Skip to content

Posts from the ‘Absolute Software’ Category

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

  • Remote working’s rapid growth is making endpoint security an urgent priority for all organizations today.
  • Cloud-first deployment strategies dominate the innovations on this year’s Hype Cycle for Endpoint Security.
  • Zero Trust Security (ZTNA) is gaining adoption in enterprises who realize identities are the new security perimeter of their business.
  • By 2024, at least 40% of enterprises will have strategies for adopting Secure Access Service Edge (SASE) up from less than 1% at year-end 2018.

These and many other new insights are from Gartner Hype Cycle for Endpoint Security, 2020 published earlier this year and the recent announcement, Gartner Says Bring Your Own PC Security Will Transform Businesses within the Next Five Years. Gartner’s definition of Hype Cycles includes five phases of a technology’s lifecycle and is explained here.  There are 20 technologies on this year’s Hype Cycle for Endpoint Security. The proliferation of endpoint attacks, the rapid surge in remote working, ransomware, fileless and phishing attacks are together, creating new opportunities for vendors to fast-track innovation. Cloud has become the platform of choice for organizations adopting endpoint security today, as evidenced by the Hype Cycle’s many references to cloud-first deployment strategies.  The Gartner Hype Cycle for Endpoint Security, 2020, is shown below:

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

 

Details Of What’s New In Gartner’s Hype Cycle for Endpoint Security, 2020

  • Five technologies are on the Hype Cycle for the first time reflecting remote working’s rapid growth and the growing severity and sophistication of endpoint attacks. Unified Endpoint Security, Extended Detection and Response, Business E-Mail Compromise Protection, BYOPC Security and Secure Access Service Edge (SASE) are the five technologies added this year. Many organizations are grappling with how to equip their remote workforces with systems, devices and smartphones, with many reverting to have employees use their own. Bring your PC (BYOPC) has become so dominant so fast that Gartner replaced BYOD on this year’s Hype Cycle with the new term. Gartner sees BYOPC as one of the most vulnerable threat surfaces every business has today. Employees’ devices accessing valuable data and applications continues to accelerate without safeguards in place across many organizations.
  • Extended detection and response (XDR) are on the Hype Cycle for the first time, reflecting the trend of vendor consolidation across cybersecurity spending today. Gartner defines XDR as a vendor-specific, threat detection and incident response tool that unifies multiple security products into a security operations system. XDR and its potential to reduce the total cost and complexity of cybersecurity infrastructures is a dominant theme throughout this year’s Hype Cycle. XDR vendors are claiming that their integrated portfolios of detection and response applications deliver greater accuracy and prevention than stand-alone systems, driving down Total Cost of Ownership (TCO) and increasing productivity. Key vendors in XDR include Cisco, FireEye, Fortinet, McAfee, Microsoft, Palo Alto Networks, Sophos, Symantec and Trend Micro.
  • Business email compromise (BEC) protection is on the Hype Cycle for the first time this year. Phishing attacks cost businesses $1.8B in 2019, according to the FBI, underscoring the need for better security in the area of business email. Gartner defines business email compromise (BEC) protection as a series of solutions that detect and filter malicious emails that fraudulently impersonate business associates to misdirect funds or data. There have been many instances of business email compromise attacks focused on C-level executives, hoping that a fraudulent directive from them to subordinates leads to thousands of dollars being transferred to outside accounts or being sent in gift cards. Gartner found that fraudulent invoices accounted for 39% of such attacks in 2018, posing an internal risk to organizations and reputation risk.
  • Unified Endpoint Security (UES) is being driven by IT organizations’ demand for having a single security console for all security events. Gartner notes that successful vendors in UES will be those that can demonstrate significant productivity gains from the integration of security and operations and those that can rapidly process large amounts of data to detect previously unknown threats. CIOs and CISOs are looking for a way to integrate UES and Unified Endpoint Management (UEM), so their teams can have a single, comprehensive real-time console of all devices that provides alerts of any security events. The goal is to adjust security policies across all devices. Absolute’s approach to leveraging their unique persistence, resilience and intelligence capabilities are worth watching. Their approach delivers unified endpoint security by relying on their Endpoint Resilience platform that includes a permanent digital tether to every endpoint in the enterprise. By having an undeletable digital thread to every device, Absolute is enabling self-healing, greater visibility and control. Based on conversations with their customers in Education and Healthcare, Absolute’s unique approach gives IT complete visibility into where every device is at all times and what each device configuration looks like in real-time.
  • Unified Endpoint Management (UEM) is expanding rapidly beyond managing PCs and mobile devices to provide greater insights from endpoint analytics and deeper integration Identity and Access Management. Gartner notes interest in UEM remains strong and use-case-driven across their client base. UEM’s many benefits, including streamlining continuous OS updates across multiple mobile platforms, enabling device management regardless of the connection and having an architecture capable of supporting a wide range of devices and operating systems are why enterprises are looking to expand their adoption of UEM. Another major benefit enterprises mention is automating Internet-based patching, policy, configuration management. UEM leaders include MobileIron, whose platform reflects industry leadership with its advanced unified endpoint management (UEM) capabilities. MobileIron provides customers with additional security solutions integrated to their UEM platform, including passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD). MTD is noteworthy for its success at MobileIron customers who need to validate devices at scale, establish user context, verify network connections, then detect and remediate threats.
  •  Gartner says ten technologies were either removed or replaced in the Hype Cycle because they’ve evolved into features of broader technologies or have developed into tools that address more than security. The ten technologies include protected browsers, DLP for mobile devices, managed detection and response, user and entity behavior analytics, IoT security, content collaboration platforms, mobile identity, user authentication, trusted environments and BYOD being replaced by BYOPC.

 

Answers To Today’s Toughest Endpoint Security Questions In The Enterprise

Answers To Today's Toughest Endpoint Security Questions In The Enterprise

  • Enterprises who are increasing the average number of endpoint security agents from 9.8 last year to 10.2 today aren’t achieving the endpoint resilience they need because more software agents create more conflicts, leaving each endpoint exposed to a potential breach.
  • 1 in 3 enterprise devices is being used with a non-compliant VPN, further increasing the risk of a breach.
  • 60% of breaches can be linked to a vulnerability where a patch was available, but not applied. Windows 10 devices in enterprises are, on average, 95 days behind on patches.

CIOs, CISOs and cybersecurity teams say autonomous endpoint security is the most challenging area they need to strengthen in their cybersecurity strategy today. Software agents degrade faster than expected and conflict with each other, leaving endpoints exposed. Absolute’s 2020 State of Endpoint Resilience Report quantifies the current state of autonomous endpoint security, the scope of challenges CISOs face today and how elusive endpoint resiliency is to achieve with software agents. It’s an insightful read if you’re interested in autonomous endpoint security.

Endpoint Security Leads CISOs’ Priorities In 2020

With their entire companies working remotely, CIOs and CISOs I’ve spoken with say autonomous endpoint security is now among their top three priorities today. Cutting through the endpoint software clutter and turning autonomous endpoint security into a strength is the goal. CISOs are getting frustrated with spending millions of dollars among themselves only to find out their endpoints are unprotected due to software conflicts and degradation.  Interested in learning more, I spoke with Steven Spadaccini, Vice President, Sales Engineering at Absolute Software and one of the most knowledgeable autonomous endpoint cybersecurity experts I’ve ever met. Our conversation delved into numerous cybersecurity challenges enterprise CIOs and CISOs are facing today. My interview with him is below:

The Seven Toughest Questions the C-Suite Is Asking About Endpoint Security

Louis: Thank you for your time today. I have seven questions from CIOs, CISOs and their teams regarding endpoint security. Let’s get started with their first one. What happens if an endpoint is compromised, how do you recover, encrypt, or delete its data?

