Transparent and secure with unified endpoint management

clock • 5 min read

Managing the IT landscape is crucial to staying secure, says Sean Herbert of Baramundi Software AG

For holistic protection of the IT environment, administrators must be fully informed about all of the installed software and configurations across their IT landscape. If this information is missing, administrators will be unsure as to whether action is required and where. A unified endpoint management solution provides IT managers with a comprehensive overview of the complex infrastructure and assists administrators with holistic, efficient management and protection of IT.

Inventorying hardware and software

Using a UEM solution, IT administrators are able to inventory all endpoints, software, processes, and services in the company. With this information, administrators can determine which assets have been assigned to which department or which client, as well as record and inventory other network elements such as routers, switches and printers. Modern UEM solutions offer graphic visualisation of the network topology through IT maps, which allow administrators to understand relationships and connections of endpoints within the IT environment, plus the ability to dig deeper and understand areas such as the current firmware.

Virtual environments

With a UEM solution, IT administrators can recognise what type of endpoint is being used at a glance, whether physical or virtual, making for an even better overview. For example, IT administrators can inventory pre-existing VMware environments and receive relevant information about virtual machines and resources of the hypervisor. In addition, it should also be possible to view information about hosts, data storage, clusters, and resource pools.

With UEM software, routine tasks such as operating system installations, software distribution, and patch deployment can be performed automatically, easing the increasing work and time pressures on IT teams. It is also useful when new VMs can be made directly available from the UEM solution. Based on VM provisioning profiles, additional information such as OS customisation specifications, hypervisors, data centers, data storage, folders and resources can also be made available as a template. This reduces the error rate when configuring settings and saves time when creating new VMs.

Managing endpoints outside of the corporate network

If endpoints are permanently part of the LAN, they can easily be accessed for administration purposes at any time. For employees who do not spend most of their working time in the company, however, this accessibility is not always possible or indeed assigned. This can cause problems because (for example) security-related updates cannot be installed in a timely fashion, which in today's threat climate can lead to breaches and data loss. IT administrators must therefore have guaranteed access to endpoints at any time - regardless of user participation. Internet-enabled endpoint management (IEM) makes it possible to access and manage these endpoints, even without a VPN connection.

Certificates on the server and endpoint pages, encrypted communication (HTTPS) between them and a gateway with advanced functions are used to securely manage endpoints using IEM. With a modern UEM solution, IT administrators should be able to establish a connection with endpoints in trustworthy (e.g. remote company locations) as well as non-trustworthy networks (e.g. hotels). Accessibility to corporate resources, such as file servers, varies in these networks, but is made flexibly available by means of comprehensive IEM functions.

The big difference is that, in comparison to VPN connections, IT administrators are no longer dependent on the end user's participation to set up such a connection and, with help of IEM functions, can ensure that important administrative tasks - such as compiling inventories, installing new software, and continuously supplying updates and security patches - are performed properly.

Once an attack has been dealt with, the next one is imminent

The recent WannaCry and NotPetya attacks have shown how vulnerable IT infrastructure is when security gaps in software are not patched. It also highlights the necessity in this day and age to distribute patches with haste to eliminate security vulnerabilities. As part of a UEM solution, a vulnerability scanner, which checks all endpoints automatically for vulnerabilities, has in many cases already proven successful. The scanner checks endpoints based on approved and constantly updated databases using specific procedures. It is important that the vulnerabilities catalogue is large enough; only then is comprehensive examination possible. Good vulnerability scanners should contain at least several thousand CVE procedures to be able to quickly identify and fix vulnerabilities.

Occasionally, vulnerabilities are found in reusable libraries of programs, such as in OpenSSL. In addition to displaying suggested solutions for fixing security gaps, the UEM solution should also provide the possibility to define exceptions. This will allow, for example, an exception to be defined for software A and a program update to be installed for software B.

In the best case scenario, a modern UEM solution comprises patch management, which, in addition to Microsoft patches, can also distribute program updates for popular applications such as Adobe Reader, Java, and Mozilla Firefox - especially since the majority of security vulnerabilities are found in the third-party products on your endpoints! This is an area that has been somewhat neglected by many businesses over the years.

In addition to missing patches, incorrect configuration settings also pose a high risk to security. It is essential that IT administrators roll out standardised configurations to all endpoints and regularly check whether these still remain unchanged. If IT administrators detect deviations, they must be able to react directly and initiate the necessary measures to re-establish conformity with the procedures defined by the UEM solution.

Conclusion

Knowledge of all resources and their interdependencies is crucial for holistic and secure management of the IT environment. A modern UEM solution supports IT administration in establishing and maintaining a high degree of security. IT administrators can ultimately only ever protect what they can actually see!

Meet us at IP Expo Europe in London.

This is a sponsored post.

Related Topics

You may also like
Video: How BT manages endpoint in the new normal

Hardware

Video: How BT manages endpoint in the new normal

The explosion of remote work has thrown the challenges of endpoint management into stark relief.

clock 13 June 2022 • 1 min read
Video: Are you doing enough to protect your endpoints?

Cloud Computing

Video: Are you doing enough to protect your endpoints?

As many as 70% of major security incidents start with an endpoint.

clock 31 May 2022 • 1 min read
Scale of tech market is both challenge and opportunity, says BT's Alexandra Foster

Security

Scale of tech market is both challenge and opportunity, says BT's Alexandra Foster

The scale of the tech market can be a major challenge, but BT is turning it into an opportunity.

clock 26 May 2022 • 1 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

Interview: Sharp UK, Security Excellence Awards finalist
Security

Interview: Sharp UK, Security Excellence Awards finalist

'We make technology easy by listening, taking the time to understand our clients, and creating seamless solutions that work'

Computing Staff
clock 12 April 2024 • 4 min read
Interview: LRQA Nettitude, Security Excellence Awards finalist
Security

Interview: LRQA Nettitude, Security Excellence Awards finalist

'We are the only cybersecurity team in the world with a full suite of CREST accreditations'

Computing Staff
clock 11 April 2024 • 4 min read
Interview: Nationwide Building Society, Security Excellence Awards finalist
Security

Interview: Nationwide Building Society, Security Excellence Awards finalist

'Working hard on cyber and wider operational resilience means that whatever happens we can be increasingly confident of being there for our customers when they need us'

Computing Staff
clock 10 April 2024 • 3 min read