Skip to content

Posts tagged ‘Chief Information Officer’

What Enterprises Need To Plan For In 2021 When It Comes To Endpoint Security

What Enterprises Need to Plan for In 2021 When It Comes to Endpoint Security

Bottom Line: Today’s largely-distributed enterprises need to make sure they are putting endpoint security first in 2021– which includes closely managing every stage of the device lifecycle, from deployment to decommission, and ensuring all sensitive data remains protected.

There’s a looming paradox facing nearly every organization today of how they’ll secure thousands of remote endpoints without having physical access to devices, and without disrupting worker productivity. Whether there’s the need to retire hardware as part of down-sizing or cost-cutting measures, or the need to equip virtual teams with newer equipment more suitable for long term work-from-home scenarios, this is one of the most pressing issues facing CISOs and CIOs today.

Wanting to learn more about how their customers are tackling their endpoint security challenges and how their companies are helping to solve it, I sat down (virtually) with Absolute Software’s President and CEO Christy Wyatt and Matthew Zielinski, President of North America Intelligent Devices Group at Lenovo. The following is my interview with both of them:

Louis Columbus: Christy and Matt, thanks so much for your time today. To get started, I would like each of you to share what you’re hearing from your customers regarding their plans to refresh laptops and other endpoint devices in 2021.

Christy Wyatt: We’re seeing a strong desire from organizations to ensure that every individual is digitally enabled, and has access to a screen. In some cases, that means refreshing the hardware they already have in the field, and in other cases, that means buying or adding devices. From the endpoint security standpoint, there’s been a shift in focus around which tools matter the most. When laptops were primarily being used on campus, there was a certain set of solutions to monitor those devices and ensure they remained secure. Now that 90% of devices are out of the building, an entirely different set of capabilities is required – and delivering those has been our focus.

Matt Zielinski: We are seeing historic levels of demand from consumers, as many are transitioning from having maybe one or two devices per household to at least one device per person. We’re also seeing the same levels of demand on both the education and enterprise side. The new dynamic of work-from-anywhere, learn-from-anywhere, collaborate-from-anywhere underscores that the device hardware and software need to be current in order to support both the productivity and security needs of hugely distributed workforces. That’s our highest priority.

Louis:  Where are CISOs in their understanding, evaluation, and adoption of endpoint security technologies?

Christy: The journey has been different for the education market than for the enterprise market. Most enterprise organizations were already on the digital path, with some percentage of their population already working remotely. And because of this, they typically have a more complex security stack to manage; our data shows that the total number of unique applications and versions installed on enterprise devices is nearly 1.5 million. What they’ve seen is a trifecta of vulnerabilities: employees taking data home with them, accessing it on unsecured connections, and not being aware of how their devices are protected beyond the WiFi connection and the network traffic.

In the education space, the challenges – and the amount of complexity – are completely different; they’re managing just a small fraction of that total number of apps and versions. That said, as the pandemic unfolded, education was hit harder because they were not yet at a point where every individual was digitally connected. There was a lot of reliance on being on campus, or being in a classroom. So, schools had to tackle digital and mobile transformation at the same time – and to their credit, they made multiple years of progress in a matter of weeks or months. This rapid rate of change will have a profound effect on how schools approach technology deployments going forward.

Matt: Whether in enterprise or education, our customers are looking to protect three things: their assets, their data, and their users’ productivity. It’s a daunting mission. But, the simplest way to accomplish it is to recognize the main control point has changed. It’s no longer the server sitting behind the firewall of your company’s or school’s IT environment. The vulnerability of the endpoint is that the network is now in the user’s hands; the edge is now the primary attack surface. I think CISOs realize this, and they are asking the right questions… I just don’t know if everyone understands the magnitude or the scale of the challenge. Because the problem is so critical, though, people are taking the time to make the right decisions and identify all the various components needed to be successful.

Louis:   It seems like completing a laptop refresh during the conditions of a pandemic could be especially challenging, given how entire IT teams are remote. What do you anticipate will be the most challenging aspects of completing a hardware refresh this year (2021)?

Matt:  The PC has always been a critical device for productivity. But now, without access to that technology, you are completely paralyzed; you can’t collaborate, you can’t engage, you can’t connect. Lenovo has always been focused on pushing intelligent transformation as far as possible to get the best devices into the hands of our customers. Beyond designing and building the device, we have the ability to distribute asset tags and to provide a 24/7 help desk for our customers whether you’re a consumer, a school, or a large institution. We can also decommission those devices at the end, so we’re able to support the entire journey or lifecycle.

