Managing the IT landscape is crucial to staying secure, says Sean Herbert of Baramundi Software AG
For holistic protection of the IT environment, administrators must be fully informed about all of the installed software and configurations across their IT landscape. If this information is missing, administrators will be unsure as to whether action is required and where. A unified endpoint management solution provides IT managers with a comprehensive overview of the complex infrastructure and assists administrators with holistic, efficient management and protection of IT.
Inventorying hardware and software
Using a UEM solution, IT administrators are able to inventory all endpoints, software, processes, and services in the company. With this information, administrators can determine which assets have been assigned to which department or which client, as well as record and inventory other network elements such as routers, switches and printers. Modern UEM solutions offer graphic visualisation of the network topology through IT maps, which allow administrators to understand relationships and connections of endpoints within the IT environment, plus the ability to dig deeper and understand areas such as the current firmware.
With a UEM solution, IT administrators can recognise what type of endpoint is being used at a glance, whether physical or virtual, making for an even better overview. For example, IT administrators can inventory pre-existing VMware environments and receive relevant information about virtual machines and resources of the hypervisor. In addition, it should also be possible to view information about hosts, data storage, clusters, and resource pools.
With UEM software, routine tasks such as operating system installations, software distribution, and patch deployment can be performed automatically, easing the increasing work and time pressures on IT teams. It is also useful when new VMs can be made directly available from the UEM solution. Based on VM provisioning profiles, additional information such as OS customisation specifications, hypervisors, data centers, data storage, folders and resources can also be made available as a template. This reduces the error rate when configuring settings and saves time when creating new VMs.
Managing endpoints outside of the corporate network
If endpoints are permanently part of the LAN, they can easily be accessed for administration purposes at any time. For employees who do not spend most of their working time in the company, however, this accessibility is not always possible or indeed assigned. This can cause problems because (for example) security-related updates cannot be installed in a timely fashion, which in today's threat climate can lead to breaches and data loss. IT administrators must therefore have guaranteed access to endpoints at any time - regardless of user participation. Internet-enabled endpoint management (IEM) makes it possible to access and manage these endpoints, even without a VPN connection.
Certificates on the server and endpoint pages, encrypted communication (HTTPS) between them and a gateway with advanced functions are used to securely manage endpoints using IEM. With a modern UEM solution, IT administrators should be able to establish a connection with endpoints in trustworthy (e.g. remote company locations) as well as non-trustworthy networks (e.g. hotels). Accessibility to corporate resources, such as file servers, varies in these networks, but is made flexibly available by means of comprehensive IEM functions.
The big difference is that, in comparison to VPN connections, IT administrators are no longer dependent on the end user's participation to set up such a connection and, with help of IEM functions, can ensure that important administrative tasks - such as compiling inventories, installing new software, and continuously supplying updates and security patches - are performed properly.
Once an attack has been dealt with, the next one is imminent
The recent WannaCry and NotPetya attacks have shown how vulnerable IT infrastructure is when security gaps in software are not patched. It also highlights the necessity in this day and age to distribute patches with haste to eliminate security vulnerabilities. As part of a UEM solution, a vulnerability scanner, which checks all endpoints automatically for vulnerabilities, has in many cases already proven successful. The scanner checks endpoints based on approved and constantly updated databases using specific procedures. It is important that the vulnerabilities catalogue is large enough; only then is comprehensive examination possible. Good vulnerability scanners should contain at least several thousand CVE procedures to be able to quickly identify and fix vulnerabilities.
Occasionally, vulnerabilities are found in reusable libraries of programs, such as in OpenSSL. In addition to displaying suggested solutions for fixing security gaps, the UEM solution should also provide the possibility to define exceptions. This will allow, for example, an exception to be defined for software A and a program update to be installed for software B.
In the best case scenario, a modern UEM solution comprises patch management, which, in addition to Microsoft patches, can also distribute program updates for popular applications such as Adobe Reader, Java, and Mozilla Firefox - especially since the majority of security vulnerabilities are found in the third-party products on your endpoints! This is an area that has been somewhat neglected by many businesses over the years.
In addition to missing patches, incorrect configuration settings also pose a high risk to security. It is essential that IT administrators roll out standardised configurations to all endpoints and regularly check whether these still remain unchanged. If IT administrators detect deviations, they must be able to react directly and initiate the necessary measures to re-establish conformity with the procedures defined by the UEM solution.
Knowledge of all resources and their interdependencies is crucial for holistic and secure management of the IT environment. A modern UEM solution supports IT administration in establishing and maintaining a high degree of security. IT administrators can ultimately only ever protect what they can actually see!
This is a sponsored post.