with a few clicks — or do they need to collate this manually?
  • Are security and network solutions talking to each other to ensure nothing is missed? For example, what are the chances there are endpoints that are not detected by traditional solutions?

Each of these questions relate to the need for a comprehensive, easily accessible inventory of endpoints, rather than a piecemeal solution of spreadsheets or scripts.

“Organizations need a complete and accurate picture of their endpoints, and whether there are any vulnerabilities or gaps as a result of all their different security systems,” Woland says.

Integration provides this holistic view. For example, the Cisco SecureX platform, a cloud-based solution, uses device insights to unify data from multiple device managers and security products. It is not simply a dashboard that pulls together info from different sources. It proactively fetches data, including what’s available in Cisco products such as Cisco Secure Endpoint, Orbital, Duo, and Umbrella — as well third-party sources including Microsoft Intune, MobileIron, and more.

“Device insights tells you the ‘what’ and ‘where’ of all endpoints, as well user identity and activity,” Woland says. “This gives you unprecedented, contextual insights so that security teams can take rapid action. It allows you to focus on the nail, not the hammer.”

SecureX device insights solves for critical questions that almost every enterprise IT organization has: What are the endpoints consuming my IT services? Are they managed by my IT department? Do they have the required endpoint security agents in place?

“These are at the heart of any attempt at implementing a Zero Trust program,” says Rich West, Distinguished Engineer, Cisco Security and Trust Organization.

Those insights not only give security teams confidence in the organization’s systems, they also provide greater resiliency to mitigate threats amid today’s highly distributed IT and workforce environments.

There's no better place to start or enhance your XDR strategy than with Cisco Secure Endpoint. See how you can speed investigation and response with enriched insights into your on-premises and cloud assets. Click here for a free trial.

 

Related:

Copyright © 2022 IDG Communications, Inc.