The question has really become, how do you deliver secure devices to the masses? And, we’re fully equipped to do that. For example, every Lenovo X1 Carbon laptop comes out of the box with Lenovo Security Assurance, which is actually powered by Absolute; it is in our hardware. Our customers can open a Lenovo PC, and know that it is completely secure, right out of the box. Every one of our laptops is fortified with Absolute’s Persistence technology and self-healing capabilities that live in the BIOS. It’s that unbreakable, secure connection that makes it possible for us to serve our customers throughout the entire lifecycle of device ownership.

Louis: Why are the legacy approaches to decommissioning assets falling short / failing today? How would you redesign IT asset-decommissioning approaches to make them more automated, less dependent on centralized IT teams?

Christy: There have been a few very visible cases over the past year of highly regulated organizations, experiencing vulnerabilities because of how they decommissioned – or did not properly decommission – their assets. But, I don’t want anyone to believe that that this is a problem that is unique to regulated industries, like financial services. The move to the cloud has given many organizations a false sense of security, and it seems that the more data running in the cloud, the more pronounced this false sense of security becomes. It’s a mistaken assumption to think that when hardware goes missing, the security problem is solved by shutting down password access and that all the data is protected because it is stored in the cloud. That’s just not true. When devices aren’t calling in anymore, it’s a major vulnerability – and the longer the device sits without being properly wiped or decommissioned, the greater the opportunity for bad actors to take advantage of those assets.

The other piece that should be top of mind is that once a device is decommissioned, it’s often sold. We want to ensure that nothing on that device gets passed on to the next owner, especially if it’s going to a service or leasing program. So, we’ve concentrated on making asset decommissioning as precise as possible and something that can be done at scale, anytime and anywhere.

Matt:  Historically, reclaiming and decommissioning devices has required physical interaction. The pandemic has limited face-to-face encounters, so , we’re leveraging many different software solutions to give our customers the ability to wipe the device clean if they aren’t able to get the asset back in their possession, so that at least they know it is secure. Since we’re all now distributed, we’re looking at several different solutions that will help with decommissioning, several of which are promising and scale well given today’s constraints. Our goal is to provide our enterprise customers with decommissioning flexibility, from ten units to several thousand.

Louis:  Paradoxically, having everyone remote has made the business case for improving endpoint security more compelling too. What do you hear from enterprises about accelerating digital transformation initiatives that include the latest-generation endpoint devices?

Christy:  The same acceleration that I spoke about on the education side, we absolutely see on the enterprise side as well, and with rapid transformation comes increased complexity. There has been a lot of conversation about moving to Zero Trust, moving more services to the cloud and putting more controls on the endpoint – and not having these sort of layers in between. Our data tells us that the average enterprise device today has 96 unique applications, and at least 10 of them are security applications. That is a massive amount of complexity to manage. So, we don’t believe that adding more controls to the endpoint is the answer; we believe that what’s most important is knowing the security controls you have are actually working. And we need to help devices and applications become more intelligent, self-aware, and capable of fixing themselves. This concept of resiliency is the cornerstone of effective endpoint security, and a critical part of the shift to a more modern security architecture.

Matt: I think there are two major forcing functions: connection and security. Because we are all now remote, there’s a huge desire to feel connected to one another even though we aren’t sitting in the same room together. We’re modifying our products in real-time with the goal of removing shared pain points and optimizing for the new reality in which we’re all living and working. Things like microphone noise suppression and multiple far field microphones, so that if the dog barks or kids run into a room, the system will mute before you’ve even pressed the mute button. We’re improving camera technology from a processing standpoint to make things look better. Ultimately, our goal is to provide an immersive and connected experience.

Security, however, transcends specific features that deliver customer experiences – security is the experience. The features that make hardware more secure are those that lie beneath the operating system, in the firmware. That is why we have such a deep network of partners, including Absolute. Because you need to have a full ecosystem, and a program that takes advantage of all the best capabilities, in order to deliver the best security solution possible.

Louis: How is Absolute helping enterprise customers ensure greater endpoint security and resiliency in 2021 and beyond?

Christy: We spend a lot of time sitting with customers to understand their needs and how and where we can extend our endpoint security solutions to fit. We believe in taking a layered approach – which is the framework for defense in-depth, and an effective endpoint security strategy. The foundational piece, which we are able to deliver, is a permanent digital tether to every device; this is the lifeline. Not having an undeletable connection to every endpoint means you have a very large security gap, which must be closed fast. A layered, persistence-driven approach ensures our customers know their security controls are actually working and delivering business value. It enables our customers to pinpoint where a vulnerability is and take quick action to mitigate it.

