Before the pandemic, organizations took a castle-and-moat approach to cybersecurity. They used corporate firewalls to protect the network, ensuring on-premises devices, systems and data were secure. But that approach no longer works.
Now enterprise IT teams are adapting to a new IT landscape with a workforce mostly or entirely remote indefinitely. More applications and storage are moving to the cloud. And cybercriminals, watching these changes unfold, are focusing their attention on new targets and new forms of attack. The hybrid workforce has caused the traditional enterprise IT environment to be turned inside out.
In this article, we look at security challenges related to managing clients (IT endpoints, including servers, desktops, laptops, tablets, and smartphones) in the inside-out enterprise.
In the inside-out enterprise, employee endpoints are out of sight and likely out of date in their software patches. Worse, cybercriminals know that employees are more vulnerable working in their remote offices than they are on premises behind a corporate firewall. They’re crafting phishing messages and other types of attacks specifically aimed at isolated employees.
According to ITProPortal, almost three-quarters of businesses in the U.S. and the U.K. have suffered some kind of data breach because of a phishing attack in the past year, according to email security company, Egress.
Beyond discovering, updating, and patching remote endpoints, IT organizations need a way to:
- Scan remote endpoints for security vulnerabilities and threats
- Apply whatever patches or configuration changes are necessary to address vulnerabilities and any compliance requirements
- Configure endpoints to close ports and pathways often used by attackers for spreading malware
- Rapidly contain any attack on an endpoint once the attack is detected
Here, too, IT departments need visibility into and control over endpoints without requiring VPN connections. If an endpoint is under attack, you can’t expect an employee to launch a VPN connection back to headquarters. IT teams need to be able to access the endpoint as-is — and without launching a new network connection that could potentially hasten the spread of malware.
Without requiring a VPN connection, client security software should be able to:
- Scan and analyze endpoints
- Detect attacks
- Raise alerts about attacks and patch requirements
- Provide security operation center (SOC) analysts with real-time visibility into endpoint activity
- Contain attacks by instantly isolating endpoints
Case study: containing a ransomware attack at Ring Power
The benefits of real-time, distributed client management became clear recently to Ring Power Corp., a heavy-equipment dealer based in Saint Augustine, Florida.
When a manager clicked on a phishing email, the company was hit by a ransomware attack that shut down all 150 servers in the company’s data center and crippled the 2,300 endpoints its employees relied on for their daily work.
Fortunately, the company had just purchased Tanium solutions for client management, including modules for asset discovery and inventory, risk and compliance management, sensitive data monitoring, and threat hunting.
With help from Tanium, Kevin Bush, VP of IT, and his 10-person team were able to
completely disinfect and restore Ring Power’s IT infrastructure in a matter of weeks. And they did so without paying the ransom — in fact, without ever communicating with the attackers at all.
Instead of negotiating a payment, they shut down systems, isolated their backups to ensure they weren’t corrupted by malware, physically collected all endpoints from the company’s 26 locations, and disinfected every system. They also installed Tanium on every endpoint. Operations resumed with clean and secure endpoints.
“Tanium brings visibility to one screen for our whole team,” Bush says. “If you don’t have that kind of visibility, you’re not going to be able to sleep at night.”
Download the full Ring Power case study here.
Transformation brings opportunity
Any type of transformation brings challenges, but it also comes with opportunity. By overcoming the challenges, IT organizations can:
- Provide remote employees with better endpoint security, so that they can withstand the latest forms of cyberattacks, and so that infected endpoints don’t end up compromising large swaths of the corporate network.
- Improve security readiness, so that when attacks occur, they can be quickly and efficiently contained and mitigated (as Ring Power was able to do when they were attacked with ransomware).
The enterprise IT landscape has changed forever. But with the right tools and strategy for client management, this change can serve as the catalyst for more robust IT security for employees everywhere, so that at any location on any device, employee productivity remains better than ever.
Learn how Tanium’s client management solution can help your organization overcome these security challenges in today’s inside-out enterprise.