Steven:  It’s a challenge using software agents, both security and/or management, to do this as each agents’ tools and features often conflict with each other, making a comprised endpoints’ condition worse while making it virtually impossible to recover, encrypt, delete and replace data. The most proven approach working for enterprises today is to pursue an endpoint resilience strategy. At the center of this strategy is creating a root of trust in the hardware and re-establishes communication and control of a device through an unbreakable digital tether. I’m defining Endpoint Resilience as an autonomous endpoint security strategy that ensures connectivity, visibility and control are achieved and maintained no matter what is happening at the OS or application level. Taking this approach empowers devices to recover automatically from any state to a secure operational state without user intervention. Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning

Louis: Do endpoint software security solutions fail when you lose access to the endpoint, or is the device still protected at the local level?

Steven: When they’re only protected by software agents, they fail all the time. What’s important for CISOs to think about today is how they can lead their organizations to excel at automated endpoint hygiene. It’s about achieving a stronger endpoint security posture in the face of growing threats. Losing access to an endpoint doesn’t have to end badly; you can still have options to protect every device. It’s time for enterprises to start taking a more resilient-driven mindset and strategy to protecting every endpoint – focus on eliminating dark endpoints. One of the most proven ways to do that is to have endpoint security embedded to the BIOS level every day. That way, each device is still protected to the local level. Using geolocation, it’s possible to “see” a device when it comes online and promptly brick it if it’s been lost or stolen.

Louis: How can our cybersecurity team ensure compliance that all cybersecurity software is active and running on all endpoints?

Steven: Compliance is an area where having an undeletable tether pays off in a big way. Knowing what’s going on from a software configuration and endpoint security agent standpoint – basically the entire software build of a given endpoint – is the most proven way I’ve seen CISOs keep their inventory of devices in compliance. What CISOs and their teams need is the ability to see endpoints in near real-time and predict which ones are most likely to fail at compliance. Using a cloud-based or SaaS console to track compliance down to the BIOS level removes all uncertainty of compliance. Enterprises doing this today stay in compliance with HIPAA, GDPR, PCI, SOX and other compliance requirements at scale. It’s important also to consider how security automation and orchestration kicks on to instantly resolve violations by revising security controls and configurations, restoring anti-malware, or even freezing the device or isolating it from data access. Persistent visibility and control give organizations what they need to be audit-ready at every moment.

Having that level of visibility makes it easy to brick a device. Cybersecurity teams using Absolute’s Persistence platform can lead to humorous results for IT teams, who call the bricking option a “fun button as they watch hackers continually try to reload new images and right after they’re done, re-brick the device again. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and one had been resold on the black market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image rebuild “brick me.”

Louis: With everyone working remote today, how can we know, with confidence where a given endpoint device is at a moments’ notice?

Steven: That’s another use case where having an undeletable tether pays off in two powerful ways: enabling autonomous endpoint security and real-time asset management. You can know with 100% confidence where a given endpoint device is in real-time so long as the device is connected to a permanent digital tether . Even if the device isn’t reachable by your own corporate network it’s possible to locate it using the technologies and techniques mentioned earlier. CIOs sleep better at night knowing every device is accounted for and if one gets lost or stolen, their teams can brick it in seconds.

Louis: How can our IT and cybersecurity teams know all cybersecurity applications are active and protecting the endpoint?

Steven: By taking a more aggressive approach to endpoint hygiene, it’s possible to know every application, system configuration and attributes of user data on the device. It’s important not to grow complacent and assume the gold image IT uses to configure every new or recycled laptop is accurate. One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image is an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.

Louis: How can we restrict the geolocations of every endpoint?

Steven: This is an area that’s innovating quickly in response to the needs enterprises have to track and manage assets across countries and regions. IP tracking alone isn’t as effective as the newer techniques, including GPS tracking, Wi-Fi triangulation, with both integrated into the Google Maps API. Enterprises whose business relies on Personal Identifiable Information (PII) is especially interested in and adopting these technologies today. Apria Healthcare is currently using geofencing for endpoint security and asset management. They have laptops in use today across Indonesia, the Philippines and India. Given the confidential nature of the data on those devices and compliance with local government data protection laws, each laptop needs to stay in the country they’re assigned to. Geofencing gives Apria the power to freeze any device that gets outside of its region within seconds, averting costly fines and potential breaches.

Louis: How can our IT team immediately validate an endpoint for vulnerabilities in software and hardware?

Steven: The quickest way is to design in audit-ready compliance as a core part of any endpoint resilience initiative. Endpoint resilience to the BIOS level makes it possible to audit devices and find vulnerabilities in real-time, enabling self-healing of mission-critical security applications regardless of complexity. The goal of immediately validating endpoints for current security posture needs to be a core part of any automated endpoint hygiene strategy. It’s possible to do this across platforms while being OS-agnostic yet still accessible to over 500M endpoint devices, deployed across Microsoft Windows, macOS via a Mac Agent and Chrome platforms.

Conclusion

Knowing if their autonomous endpoint security and enterprise-wide cybersecurity strategies are working or not is what keeps CIOs up the most at night. One CISO confided to me that 70% of the attempted breaches to his organization are happening in areas he and his team already knew were vulnerable to attack. Bad actors are getting very good at finding the weakest links of an enterprises’ cyber defenses fast. They’re able to look at the configuration of endpoints, see which software agents are installed, research known conflicts and exploit them to gain access to corporate networks. All this is happening 24/7 to enterprises today. Needing greater resilient, persistent connections to every device, CISOs are looking at how they can achieve greater resilience on every endpoint. Capitalizing on an undeletable tether to track the location of the device, ensure the device and the apps on that device have self-healing capabilities and gain valuable asset management data  – these are a few of the many benefits they’re after.

Improving Online Learning Experiences One Secured Endpoint At A Time

Improving Online Learning Experiences One Secured Endpoint At A Time

Bottom Line: Defining the perfect mix of cloud apps, platforms and secured endpoints to create compelling online learning experiences customizable to students’ learning strengths is how schools are overcoming the challenge of virtual teaching.

There are over 56 million students in the U.S. alone who are relying on remote learning apps, platforms and autonomous endpoint security to protect them as they pursue their education. School districts, online educators and teachers quickly realized the move to 100% online classes could mean the end to outdated mechanized approaches to teaching. Eager to teach using technologies that tailor individual learning programs to every student’s unique learning strengths, schools are combining cloud, e-learning and endpoint security with strong results. Combining technologies gives every student regardless of their socioeconomic background a chance to excel. The goal is to provide unique personalized instruction at scale using a teaching technique called scaffolding. Scaffolding stresses creating an individual learning plan for each student complete with reinforcement for each lesson.

Why Cybersecurity Is The Cornerstone Of Online Learning 

Tailoring the latest technologies to the diverse needs of online learners is the easy part of creating an online learning program. Far more difficult is choosing the right endpoint security strategies to protect their identities, every one of their video conference sessions with peers and teachers and thwarting breach attempts. Parents, teachers, students and administrators all need to trust an e-learning platform to make it work. The bottom line is an e-learning platform needs to create and grow trust while being adaptive enough to meet students’ unique learning needs.

Interested in learning more about how leading online educators are bringing together the latest cloud and autonomous endpoint security technologies to help students learn online, I recently interviewed Eric Ramos Chief Technology Officer at Duarte Unified School District and Dean Phillips, Senior Technology Director, David Atkins, Director of Marketing and Communications and Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber.  Duarte Unified School District (USD) serves the educational needs of 3,400 scholars at the elementary, K-8 and high school levels. The Pennsylvania Cyber Charter School (PA Cyber) in Midland, PA, is one of the most experienced and successful online K-12 public schools in the nation serving over 12,000 students. Together the group of education professionals provided valuable insights into how educators can combine cloud, collaboration and cybersecurity applications to create more personalized, effective learning experiences for students. David Atkins of PA Cyber says that their approach to e-learning is succeeding because they take a fully holistic view of the student, their family and their situation. “Our collaboration with the student starts from the very moment that there’s interest in having some sort of cyber education. And we go from enrollments, all the way through any issues of that students could have, or the students family could have and take them all the way through graduation’ David said. “We take the time to listen and see the student as a complete person.”