Lenovo’s unique, high value-add approach to integrated security has both helped drive innovation at Absolute, while also providing Lenovo customers the strongest endpoint security possible. Their multilayer approach to their endpoint strategy capitalizes on Absolute’s many BIOS-level strengths to help their customers secure every endpoint they have. As our companies work together, we are both benefitting from a collaboration that seeks to strengthen and enrich all layers of endpoint security. Best of all, our shared customers are the benefactors of this collaboration and the results we are driving at the forefront of endpoint security.

Louis:  How has the heightened focus on enterprise cybersecurity in general, and endpoint security specifically, influenced Lenovo’s product strategy in 2021 and beyond?

Matt:  We have always been focused on our unique cybersecurity strengths from the device side and making sure we have all of the control points in manufacturing to ensure we build a secure platform. So, we’ve had to be open-minded about endpoint security, and diligent in envisioning how potential vulnerabilities and attack strategies can be thwarted before they impact our customers. Because of this mindset, we’re fortunate to have a very active partner community. We’re always scouring the earth for the next hot cybersecurity technology and potential partner with unique capabilities and the ability to scale with our model. This is a key reason we’ve standardized on Absolute for endpoint security, as it can accommodate a wide breadth of deployment scenarios. It’s a constant and very iterative process with a team of very smart people constantly looking at how we can excel at cybersecurity. It is this strategy that is driving us to fortify our Lenovo Security Assurance architecture over the long-term, while also seeking new ways of providing insights from existing and potentially new security applications.

Louis: What advice are you giving CISOs to strengthen endpoint security in 2021 and beyond?

Christy: One of our advisors is the former Global Head of Information Security at Citi Group, and former CISO of JP Morgan and Deutsche Bank. He talks a lot about his shared experiences of enabling business operations, while defending organizations from ever-evolving threats, and the question that more IT and security leaders need to be asking – which is, “Is it working?” Included in his expert opinion is that cybersecurity needs to be integral to business strategy – and endpoint security is essential for creating a broader secure ecosystem that can adapt as a company’s needs change.

I believe there needs to be more boardroom-level conversations around how compliance frameworks can be best used to achieve a balance between cybersecurity and business operations. A big part of that is identifying resiliency as a critical KPI for measuring the strength of endpoint controls.

 

Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long

Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long

  • More than 5,000 personal devices connect to enterprise networks every day with little or no endpoint security enabled in one of every three companies in the U.S., U.K., and Germany.
  • More than 1,000 shadow IoT devices connect to enterprise networks every day in 30% of the U.S., U.K., and German companies.
  • 12% of U.K. organizations are seeing more than 10,000 shadow IoT devices connect to their enterprise networks every day.
  • Associates most often use shadow IT devices to access social media (39%), followed by downloading apps (24%), games (13%), and films (7%). Hackers, organized crime and state-sponsored cybercrime organizations rely on social engineering hacks, phishing, and malware injection across these four popular areas to gain access to enterprise networks and exfiltrate data.

Shadow personal IoT voice assistants, Amazon Kindles, smartphone, and tablet devices are proliferating across enterprise networks today, accelerated by last-minute shopping everyone is trying to get done before the end of December. 82% of organizations have introduced security policies governing the use of these devices but just 24% of employees are aware of them. Meanwhile, the majority of IT senior management, 88%, believe their policies are effective. These and many other fascinating insights are from a recent study completed by Infoblox titled, What is Lurking on Your Network, Exposing the threat of shadow devices (PDF, 7 pp., no opt-in).

Shadow IT’s Security Gaps Create New Opportunities For Hackers

Gaps in threat surface and endpoint security are what hackers, organized crime, and state-sponsored cybercrime organizations thrive on. The holidays create new opportunities for these organizations to capitalize on security gaps using social engineering hacks, phishing, malware injection and more. “With cybercriminals increasingly exploiting vulnerable devices, as well as targeting employees’ insecure usage of these devices, it is crucial for enterprise IT teams to discover what’s lurking on their networks and actively defend against the threats introduced,” Gary Cox, Technology Director, Western Europe for Infoblox said. Just a few of the many threats include the following:

