By Roark Pollock

No Endpoint is an Island – Maintaining Continuous Endpoint Visibility

According to a recent survey by Gallup, 43% of employed Americans said that they spent at least some time working remotely in 2016. Gallup, who has been surveying telecommuting trends in the United States for almost a decade, continues to see more employees working outside of traditional offices and more of them doing so for more days out of the week. And, of course the number of connected devices that the average employee uses has jumped as well, which helps drive the convenience and desire of working away from the office.

This mobility surely makes for happier employees, and one hopes more productive employees, but the complications that these trends present for both security and systems operations teams should not be dismissed. IT asset discovery, IT systems management, and threat detection and response functions all benefit from real time and historic visibility into user, device, application, and network connection activity. And to be truly effective, endpoint visibility and monitoring should work no matter where the user and device are operating, be it on the network (local), off the network but connected (remote), or disconnected (offline). Current remote working trends are increasingly leaving security and operational teams blind to potential issues and threats.

The mainstreaming of these trends makes it even more difficult for IT and security teams to restrict what used to be considered higher risk user behavior, such as working from a coffee shop. But that ship has sailed and today systems management and security teams need to be able to comprehensively monitor user, device, application, and network activity, detect anomalies and inappropriate actions, and enforce appropriate action or remediation regardless of whether an endpoint is locally connected, remotely connected, or disconnected.

Additionally, the fact that many employees now regularly access cloud-based assets and applications, and have back-up USB or network attached storage (NAS) drives at home further magnifies the need for endpoint visibility. Endpoint controls often provide the only record of remote activity that no longer necessarily terminates in the corporate network. Offline activity presents the most extreme example of the need for continuous endpoint monitoring. Clearly network controls or network monitoring are of no use when a device is running offline. The installation of an appropriate endpoint agent is critical to ensure the capture of all important system and security data.

As an example of the types of offline activity that might be detected, a customer was recently able to monitor, flag, and report unusual behavior on a corporate laptop. A high level executive transferred huge amounts of endpoint data to an unauthorized USB drive while the device was offline. Because the endpoint agent was able to collect this behavioral data during this offline period, the customer was able to see this unusual action and follow-up appropriately. Continuing to monitor the device, applications, and user behaviors even when the endpoint was disconnected, gave the customer visibility they never had before.

Does your organization maintain continuous monitoring and visibility when employee endpoints are on an island? If so, how do you do so?

Get the Blog Here