Chuck Leaver – Constant Endpoint Visibility Required Even For Offline Devices

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO

 

A study recently finished by Gallup discovered that 43% of US citizens that were employed worked remotely for a few of their employment time in 2016. Gallup, who has actually been surveying telecommuting patterns in the United States for practically a decade, continues to see more workers working beyond standard workplaces and more of them doing this for a greater number of days out of the week. And, naturally the number of linked devices that the typical staff member uses has actually increased as well, which assists encourage the benefit and desire of working far from the office.

This freedom definitely makes for happier employees, and it is hoped more efficient employees, but the problems that these trends represent for both systems and security operations groups must not be dismissed. IT systems management. IT asset discovery, and danger detection and response functions all take advantage of real time and historical visibility into user, device, application, and network connection activity. And to be genuinely efficient, endpoint visibility and monitoring ought to work no matter where the user and device are operating, be it on the network (regional), off the network but connected (remote), or detached (not online). Present remote working patterns are progressively leaving security and functional groups blind to possible issues and risks.

The mainstreaming of these patterns makes it a lot more difficult for IT and security teams to restrict what was previously deemed greater risk user habits, for example working from a coffee bar. However that ship has sailed and today systems management and security teams need to have the ability to thoroughly track user, device, application, and network activity, identify anomalies and improper actions, and impose proper action or remediation despite whether an endpoint is locally linked, from another location linked, or disconnected.

Furthermore, the fact that many workers now frequently gain access to cloud-based applications and assets, and have back up USB or network attached storage (NAS) drives at their homes additionally amplifies the requirement for endpoint visibility. Endpoint controls often provide the one and only record of activity being remotely performed that no longer always terminates in the business network. Offline activity presents the most severe example of the need for constant endpoint monitoring. Clearly network controls or network tracking are of little use when a device is operating offline. The setup of a proper endpoint agent is vital to guarantee the capture of all important system and security data.

As an example of the types of offline activities that may be detected, a client was recently able to track, flag, and report uncommon habits on a business laptop. A high level executive transferred substantial quantities of endpoint data to an unapproved USB stick while the device was offline. Since the endpoint agent had the ability to gather this behavioral data throughout this offline duration, the client was able to see this uncommon action and follow up appropriately. Continuing to monitor the device, applications, and user behaviors even when the endpoint was detached, offered the client visibility they never had in the past.

Does your company maintain constant tracking and visibility when employee endpoints are not connected? If so, how do you achieve this?