  • A quick on-ramp for hackers to exfiltrate data from enterprise systems. Every personal device left unprotected on an enterprise network is an ideal threat surface for hackers and other malicious actors to infiltrate an enterprise network from. The most common technique is to use DNS tunneling, which enables cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. Project Sauron was one particularly advanced threat, which allegedly went undetected for five years at a number of organizations that used DNS tunneling for data exfiltration.
  • Distributed Denial of Service (DDoS) attacks are often launched from a series of hijacked connected devices that are often the least protected threat surface on corporate networks. It’s common for DDoS attacks to begin with malicious actors hijacking any vulnerable device they can to launch repeated and frequent queries that bombard the Domain Name Server (DNS) with the intent of slowing down its ability to process legitimate queries, often to the point that it can no longer function.
  • Creating and targeting Botnet armies using vulnerable IoT devices to attack organizations’ enterprise systems is increasing, according to Verizon’s latest 2019 Data Breach Investigations Report. “Botnets are truly a low-effort attack that knows no boundaries and brings attackers either direct revenue through financial account,” according to Verizon’s 2019 study. Botnets are also being used to steal privileged access credentials to an enterprises’ systems that are being accessed from the same personal devices employees are using for social media access and shopping. There have been over 40,000 breaches initiated using botnets this year so far, according to Verizon. The report notes that a variant of the Mirai IoT botnet began scanning for vulnerable Drupal servers in April of this year and was successful in finding the most vulnerable systems globally to install crypto mining software. The attack is known as Drupalgeddon2, and the scope of its vulnerabilities are still being discovered today.
  • Unsecured personal devices connected to enterprise networks are ransomware landing zones. 70% of all malware attacks happen in healthcare according to Verizon’s 2019 Data Breach Investigations Report because patient health records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record. Ransomware is a form of malware that, once it takes over a computer or network, threatens to deny access to or destroy an organizations’ data. Ransomware can easily intercept an enterprise network after being accidentally downloaded by an employee on either a business or personal device connected to a network.

Where To Start: Secure The Networks Shadow IT Relies On

Chief Information Security Officers (CISOs) have told me that the most challenging aspect of securing the proliferation of shadow IT devices is protecting the multitude of remote locations that together form their distributed networks. They’re saying that in 2020, enabling network security is the greatest challenge their enterprises will face. More enterprises are adopting cloud-based DDI platforms that enable enterprises to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Leaders in this area include Infoblox, a leader in SD-WAN and cloud-based DDI platforms for enterprises. Here are the most common strategies they’re relying on to secure their distributed networks based on the proliferation of personal devices:

  • Integrating threat intelligence data to evaluate if specific sites and applications are high risk or not. IT administrators need to deploy solutions that allow them to build safeguards that will prevent potential dangerous activity occurring on the network. Integrating threat intelligence data into DNS management enables security teams to monitor and prevent access to Newly Observed Domains. Many new domains will be set up ahead of phishing and/or spear-phishing campaign, so in preventing access to these sites, organizations can reduce the risk of employees accidentally introducing malware through clicking through to insecure links on personal devices connected to the enterprise network.
  • Set the goal of achieving full visibility across distributed networks by starting with a plan that considers cloud-based DDI platforms. CISOs and the IT teams working with them need to translate their policies into action by achieving more unified visibility by upgrading their core network services, including DNS, DHCP, and IP address management, on cloud-based DDI platforms to bring greater security scale and reliability across their enterprise networks.
  • Design in greater DNS security at the network level. Enterprise networks are heavily reliant on DNS, making them an area malicious actors attempt to disrupt in their broader efforts to exfiltrate valuable data from organizations. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats – leaving organizations vulnerable to highly aggressive, rapidly proliferating attacks. When secured, the DNS can act as an organization’s first line of defense. The DNS can provide essential context and visibility, so IT teams can be alerted of any network anomalies, report on what devices are joining and leaving the network, and resolve problems faster.

Conclusion

Bring Your Own Device (BYOD) initiatives’ benefits far outweigh the costs, making the business case for BYOD overwhelming positive, as seen in how financial services firms stay secure.  Enterprises need to consider adopting a cloud-based DDI platform approach that enables them to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Many CISOs are beginning to realize the model of relying on centralized IT security isn’t scaling to support and protect the proliferation of user devices with internet access, leaving employees, branch offices, and corporate networks less secure than ever before. Every IT architect, IT Director, or CIO needs to consider how taking an SDWAN-based approach to network management reduces the risk of a breach and data exfiltration.

 

%d bloggers like this: