Ken Galvin, Senior Product Manager at Quest Software, outlines five essential steps CISOs should be taking to protect their endpoints against cybercriminals.
It’s no secret that cyberattacks are a growing problem for giant corporations and SMEs alike, and cybercriminals are only getting savvier. While the total number of IT vulnerabilities is decreasing, the number that could be considered critical is on the rise – and so is the number of security exploits.
To add to the pressures CIOs are facing, endpoint updates are more complex and challenging than ever with the proliferation of smartphones, tablets and other devices. Bring-your-own-device (BYOD) programmes and Internet-of-Things (IoT) technologies are adding to the complications because every device that connects to a system only increases the number of threats.
In order to maximise safety in the everchanging endpoint landscape, clear visibility and vigilant software are more important than ever. Ensure your company has taken the five steps outlined below to stay ahead of the threats facing your network.
Step one: Unified endpoint management
When it comes to inventory management, visibility is key. If you don’t know what you have on your network, how can you manage it? With the rise in BYOD programmes and IoT devices, visibility into your entire connected environment is becoming more and more critical. From computers and servers to routers, printers and more, it is essential that you have a unified endpoint management (UEM) system in place with the ability to help you manage hardware installed in your network and software installed on your devices.
With maximised visibility into your network, you can see what systems need patches or antivirus software. The right UEM solution can ensure that there are no holes in your defence, instead armouring every new device against intruders.
Step two: Automated patch management
With a large network containing multiple vulnerabilities, an automated system of patching and updates will be a big help when it comes to keeping your network up to date. You’ll be able to achieve peace of mind knowing your Windows and Mac platforms are patched and updated, as well as potentially vulnerable third-party applications, like Adobe Reader and Oracle Java.
Through automated IT security auditing, you can quickly discover vulnerabilities in your environment and identify systems that aren’t in line with your organisation’s security and configuration policies.
Step three: Deploy systems quickly
If you suspect that an endpoint is infected with a virus, don’t take any chances – re-image the device ASAP. Simplify system imaging and software and driver deployment with a system deployment appliance. There are lots of steps involved in building and maintaining gold master images for multiplatform OS imaging and deployments – automate deployment, image storage and management with access to a centralised deployment library.
Your library will contain all of your company’s assets for system and software deployment, including images, scripted installations, drivers, applications and scripts, allowing them to be deployed automatically once the need is detected. Eliminate the need for removable media with this one-stop solution.
Step four: Mobile endpoint management
Your organisation’s BYOD and corporate-owned mobile device programmes require effective remote management to prevent them from becoming harmful risks instead of the connective conveniences they should be. Mobile endpoint management will protect your network if a mobile device happens to go missing.
It’s important that you can manage every mobile device that is connected and remotely take inventory, lock, unlock, erase, or factory reset the device, or its password, should it fall into the wrong hands and become a threat to your organisation.
Step five: Administer appropriate access rights
To avoid security breaches, it’s critical that users have the correct level of access to systems containing sensitive corporate data. With visibility of connected endpoints, administrators can easily keep track of which systems specific users are accessing and determine which users deserve administrative access and which users don’t.
Endpoints also include printers, cameras, external drives and other devices that have USB ports in various locations. Left unattended, any of the USB ports in these devices could be exploited to introduce malware into the network. A solution with the ability to restrict access to USB ports is crucial to your organisation’s security.
The result
With these steps in place, rest assured that all of your endpoints will be safeguarded. End users will also be more productive without the interruptions of patch updates and security reviews. Most importantly, you’ll be avoiding the financial, operational or reputational damage that a breach may cause for your organisation. Follow these steps for the peace of mind that your endpoints and network are protected.