The following are the key insights based on our conversations:

  • Choosing to make cybersecurity the highest priority treats students as customers, protecting their unique online learning experiences while providing excellent access across all socioeconomic levels. That’s when online learning experiences excel. What’s impressive how committed the team of educators I spoke with is about making technology work as a catalyst to help every student achieve their educational goals across all socioeconomic levels. They’re also the most advanced at tailoring complex technologies to deliver customized online learning experiences with PA Cyber serving 12,000 remote students at once. “Each of our students is different and they’re looking to accomplish different things and they learn in different ways. We have a different classroom options that they can choose from. And we have a lot of different scaffolding options in place when it comes to our instructional platform, “Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber said. Eric Ramos, CTO at USD says that he and his staff “reach out to teachers and staff members and provide them with the latest cybersecurity alerts and make sure they are aware of how their autonomous endpoint security platform is securing every laptop and making their job of staying in compliance to security protocols easy.” Eric continued saying that, “having an undeletable digital tether gives my staff, senior educators and me peace of mind, especially with summer here and the need to keep track of the Chromebooks out with students and families.”
  • The more resilient the autonomous endpoint security on the laptop, the easier it is to secure, upgrade and locate each of them if they’re lost or stolen. Duarte Unified School District provides Chromebooks to students for use all year long, often also providing an Internet HotSpot as many students’ families don’t have Internet access. PA Cyber provides students a Dell laptop and an entire technology kit that includes printers and peripherals as well. Having an undeletable digital tether to every laptop makes it possible to keep every system up to date on security and system patches. Dean Phillips, Senior Technology Director at PA Cyber, says that it’s been very helpful to know each laptop has active autonomous endpoint security running at all times. Dean says that endpoint management is a must-have for PA Cyber “We’re using Absolute’s Persistence to ensure an always-on, two-way connection with our IT management solution, Kaseya®, which we use to remotely push out security patches, new applications and scripts. That’s been great for students’ laptops as we can keep updates current and know where the system is. Without an endpoint management solution on student laptops, it is very difficult to manage endpoints without that agent. So Absolute absolutely helps us with that as well. That’s been a big plus.” Eric Ramos, CTO, says that Absolute has been great, especially when student calls in and says they can’t find their laptop. I don’t know where it is. It’s lost or maybe stolen. We’re able to pull that up, figure out the last time it got pinged and we can locate that usually. Nine times out of 10, the student finds it by next day by just having that information. So that’s been crucial. It’s always been something we love having.”
  • Standardize on a secure cloud platform that is flexible enough to support scaffolding or individualized learning yet hardened enough to protect every laptop connected to it via an undeletable digital tether. A major challenge both online schools face is keeping their cloud platforms adaptive enough to support students’ varying skills yet also secure enough to protect every student online.  Dean Phillips, Senior Technology Director at PA Cyber, says that it’s best to “keep technology as simple as possible for the students and families. Standardization is key, I think, with everything you do from a technology standpoint. Making sure that you build from the inside out from the core. Your applications and networks and making sure that that’s consistent all the way to the endpoint, I think that’s extremely important.” PA Cyber’s lessons learned creating a secure and adaptive e-learning platform makes the goal of providing personalized instruction for every student achievable at scale.  Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber, explains how the school personalizes online instruction for every student. “It all starts when the student first comes to PA Cyber and we try to get an understanding of where they are and where they should be and where they want to see themselves, whether it’s in a month or in a couple years, or when they graduate from our school. So one of the things that we pride ourselves on here at this school is allowing for multiple modes of instruction for our students,” Jennifer said.
  • Capitalizing on the excellent asset management reporting autonomous endpoint security solutions have, CTOs and senior IT directors are gaining new insights into how to improve learning effectiveness. Having resilient, persistent connections to every endpoint with an undeletable digital tether also provides invaluable asset management data. Eric Ramos of Duarte USD and Dean Phillips of PA Cyber are leaders in this area of e-learning today. Eric Ramos says that asset management and activity reports made possible by the autonomous endpoint platform he is using from Absolute makes getting prepared for senior management meetings easy. “During principal meetings, I’m able to pull up these reports and say, look, these were the goals at the beginning of the year to use these four products at this amount of time. And here’s where you’re at on a small window. Or you can look at it over time and saying, this has been an increase here, this is a decrease here, these sites are doing really well with it, these sites may be not. But let’s now talk about what’s working for you. What are your teachers liking about the particular program? Or, program aside, how are your results coming about?” Eric Ramos, CTO said.

Conclusion

Delivering an excellent online learning experience needs to start with a cybersecurity strategy that includes autonomous endpoint security. Duarte USD and PA Cyber are leaders in this field, being among the first to see how combining core technologies while having an undeletable digital tether to every laptop is a must-have. Earning and growing the trust of parents, students, teachers and school administrators start with an endpoint security strategy that can adapt and grow as an e-learning program does.

Why Cybersecurity Is Really A Business Problem

Why Cybersecurity Is Really A Business Problem

Bottom Line: Absolute’s 2020 Endpoint Resilience Report illustrates why the purpose of any cybersecurity program needs to be attaining a balance between protecting an organization and the need to keep the business running, starting with secured endpoints.

Enterprises who’ve taken a blank-check approach in the past to spending on cybersecurity are facing the stark reality that all that spending may have made them more vulnerable to attacks. While cybersecurity spending grew at a Compound Annual Growth Rate (CAGR) of 12% in 2018, Gartner’s latest projections are predicting a decline to only 7% CAGR through 2023. Nearly every CISO I’ve spoken with in the last three months say prioritizing cybersecurity programs by their ROI and contribution to the business is how funding gets done today.

Cybersecurity Has Always Been A Business Decision

Overcoming the paradox of keeping a business secure while fueling its growth is the essence of why cybersecurity is a business decision. Securing an entire enterprise is an unrealistic goal; balancing security and ongoing operations is. CISOs speak of this paradox often and the need to better measure the effectiveness of their decisions.

This is why the findings from Absolute’s 2020 State of Endpoint Resilience Report​  are so timely given the shift to more spending accountability on cybersecurity programs. The report’s methodology is based on anonymized data from enterprise-specific subsets of nearly 8.5 million Absolute-enabled devices active across 12,000+ customer organizations in North America and Europe. Please see the last page of the study for additional details regarding the methodology.

Key insights from the study include the following:

  • More than one of every three enterprise devices had an Endpoint Protection (EP), client management or VPN application out of compliance, further exposing entire organizations to potential threats. More than 5% of enterprise devices were missing one or more of these critical controls altogether. Endpoints, encryption, VPN and Client Management are more, not less fragile, despite millions of dollars being spent to protect them before the downturn. The following graphic illustrates how fragile endpoints are by noting average compliances rate alongside installation rates:
  • When cybersecurity spending isn’t being driven by a business case, endpoints become more complex, chaotic and nearly impossible to protect. Absolute’s survey reflects what happens when cybersecurity spending isn’t based on a solid business decision, often leading to multiple endpoint security agents. The survey found the typical organization has 10.2 endpoint agents on average, up from 9.8 last year. One of the most insightful series of findings in the study and well worth a read is the section on measuring Application Resilience. The study found that the resiliency of an application varies significantly based on what else it is paired with. It’s interesting to see that same-vendor pairings don’t necessarily do better or show higher average compliance rates than pairings from different vendors. The bottom line is that there’s no guarantee that any agent, whether sourced from a single vendor or even the most innovative vendors, will work seamlessly together and make an organization more secure. The following graphic explains this point:
  •  60% of breaches can be linked to a vulnerability where a patch was available, but not applied. When there’s a compelling business case to keep all machines current, patches get distributed and installed. When there isn’t, operating system patches are, on average, 95 days late. Counting up the total number of vulnerabilities addressed on Patch Tuesday in February through May 2020 alone, it shows that the average Windows 10 enterprise device has hundreds of potential vulnerabilities without a fix applied – including four zero-day vulnerabilities. Absolute’s data shows that Post-Covid-19, the average patch age has gone down slightly, driven by the business case of supporting an entirely remote workforce.
  • Organizations that had defined business cases for their cybersecurity programs are able to adapt better and secure vulnerable endpoint devices, along with the sensitive data piling up on those devices, being used at home by employees. Absolute’s study showed that the amount of sensitive data – like Personal Identifiable Information (PII), Protected Health Information (PHI) and Personal Financial Information (PFI) data – identified on endpoints soared as the Covid-19 outbreak spread and devices went home to work remotely. Without autonomous endpoints that have an unbreakable digital tether to ensure the health and security of the device, the greater the chance of this kind of data being exposed, the greater the potential for damages, compliance violations and more.

