The massive, overnight shift to a fully remote work environment during the COVID-19 crisis has amplified both the urgency and the obstacles around endpoint security. Not only were many machines not designed to work outside the corporate environment, leaving many companies woefully unprepared, but cybercriminals have already sprung to the occasion, preying on COVID-19 fears.
In addition to machines that were already behind on patching, new Windows bugs have emerged, along with rampant phishing scams aiming to capitalize on the shaky security structure. Not to mention, employees’ home ISP/Wi-Fi networks are a wild west of patchwork security—or perhaps lacking the proper safeguards entirely.
As the number of attacks and threats has increased dramatically, IT in most organizations has done a great job under the circumstances. But, in the rush to go remote, it’s no surprise that many corners may have been cut, likely under the assumption that either a) this will be a temporary situation or b) we’ll circle back to security once we get everyone up and running.
We’ve reached a pivotal juncture—the risks are escalating and it’s time to get endpoint security under control. Here’s what IT teams need to consider now to ensure remote endpoints remain secure.
1. Invest in a Tool That’s Built for a Remote Environment
Most endpoint security and management solutions aren’t designed to support remote endpoints and certainly not at the scale needed now. Rather than try to individually manage separate tools on every endpoint, invest in a solution that’s designed to manage them all from a single pane of glass.Having this ubiquitous visibility and control is a strategic advantage, now and in the future. Even before the pandemic hit, global spirits company Pernod Ricard was already expanding its remote workforce to include roughly 40 percent of its 19,000 global employees. Having a remote-first solution was critical.
“Protecting [users’] assets was problematic because they were not on VPN,” said Ivan Jaramillo, director of client support at Pernod. “It’s challenging because that means we couldn’t enforce the group policy or manage them through SSCM.” Deploying a remote management solution gave the Picard team the ability to protect all its remote devices and ensure maximum security.
This same scenario applies now as we deal with the COVID crisis. Choose a platform that sits on top of your endpoint security software, that’s designed to run over the Internet, to report on and manage them all. This will allow you to see which devices are at risk, bring them into compliance and stay on top of endpoint security in real time with greater efficiency, accuracy and scale.
2. Automatically Test for and Remediate Compliance Drift
The biggest challenge with security in a remote work environment is that so much is beyond IT’s control. Aside from external threats and native device bugs, users can also inadvertently contribute to the problem by self-managing their machines. For example, if they can’t access cloud platforms or an application is slow to respond, users might switch off their Windows firewall or disable their endpoint security software. By the time IT detects the change, the damage might already be done.
“Live information is really important because viruses and phishing attacks happen in the moment,” says Kurt De Ruwe, CIO of Signify, formerly Philips Lighting. “There was a time when it was OK to wait a week or two weeks before having that information. Today, real-time information makes all the difference.”
To gain the real-time advantage, implement solutions that can automatically poll for, detect and remediate user configuration changes to prevent compliance drift. This will ensure all devices maintain the same baseline level of security and can dramatically reduce the threat surface.
3. Implement Real-time Breach Remediation
Make no mistake: the longer this new remote work arrangement lasts, the more cybercriminals will test the boundaries of endpoints. With every device now effectively outside the firewall, the risk of an attack grows every day. Even aside from a coordinated attack, the risk that a device could be lost or stolen also puts the organization at risk.
Real-time remediation capability is a must to save the organization from tremendous damage. When a virus attacked Signify, this real-time remediation approach allowed de Ruwe and his team to immediately identify which devices were not protected, isolate them until they were patched and deploy the fix remotely without interrupting users or impacting productivity. Similarly, when it came time to remediate the Intel chip bug, Signify used the same approach to deploy the fix across all 22,000 devices on its global network in just two days—a process that would have otherwise taken weeks or months to remediate manually, leaving them vulnerable in the meantime.
The reality is that there will always be security holes; the priority for IT is to stay one step ahead of those who seek to exploit them. To do so requires the tools and capability to detect issues and fix them quickly, whether it be through prompt patching, real-time configuration changes or urgent remediation. In our new remote world of work, IT needs tools built for the task, that were designed to work remotely, and that can provide the speed, flexibility and agility needed to keep pace with this tumultuous time.
