Providing Real Time Situational Awareness and Incidence Response

Seconds matter when protecting endpoints — don’t get caught between audits

The world of cyber-attacks is an unfortunately fascinating place. There’s always some new, colorfully-named threat make you lose sleep: CosmicDuke (“Cosmu with a twist of MiniDuke), BlackEnergy, Juice Jacking, Heartbleed, Monster Cookies, to name just a few If that isn’t enough. The older tried-and-true attacks are coming out with new features and accessories at a pace that puts even smartphone makers to shame. As the old saying goes, “It’s not paranoia if they’re actually trying to get you.”

If you’re the one responsible for preventing all this creativity from unleashing itself onto your company and its customers, then you know time and money are not on your side.

Often, organizations find themselves in a position where either all these changes are handled manually or the changes are automated but they’re only done periodically. This is problematic as we know that finding out about new threats means the instant need to implement new policies into place. However, they do an audit today and the results don’t come back for a while, then the next policy check won’t be done for months. This leaves you exposed for weeks and weeks and weeks in a threat environment where microseconds can make a difference.

IBM’s Endpoint Manager’s intelligent agent assesses, remediates issues continuously, and locally, to avoid costly network traffic. It has the flexibility to let administrators either define custom security policies or use existing standard policies from places like the Center for Internet Security, government bodies, and more.

Once those policies are defined, Endpoint Manager automatically ensures all endpoints are consistent with the policy on real time basis. When we say all endpoints, we mean hundreds of thousands, both physical and virtual, regardless of location, connection, type or status. That includes everything from servers, desktop PCs, “roaming” Internet-connected notebooks, smartphones, tablets and other mobile devices, to specialized equipment such as point-of-sale (POS) devices, ATMs and self-service kiosks.

Finding problems is one thing – fixing them immediately is what keeps our clients out of the papers for the wrong reasons. Take, for example, a recent zero-day exploit. Instead of waiting for their antimalware vendor to provide an updated .dat, they used Endpoint Manager to monitor the executables used to move data laterally to other computers. If the programs were invoked, that computer was quarantined.

Using IBM Endpoint Manager automate the tedious—but time consuming—tasks associated with remediating cyber threats. That might make new threats less interesting, but sometimes dull is good.

NEW! Download the State of the CIO 2017 report