Conclusion

Absolute’s latest study on the state of endpoints amplifies what many CISOs and their teams are doing today. They’re prioritizing cybersecurity endpoint projects on ROI, looking to quantify agent effectiveness and moving beyond the myth that greater compliance is going to get them better security. The bottom line is that increasing cybersecurity spending is not going to make any business more secure, knowing the effectiveness of cybersecurity spending will, however. Being able to capable of tracking how resilient and persistent every autonomous endpoint is in an organization makes defining the ROI of endpoint investments possible, which is what every CISO I’ve spoken with is focusing on this year.

Why Securing Endpoints Is The Future Of Cybersecurity

Why Securing Endpoints Is The Future Of Cybersecurity

  • 86% of all breaches are financially motivated, where threat actors are after company financial data, intellectual property, health records, and customer identities that can be sold fast on the Dark Web.
  • 70% of breaches are perpetrated by external actors, making endpoint security a high priority in any cybersecurity strategy.
  •  55% of breaches originate from organized crime groups.
  • Attacks on Web apps accessed from endpoints were part of 43% of breaches, more than double the results from last year.

These and many other insights are from Verizon’s 2020 Data Breach Investigations Report (DBIR), downloadable here (PDF, 119 pp. free, opt-in). One of the most-read and referenced data breach reports in cybersecurity, Verizon’s DBIR, is considered the definitive source of annual cybercrime statistics. Verizon expanded the scope of the report to include 16 industries this year, also providing break-outs for Asia-Pacific (APAC); Europe, Middle East and Africa (EMEA); Latin America and the Caribbean (LAC); and North America, Canada, and Bermuda, which Verizon says is experiencing more breaches (NA).

The study’s methodology is based on an analysis of a record total of 157,525 incidents. Of those, 32,002 met Verizon’s quality standards, and 3,950 were confirmed data breaches. The report is based on an analysis of those findings. Please see Appendix A for the methodology.

Key insights include the following:

  • Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today. After reading the 2020 Verizon DBIR, it’s clear that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. Autonomous endpoints that can enforce compliance, control, automatically regenerating, and patching cybersecurity software while providing control and visibility is the cornerstone of cybersecurity’s future. For endpoint security to scale across every threat surface, the new hybrid remote workplace is creating an undeletable tether to every device as a must-have for achieving enterprise scale.
  • The lack of diligence around Asset Management is creating new threat surfaces as organizations often don’t know the current health, configurations, or locations of their systems and devices. Asset Management is a black hole in many organizations leading to partial at best efforts to protect every threat surface they have. What’s needed is more insightful data on the health of every device. There are several dashboards available, and one of the most insightful is from Absolute, called the Remote Work and Distance Learning Insights Center. An example of the dashboard shown below:
  • 85% of victims and subjects were in the same country, 56% were in the same state, and 35% were even in the same city based on FBI Internet Crime Complaint Center (IC3) data. Cybercriminals are very opportunistic when it comes to attacking high-profile targets in their regions of the world. Concerted efforts of cybercriminals funded by organized crime look for the weakest threat surfaces to launch an attack on, and unprotected endpoints are their favorite target. What’s needed is more of a true endpoint resilience approach that is based on a real-time, unbreakable digital tether that ensures the security of every device and the apps and data it contains.
  • Cloud assets were involved in about 24% of breaches this year, while on-premises assets are still 70%. Ask any CISO what the most valuable lesson they learned from the pandemic has been so far, and chances are they’ll say they didn’t move to the cloud quickly enough. Cloud platforms enable CIOs and CISOs to provide a greater scale of applications for their workforces who are entirely remote and a higher security level. Digging deeper into this, cloud-based Security Information and Event Management (SIEM) provides invaluable real-time analysis, alerts, and deterrence of potential breaches. Today it’s the exceptional rather than the rule that CISOs prefer on-premise over cloud-based SIEM and endpoint security applications. Cloud-based endpoint platforms and the apps they support are the future of cybersecurity as all organizations now are either considering or adopting cloud-based cybersecurity strategies.
  • Over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. One of the most valuable insights from the Verizon DBIR is how high of a priority cybercriminals are placing on stealing personal and privileged access credentials. Shutting down potential breach attempts from stolen passwords involves keeping every endpoint completely up to date on software updates, monitoring aberrant activity, and knowing if anyone is attempting to change the configuration of a system as an administrator. By having an unbreakable digital tether to every device, greater control and real-time response to breach attempts are possible.

Conclusion

Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of cybersecurity, a point that can be inferred from Verizon’s DBIR this year. While CIOs are more budget-focused than ever, CISOs are focused on how to anticipate and protect their enterprises from new, emerging threats. Closing the asset management gaps while securing every endpoint is a must-have to secure any business today. There are several cybersecurity companies offering endpoint security today. Based on customer interviews I’ve done, one of the clear leaders in endpoint resilience is Absolute Software, whose persistent-firmware technology allows them to self-heal their own agent, as well as any endpoint security control and productivity tool on any protected device such as their Resilience suite of applications.

How To Build A Business Case For Endpoint Security

How To Build a Business Case for Endpoint Security

Bottom Line:  Endpoint security business cases do much more than just quantify costs and benefits; they uncover gaps in endpoint and cyber protection that need urgent attention to avert a breach.

Bad actors and hackers prefer to attack threat surfaces that are isolated, vulnerable with out-of-date security patches, yet integrated into a corporate network to provide access. For these reasons and more, endpoints are now the popular choice for hacking attempts. Ponemon Institute’s Third Annual Study on the State of Endpoint Security Risk published in January of this year found that 68% of organizations were victims of successful endpoint attacks in 2019 that compromised data assets and IT infrastructure. Since 2017, successful endpoint attacks have spiked by 26 percent. The Ponemon study also found that it takes the typical organization 97 days to test and deploy patches to each endpoint. When the average endpoint is three months behind on updates, it’s understandable why breaches are increasing. In 2019 the average endpoint breach inflicted $8.94M in losses. The following graphic compares the escalating number of breaches and economic losses for the last three years:

How To Build A Business Case For Endpoint Security

Exploring Endpoint Security’s Many Benefits

Think of building a business case for endpoint security as the checkup every company needs to examine and identify and every threat surface that can be improved. Just as all efforts to preserve every person’s health is priceless today, organizations can’t let their guard down when it comes to keeping endpoint security strong.

The economic fallout of COVID-19 is hitting IT budgets hard. That’s why now is the time to build a business case for endpoint security. CIOs and CISOs have to make budget cuts due to revenue shortfalls. One area no one wants to compromise on, however, is allowing endpoint agents to degrade over time. Absolute Software’s  Endpoint Security Trends Report found that the more complex and layered the endpoint protection, the greater the risk of a breach. Overloading every endpoint with multiple agents is counterproductive and leaves endpoints less secure than if fewer agents were installed.  Additionally, Absolute just launched a Remote Work and Distance Learning Insights Center, providing insights into the impact of COVID-19 on IT and security controls. An example of the dashboard shown below:

How To Build A Business Case For Endpoint Security

 

Business Case Benefits Need To Apply To  IT and Operations

Absolute and Ponemon’s studies suggest that autonomous endpoints are the future of endpoint security. Activating security at the endpoint and having an undeletable tether to every device solves many of the challenges every business’s IT and Operations teams face. And with the urgency to make IT and Operations as virtual as possible with budgets impacted by COVID-19’s economic fallout, team leaders in each area are focusing on the following shared challenges. COVID-19’s quarantine requirements make hybrid workforces instantly appear and make the budgets needed to support them vanish at the same time.  The following are the shared benefits for IT and Operations that need to anchor any endpoint security business case:

  • The most urgent need is for greater IT Help Desk efficiency. While this is primarily an IT metric, the lack of real-time availability of resources is slowing down remote Operations teams from getting their work done.
  • Both IT and Operations share asset utilization, loss reduction, and lifecycle optimization ownership in many organizations today. Having a persistent, undeletable tether to every device at the hardware level is proving to be an effective approach IT, and Operations teams are relying on to track and improve these metrics. The Absolute and Ponemon studies suggest that the more resilient the endpoint, the better the asset efficiency and lifecycle optimization. Autonomous endpoints can self-heal and regenerate themselves, further improving shared metric performance for IT and Operations.
  • The more autonomous endpoints an organization has, the quicker Operations and IT can work together to pivot into new business models that require virtual operations. Education, Healthcare, Financial Services, Government, and Professional Services are all moving to hybrid remote workplaces and virtual operations as fast as they can. Using the business case for endpoint security as a roadmap to see where threat surfaces need to be improved for new growth is key.

Endpoint Security Benefits 

The following are the benefits that need to be included in creating a business case for endpoint security:

  • Reduce and eventually eliminate IT Help Desk backlogs by keeping endpoints up-to-date. Reducing the call volume on IT Help Desks can potentially save over $45K a year, assuming a typical call takes 10 minutes and the cumulative time savings in 1,260 hours saved by the IT help desk annually.
  • Reduce Security Operations staff interruptions and emergency security projects that require IT’s time to run analytics reports and analyses. Solving complex endpoint security problems burns thousands of dollars and hours over a year between Security, IT, and Operations. Having a persistent, unbreakable connection to every endpoint provides the device visibility teams need to troubleshoot problems. Assuming the 2,520 hours IT Security teams alone spend on emergency endpoint security problems could be reduced, organizations could save approximately $130K a year. 
  • Autonomous endpoints with an undeletable tether improve compliance, control, and visibility and is a must-have in the new hybrid remote workplace. For endpoint security to scale across every threat surface, having an undeletable tether to every device is a must-have for scalable remote work and hybrid remote work programs in the enterprise. They also contribute to lowering compliance costs and improve every aspect of asset management from keeping applications current to ensuring autonomous endpoints can continue to self-heal.
  • Reducing IT asset loss, knowing asset utilization, and system-level software installed by every device can save a typical organization over $300K a year. Autonomous endpoints that can heal themselves and provide a constant hardware connection deliver the data in real-time to have accurate IT asset management and security data teams need to keep software configurations up to date. It’s invaluable for IT teams to have this level of data, as it averts having endpoint patches conflict with one another and leave an endpoint vulnerable to breach.
  • Accurate asset lifecycle planning based on solid data from every device becomes possible. Having autonomous endpoints based on a hardware connection delivers the data needed to increase the accuracy of asset life cycle planning and resource allocation, giving IT and Operations the visibility they need to the device level. IT and Operations teams look to see how they can extend the lifecycle of every device in the field. Cost savings vary by the number of devices in the field and their specific software configurations. The time savings alone is approximately $140K per year in a mid-size financial services firm.
  • The more autonomous and connected an endpoint is, the more automated audit and compliance reporting can become. A key part of staying in compliance is automating the audit process to save valuable time. The Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) all require ongoing audits. The time and cost savings of automating audits by organizations vary significantly. It’s a reasonable assumption to budget at least a $67K savings per year in audit preparation costs alone.

Evaluating Endpoint Security Costs

The following are the endpoint security costs that need to be included in the business case:

  • Annual, often multi-year endpoint security licensing costs. Endpoint security providers vary significantly in their pricing models, costs, and fees. Autonomous endpoint security platforms can range in licensing costs from $750K to over $1,2M, depending on the size of the organization and the number of devices.
  • Change management, implementation, and integration costs increase with the complexity of IT security, Operations, and IT Service Management (ITSM) integration. Expect to see an average price of between $40K to over $100K to integrate endpoint security platforms with existing ITSM and security information and event management (SIEM) systems.

Creating A Compelling Business Case For Endpoint Security

The best endpoint security business cases provide a 360-degree view of costs, benefits, and why taking action now is needed.

Knowing the initial software and services costs to acquire and integrate endpoint security across your organization, training and change management costs, and ongoing support costs are essential. Many include the following equation in their business cases to provide an ROI estimate. The Return on Investment (ROI) for endpoint security initiative is calculated as follows:

ROI on Endpoint Security (ES) = (ES Initiative Benefits – ES Initiative Costs)/ES Initiative Costs x 100.

A financial services company recently calculated their annual benefits of ES initiative will be $475,000, and the costs, $65,000, will yield a net return of $6.30 for every $1 invested.

Additional factors to keep in mind when building a business case for endpoint security:

  • The penalties for non-compliance to industry-specific laws can be quite steep, with repeated offenses leading to $1M or more in fines and long-term loss of customer trust and revenue. Building a business case for endpoint security needs to factor in the potential non-compliance fees, and penalties companies face for not having autonomous endpoint security. The Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), California Consumer Privacy Act (CCPA), and other laws require audit reporting based on accurate endpoint security data.
  • Endpoint Security ROI estimates fluctuate, and it’s best to get started with a pilot to capture live data with budgets available at the end of a quarter. Typically organizations will allocate the remaining amounts of IT security budgets at the end of a quarter to endpoint security initiatives.
  • Succinctly define the benefits and costs and gain C-level support to streamline the funding process. It’s often the CISOs who are the most driven to achieve greater endpoint security the quickest they can. Today with every business having their entire workforces virtual, there’s added urgency to get endpoint security accomplished.
  • Define and measure endpoint security initiatives’ progress using a digitally-enabled dashboard that can be shared across any device, anytime. Enabling everyone supporting and involved in endpoint security initiatives needs to know what success looks like. Having a digitally-enabled dashboard that clearly shows each goal or objective and the company’s progress toward them is critical to success.

Conclusion

The hard economic reset COVID-19 created has put many IT budgets into freefall at a time when CIOs and CISOs need more funding to protect proliferating hybrid remote workforces. Endpoint security business cases need to factor in how they can create an undeletable resilient defense for every device across their global fleets. And just as every nation on the planet isn’t letting its guard down against the COVID-19 virus, every IT and cybersecurity team can’t let theirs down either when it comes to protecting every endpoint.

Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of endpoint security management. The race to be an entirely virtual enterprise is on, and the most autonomous endpoints can be, the more cost-effective and valuable they are. The best business cases bridge the gap between IT and Operations needs. CIOs need endpoint security solutions to be low-cost, low maintenance, reliable yet agile. Operations want an endpoint solution that has a low cost of support, minimal if any impact of IT Service Help Desks, and always-on monitoring. Building a business case for endpoint security gives IT and Operations the insights they need to protect the constantly changing parameters of their businesses.

 

How Absolute Protects Patient Data At Apria Healthcare

How Absolute Protects Patient Data At Apria Healthcare

Bottom Line: Healthcare providers need to adopt more persistent, resilient endpoint cybersecurity to thwart cybercriminals who are escalating their efforts to steal healthcare records. Motivated by up to $1,000 being offered on the Dark Web for healthcare records, cybercriminals are prioritizing healthcare breaches for financial gain.

Endpoint Resilience Is the Cornerstone of Apria Healthcare’s Cybersecurity Strategy

Healthcare providers are a favorite target for cybercriminals, and their popularity is growing. In the first eight weeks of 2020, the U.S. Department of Health and Human Services received 66 reports of breaches affecting 500 patient records or more at healthcare providers and health plans. The Health & Human Services Breach Portal, which contains a list of all cases under investigation today, reflects the severity of healthcare providers’ cybersecurity crisis and the urgent need for a strong, resilient system to protect patient information. Apria Healthcare is well aware of these threats and has taken an innovative, insightful approach to thwart them.

Apria Healthcare’s cybersecurity strategy focuses heavily on deterrence at the endpoint and device level, an approach that has proven effective in mitigating breaches globally. The company is a recognized leader in healthcare, serving nearly 2M patients annually across 300 locations in 49 states. They have more than 8,000 laptops, desktops and tablets, many of which regularly leave the organization. Apria needed a way to deliver zero-touch IT asset management, provide self-healing endpoint security, and employ always-on data visibility and protection whether an asset was on or off their corporate network. They turned to Absolute and the company’s patented Persistence technology.

“Persistence [located] in the BIOS is the number one item that I think really sets Absolute apart from other companies touting that they can do asset tracking better,” said Janet Hunt, Senior Director, IT User Support at Apria Healthcare. “The other vendors really can’t, they don’t have that piece – that persistent piece is so important to me. I always am looking for opportunities to use different technologies as they come up, and I haven’t found anything that’s as good as Absolute. Nothing can compare.”

Absolute’s Persistence technology, the foundation of the company’s Resilience solution, enables a self-healing, unbreakable two-way connection to endpoints, applications, and data. It provides an adaptive layer of defense by notifying IT of where devices are and when security applications are removed or corrupt, and triggering automatic reinstallation. Because Absolute is already embedded in the BIOS of Dell, HP, Lenovo, and 22 other leading manufacturers’ devices, it provides Apria with the single source of truth needed to protect personal data and help achieve HIPAA compliance.

Turning HIPAA Compliance into A Competitive Advantage  

Apria quickly established a leadership position in the healthcare industry by setting and maintaining stringent requirements needed to achieve HIPAA compliance across its patient data platform. Leveraging Absolute’s Resilience solution and Persistence technology, Apria differentiated itself from its competitors and reduced the risk they would ever see fines for HIPAA non-compliance. And with HIPAA fines ranging from $25,000 to $15.M per year, Apria’s prescient decision to turn compliance into a competitive advantage was an excellent one because it put patients’ welfare and data security first, above all other IT priorities.

Achieving Greater Device Control & Visibility Is Key 

Absolute’s dashboard provides Apria with both a snapshot of the status of all devices, updated every 15 minutes, as well as a complete device history that enables security managers to see and report on encryption, geolocation, and usage.

“Our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one, or actually two, PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be, and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device, and see what happens. It’s one of the best things we’ve done for ourselves,” Janet Hunt recently said during a recent during a recent panel discussion. Geofencing is a must-have in any persistent endpoint security strategy.

“[With Absolute] I have a complete history of each device, which makes it really easy for me to say not only whether it is encrypted now, but also what its status was a week ago, or two weeks ago, or two months ago,” said Dave Ochoa, Manager, Information Security Operations at Apria Healthcare. “So, you get this lovely little package that you can hand off to your auditor and say, ‘Not an issue.’ You know that this is not an incident, this is not a breach.”

Endpoint Security’s Network Effect Is Accelerating

Apria Healthcare’s decision to protect its 8,000 laptops, desktops, and tablets using Absolute’s Resilience endpoint solution is a leading indicator of the Network Effect happening with endpoint security today. A sure sign the Network Effect is taking place is how demand is growing for more endpoint security agents and applications. Absolute is seeing this Network Effect globally and has been steadily adding integrations with more than 30 endpoint security agents and applications – most recently adding support for the market-leading security solution VMware® Carbon Black.

“The average enterprise today has already spent thousands, if not millions, of dollars on security controls and applications, and that total security investment only continues to rise in the face of escalating risk,” said Christy Wyatt, CEO of Absolute. “However, the vast number of controls and agents being invested in and subsequently piled onto the endpoint can introduce a false sense of security; those controls are only effective if they are present and actually running. A foundation of Resilience enables IT and security teams to understand the current state of their assets, understand if the security controls have been compromised, and heal those that have been taken offline.”

Conclusion

In the face of increasingly sophisticated attackers and vectors, organizations continue to layer on security controls. Gartner estimates that more than $174B will be spent on security by 2022, and of that, approximately $50B will be dedicated to protecting the endpoint. Absolute’s 2019 Endpoint Security Trends Report revealed that organizations have an average of 10 distinct agents layered onto endpoint devices, all competing with one another for device services and resources. The resulting complexity not only negatively impacts endpoint performance but creates an environment ripe for collision and decay. This, along with humans tampering with or removing security controls, means that even the most well-functioning endpoint agents have a high probability of failure.

All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability, and functionality at all times, and deliver their intended value. And so, organizations need complete visibility and real-time insights to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly.

Absolute’s Resilience offering empowers organizations to build an enterprise security approach that is intelligent, adaptive, and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints as Apria Healthcare’s cybersecurity strategy and results indicate.

 

 

 

 

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

Bottom Line: By securing every endpoint with a persistent connection and the resiliency to autonomously self-heal, CIOs are finding new ways to further improve network security by capitalizing on each IT assets’ intelligence.

Capturing real-time data from IT assets is how every organization can grow beyond its existing boundaries with greater security, speed, and trust. Many IT and cybersecurity teams and the CIOs that lead them, and with whom I’ve spoken with, are energized by the opportunity to create secured perimeterless networks that can flex in real-time as their businesses grow. Having a persistent connection to every device across an organizations’ constantly changing perimeter provides invaluable data for achieving this goal. The real-time data provided by persistent device connections give IT and cybersecurity teams the Asset Intelligence they need for creating more resilient, self-healing endpoints as well.

How Asset Intelligence Drives Stronger Endpoint Security 

Real-time, persistent connections to every device in a network is the foundation of a strong endpoint security strategy. It’s also essential for controlling device operating expenses (OPEX) across the broad base of device use cases every organization relies on to succeed. Long-term persistent connections drive down capital expenses (CAPEX) too, by extending the life of every device while providing perimeterless growth of the network. By combining device inventory and analysis, endpoint data compliance with the ability to manage a device fleet using universal asset management techniques, IT and cybersecurity teams are moving beyond Asset Management to Asset Intelligence. Advanced analytics, benchmarks, and audits are all possible across every endpoint today. The following are the 10 ways Asset Intelligence improves cybersecurity resiliency and persistence:

  • Track, trace and find lost or stolen devices on or off an organizations’ network in real-time, disabling the device if necessary. Every device, from laptops, tablets, and smartphones to desktops and specialized use devices are another threat surface that needs to be protected. Real-time persistent connections to each of these devices make track-and-trace possible, giving CIOs and their teams more control than had been possible before. Real-time track-and-trace data combined with device condition feedback closes security blind spots too. IT and cybersecurity teams can monitor every device and know the state of hardware, software, network and use patterns from dashboards. Of the endpoint providers in this market, Absolute’s approach to providing dashboards that provide real-time visibility and control of every device on a network is considered state-of-the-art. An example of Absolute’s dashboard is shown below:

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

  • Asset Intelligence enables every endpoint to autonomously self-heal themselves and deliver constant persistence across an organization’s entire network. By capitalizing on the device, network, threat, and use data that defines Asset Intelligence, endpoint agents learn over time how to withstand breach attempts, user errors, and malicious attacks, and most importantly, how to return an endpoint device to its original safe state. Asset Intelligence is the future of endpoint security as it’s proving to be very effective at enabling self-healing persistence across enterprise networks.
  • Asset Intelligence solves the urgent problem created from having 10 or more agents installed on a single endpoint that collide, conflict and decay how secure the endpoint is. Absolute Software’s 2019 Endpoint Security Trends Report found that the more agents that are added to an endpoint, the greater the risk of a breach. Absolute also found that a typical device has ten or more endpoint security agents installed, often colliding and conflicting with the other. MITRE’s Cybersecurity research practice found there are on average, ten security agents on each device, and over 5,000 common vulnerabilities and exposures (CVEs) found on the top 20 client applications in 2018 alone.
  • Asset Intelligence sets the data foundation for achieving always-on persistence by tracking every devices’ unique attributes, identifiers, communication log history and more. Endpoint security platforms need a contextually-rich, real-time stream of data to know how and when to initialize the process of autonomously healing a given endpoint device. Asset Intelligence provides the centralized base of IT security controls needed for making endpoint persistence possible.
  • Having a real-time connection to every device on a perimeterless network contributes to creating a security cloud stack from the BIOS level that delivers persistence for every device. CIOs and CISOs interested in building secured perimeterless networks are focused on creating persistent, real-time connections to every device as a first step to creating a security cloud stack from each devices’ BIOS level. They’re saying that the greater the level of Asset Intelligence they can achieve, the broader they can roll out persistence-based endpoints across their networks that have the capacity to self-diagnose and self-heal.
  • Device fleets are churning 20% a year or more, increasing the urgency CIOs have for knowing where each device is and its current state, further underscoring Asset Intelligence’s value. Gavin Cockburn of ARUP is the global service lead for workplace automation and endpoint management, including how the firm acquires devices, manages and reclaims them. ARUP is using the Absolute Persistence platform for managing the many high-value laptops and remote devices their associates use on global projects. During a recent panel discussion he says that device replacements “becomes part of our budgeting process in that 33% of devices that we do replace every year, we know where they are.” Gavin is also using API calls to gain analytical data to measure how devices are being used, if the hard drive is encrypted or not and run Reach scripts to better encrypt a device if there is not enough security on them.
  • The more Asset Intelligence an organization has, the more they can predict and detect malware intrusion attempts, block them and restore any damage to any device on their perimeter. When there’s persistent endpoint protection across a perimeterless network, real-time data is enabling greater levels of Asset Intelligence which is invaluable in identifying, blocking and learning from malware attempts on any device on the network. Endpoint protection platforms that have persistence designed in are able to autonomously self-heal back to their original state after an attack, all without manual intervention.
  • Persistent endpoints open up the opportunity of defining geofencing for every device on a perimeterless network, further providing valuable data Asset Intelligence platforms capitalize on. Geofencing is proving to be a must-have for many organizations that have globally-based operations, as their IT and cybersecurity teams need to track the device location, usage, and compliance in real-time. Healthcare companies are especially focused on how Asset Intelligence can deliver geofencing at scale. Janet Hunt, Senior Director, IT User Support at Apria Healthcare recently commented during a recent panel discussion that “our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one PC or actually two PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device and see what happens. It’s one of the best things we’ve done for ourselves.”  Gavin Cockburn says, “We actually do some kind of secretive work, government work and we have these secure rooms, dotted around the organization. So we know if we put a device in that room, what we do is, what we say is this device only works in this area and we can pinpoint that to a pretty decent accuracy.”  From healthcare to secured government contracting, geofencing is a must-have in any persistent endpoint security strategy.
  • Automating customer and regulatory audits and improving compliance reporting by relying on Asset Intelligence alleviates time-consuming tasks for IT and cybersecurity teams. When persistent endpoint protection is operating across an organization’s network, audit and compliance data is captured in real-time and automatically fed into reporting systems and dashboards. CIOs and their cybersecurity teams are using dashboards to monitor every device’s usage patterns, audit access, and application activity, and check for compliance to security and reporting standards. Audits and compliance reporting are being automated today using PowerShell, BASH scripts and API-based universal asset commands. Gavin Cockburn of ARUP mentioned how his firm gives customers the assurance their data is safe by providing them ongoing audits while project engagements are ongoing. “We need to show for our clients that we look after their data and we can prove that. And we show that again and again. I mean similar story, we’ve seen machines go missing, either breaking into cars, re-image three times. We wipe it every time. Put the new hard drive in, think it might be a hard drive issue, it wipes again. We never see it come online again, “ he said.
  • Asset Intelligence improves data hygiene, which has a direct effect on how effective all IT systems are and the customer experiences they deliver. CIOs and their teams’ incentives center on how effective IT is at meeting internal information needs that impact customer experiences and outcomes. Improving data hygiene is essential for IT to keep achieving their incentive plans and earning bonuses. As Janet Hunt, Senior Director, IT User Support at Apria Healthcare said, “right now we are all about hygiene and what I mean by that is we want our data to be good. We want all the things that make IT a valued partner with the business operation to be able to be reliable.” The more effective any organization is at achieving and sustaining a high level of data hygiene, the more secure their perimeterless network strategies become.

 

5 Strategies Healthcare Providers Are Using To Secure Networks

5 Strategies Healthcare Providers Are Using To Secure Networks

  • Healthcare records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record.
  • The growing, profitable market for Protected Health Information (PHI) is attracting sophisticated cybercriminal syndicates, several of which are state-sponsored.
  •  Medical fraud is slower to detect and notify, unlike financial fraud (ex. stolen credit cards), contributing to its popularity with cybercriminals globally.
  • Cybercriminals prefer PHI data because it’s easy to sell and contains information that is harder to cancel or secure once stolen. Examples include insurance policy numbers, medical diagnoses, Social Security Numbers (SSNs), credit card, checking and savings account numbers.

These and many other insights into why healthcare provider networks are facing a cybersecurity crisis are from the recently declassified U.S. Department of Health & Human Services HC3 Intelligence Briefing Update Dark Web PHI (Protected Health Information) Marketplace presented April 11th of this year. You can download a copy of the slides here (PDF, 13 pp, no opt-in). The briefing provides a glimpse into how the dark web values the “freshness’ of healthcare data and the ease of obtaining elderly patient records, skewing stolen identities to children, and elderly patients. Protenus found that the single largest healthcare breach this year involves 20 million patent records stolen from a medical collections agency. The breach was discovered after the records were found for sale on the dark web. Please see their 2019 Mid-Year Breach Barometer Report (opt-in required) for an analysis of 240 of the reported 285 breach incidents affecting 31,611,235 patient records in the first six months of this year. Cybercriminals capitalize on medical records to drive one or more of the following strategies as defined by the HC3 Intelligence Briefing:

Stopping A Breach Can Avert A HIPAA Meltdown

To stay in business, healthcare providers need to stay in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA provides data privacy and security provisions for safeguarding medical information. Staying in compliance with HIPAA can be a challenge given how mobile healthcare provider workforces are, and the variety of mobile devices they use to complete tasks today. 33% of healthcare employees are working outside of the office at least once a week. And with government incentives for decentralized care expected to expand mobile workforces industry-wide, this figure is expected to increase significantly. Health & Human Services provides a Breach Portal that lists all cases under investigation today. The Portal reflects the severity of healthcare providers’ cybersecurity crisis. Over 39 million medical records have been compromised this year alone, according to HHS’ records from over 340 different healthcare providers. Factoring in the costs of HIPAA fines that can range from $25,000 to $15.M per year, it’s clear that healthcare providers need to have endpoint security on their roadmaps now to avert the high costs of HIPAA non-compliance fines.

Securing endpoints across their healthcare provider networks is one of the most challenging ongoing initiatives any Chief Information Security Officer (CISO) for a healthcare provider has today. 39% of healthcare security incidents are caused by stolen or misplaced endpoints. CISOs are balancing the need their workforces have for greater device agility with the need for stronger endpoint security. CISOs are solving this paradox by taking an adaptive approach to endpoint security that capitalizes on strong asset management. “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what are consuming network bandwidth is an IT management problem, but it’s a security outcome “, said Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software.

5 Strategies for Healthcare Providers Are Using To Secure Networks

Thwarting breaches to protect patients’ valuable personal health information starts with an adaptive, strong endpoint strategy. The following are five proven strategies for protecting endpoints, assuring HIPAA compliance in the process:

  1. Implementing an adaptive IT asset management program delivers endpoint security at scale. Healthcare providers prioritizing IT asset management control and visibility can better protect every endpoint on their network. Advanced features including real-time asset management to locate and secure devices, geolocation fencing so devices can only be used in a specific area and device freeze options are very effective for securing endpoints. Healthcare providers are relying more and more on remote data delete as well. The purpose of this feature is to wipe lost or stolen devices within seconds.
  2.  Improve security and IT operations with faster discovery and remediation across all endpoints. Implement strategies that enable greater remediation and resilience of every endpoint. Healthcare providers are having success with this strategy, relying on IT asset management to scale remediation and resilience to every endpoint device. Absolute’s Persistence technology is a leader in this area by providing scalable, secure endpoint resiliency. Absolute also has a proven track record of providing self-healing endpoints extending their patented firmware-embedded Persistence technology that can self-heal applications on compatible endpoint devices.
  3. Design in HIPAA & HITECH compliance and reporting to each endpoint from the first pilot. Any endpoint security strategy needs to build in ongoing compliance checks and automated reports that are audit-ready. It also needs to be able to probe for violations across all endpoints. Advanced endpoint security platforms are capable of validating patient data integrity with self-healing endpoint security. All of these factors add up to reduce time to prepare audits with ongoing compliance checks across your endpoint population.
  4. A layered security strategy that includes real-time endpoint orchestration needs to anchor any healthcare network merger or acquisition, ensuring patient data continues to be protected. Private Equity (PE) firms continue acquiring providers to create healthcare networks that open up new markets. The best breach prevention, especially in merged or acquired healthcare networks, is a comprehensive layered defense strategy that spans endpoints and networks. If one of the layers fails, there are other layers in place to ensure your organization remains protected. Healthcare providers’ success with layered security models is predicated on how successful they are achieving endpoint resiliency. Absolute’s technology is embedded in the core of laptops and other devices at the factory. Once activated, it provides healthcare providers with a reliable two-way connection so they can manage mobility, investigate potential threats, and take action if a security incident occurs.
  5. Endpoint security needs to be tamper-proof at the operating system level on the device yet still provides IT and cybersecurity teams with device visibility and access to modify protections. Healthcare providers need an endpoint visibility and control platform that provides a persistent, self-healing connection between IT, security teams, and every device, whether it is active on the network or not. Every identity is a new security perimeter. Healthcare providers’ endpoint platforms need to be able to secure all devices across different platforms, automate endpoint hygiene, speed incident detection, remediation, and reduce IT asset loss by being able to self-diagnose and repair endpoint devices on real-time.

It’s Time To Solve K-12’s Cybersecurity Crisis

It's Time To Solve K-12's Cybersecurity Crisis

  • There were a record 160 publicly-disclosed security incidents in K-12 during the summer months of 2019, exceeding the total number of incidents reported in all of 2018 by 30%.
  • 47% of K-12 organizations are making cybersecurity their primary investment, yet 74% do not use encryption.
  • 93% of K-12 organizations rely on native client/patch management tools that have a 56% failure rate, with 9% of client/patch management failures never recovered.

These and many other fascinating insights are from Absolute’s new research report, Cybersecurity and Education: The State of the Digital District in 2020​, focused on the state of security, staff and student safety, and endpoint device health in K-12 organizations. The study’s findings reflect the crisis the education sector is facing as they grapple with high levels of risk exposure – driven in large part by complex IT environments and a digitally savvy student population – that have made them a prime target for cybercriminals and ransomware attackers. The methodology is based on data from 3.2M devices containing Absolute’s endpoint visibility and control platform, active in 1,200 K-12 organizations in North America (U.S. and Canada). Please see the full report for complete details on the methodology.

Here’ the backdrop:

  • K-12 cybersecurity incidents are skyrocketing, with over 700 reported since 2016 with 160 occurring during the summer of 2019 alone. Educational IT leaders face the challenge of securing increasingly complex IT environments while providing access to a digitally savvy student population capable of bypassing security controls. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations. As of today, 49 school districts have been hit by ransomware attacks so far this year.

“Today’s educational IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy, and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute.

Research from Absolute found:

K-12 IT leaders are now responsible for collectively managing more than 250 unique OS versions, and 93% are managing up to five versions of common applications. The following key insights from the study reflect how severe K-12’s cybersecurity crisis is today:

  • Digital technologies’ rapid proliferation across school districts has turned into a growth catalyst for K-12’s cybersecurity crisis. 94% of school districts have high-speed internet, and 82% provide students with school-funded devices through one-to-one and similar initiatives. Absolute found that funding for educational technology has increased by 62% in the last three years. The Digital Equity Act goes into effect this year, committing additional federal dollars to bring even more technology to the classroom. K-12 IT leaders face the daunting challenge of having to secure on average 11 device types, 258 unique operating systems versions and over 6,400 unique Chrome OS extensions and more, reflecting the broad scale of today’s K-12 cybersecurity crisis. Google Chromebooks dominate the K-12 device landscape. The following graphic illustrates how rapidly digital technologies are proliferating in K-12 organizations:

  • 42% of K-12 organizations have staff and students regularly bypass security endpoint controls using web proxies and rogue VPN apps, inadvertently creating gateways for malicious outsiders to breach their schools’ networks. Absolute found that there are on average 10.6 devices with web proxy/rogue VPN apps per school and 319 unique web proxy/rogue VPN apps in use today, including “Hide My Ass” and “IP Vanish.”  Many of the rogue VPN apps originate in China, and all of them are designed to evade web filtering and other content controls. With an average of 10.6 devices per school harboring web proxies and rogue VPN apps, schools are also at risk of non-compliance with the Children’s Internet Protection Act (CIPA).

  • While 68% of education IT leaders say that cybersecurity is their top priority, 53% rely on client/patch management tools that are proving ineffective in securing their proliferating IT infrastructures. K-12 IT leaders are relying on client/patch management tools to secure the rapidly proliferating number of devices, operating systems, Chrome extensions, educational apps, and unique application versions. Client/patch management agents fail 56% of the time, however, and 9% never recover. There are on average, nine daily encryption agents’ failures, 44% of which never recover. The cybersecurity strategy of relying on native client/patch management isn’t working, leading to funds being wasted on K-12 security controls that don’t scale:

“Wyatt continued, this is not something that can be achieved by simply spending more money… especially when that money comes from public funds. The questions they each need to be asking are if they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without key foundational elements of a strong and resilient security approach in place – things like visibility and control, it becomes nearly impossible to protect your students, your data, and your investments.”

  • Providing greater device visibility and endpoint security controls while enabling applications and devices to be more resilient is a solid first step to solving the K-12 cybersecurity crisis. Thwarting the many breach and ransomware attacks K-12 organizations receive every day needs to start by considering every device as part of the network perimeter. Securing K-12 IT networks to the device level delivers asset management and security visibility that native client/patch management tools lack. Having visibility to the device level also gives K-12 IT administrators and educators insights into how they can tailor learning programs for broader adoption. The greater the visibility, the greater the control. K-12 IT administrators can ensure internet safety policies are being adhered to while setting controls to be alerted of suspicious activity or non-compliant devices, including rogue VPNs or stolen devices. Absolute’s Persistence platform provides a persistent connection to each endpoint in a K-12’s one-to-one program, repairing or replacing critical apps that have been disabled or removed.

You can download the full Absolute report here.

%d bloggers like this: