The combination of enterprise mobility, digital transformation, and bring-your-own-device culture has led to an explosion of endpoints accessing corporate resources and data. Each of these endpoints, when taken together, forms a growing part of an attack surface that, if left unaddressed, creates a potential hole in your organization’s security architecture.
Getting a firm grip on the situation, however, has proven challenging due to the expansion of the remote workforce and the erosion of the traditional network perimeter. Unmanaged devices, with their varying patch levels and configurations, introduce the prospect of vulnerable systems that security teams cannot control connecting to IT resources. In this climate, a balance must be struck between empowering employees to use their own devices and protecting the network. That balance rests on monitoring device activity, assessing security posture, and making access decisions based on risk.
A chain, as they say, is only as strong as its weakest link, and in some cases, enterprises do not even know these weak links exist. According to a report from the Ponemon Institute, 66% of IT and cybersecurity professionals surveyed said their organizations do not have ample resources to minimize endpoint risk. In fact, they could stop just 52% of attacks with their current level of technology and expertise. Additionally, the process of keeping devices up-to-date is challenging, with 62% saying that new OS and application versions are the most difficult to maintain across all endpoints. Patches and security updates were cited as the most difficult by 59%.
This type of gap in security capabilities represents a clear and present danger for enterprises as the number of endpoints continues to sprawl. Attackers only need to find one vulnerability to exploit to compromise a machine and begin the process of expanding their foothold. Keeping patches current will eliminate some of this type of risk, but zero-day attacks and other tactics still leave enterprises susceptible.
Further complicating matters is a lack of visibility. We recently completed a report which revealed that 13% of Absolute-enabled enterprise devices are not currently connected to a corporate domain, creating a blind spot in endpoint management and security. With no knowledge of the health of those devices or their owners, organizations face an increased risk of accidentally enabling malicious access.
What these studies demonstrate is the strategic importance of endpoint security. A device can fall out of compliance fast. Without insight into what is happening on the device and the ability to remediate any issues, businesses will put their data and systems at increasing risk.
With Zero Trust, only approved devices found to be compliant with the organization’s policies should be able to access network resources. Ideally, those access decisions should be made using a just-in-time approach, allowing access for pre-determined times as needed.
It is this mixture of identity and access management, network security, and endpoint management that forms the true foundation of Zero Trust. Each of these layers supports the others. With effective identity and access management, account permissions are created using the principle of least privilege, and strong password policies and multi-factor authentication provide checks against unauthorized access. On the network security side, micro-segmentation enables more granular access controls and lessens the threat of lateral movement in the event of an attack. While it will not on its own prevent the initial compromise of an endpoint, micro-segmentation creates a layer of separation that restricts peer-to-peer traffic between devices.
At the endpoint, Zero Trust is supported by monitoring and remediation capabilities. Think of an endpoint that falls out of compliance, perhaps because it has fallen behind on patches and updates throughout its lifecycle. With the ability to self-heal, however, endpoints and the applications on them can be repaired via automation. An application that has degraded or been tampered with can be automatically reinstalled. In the case of our technology, this capability operates at the firmware and application levels as well. Taken together, this helps keep misconfigurations or malware compromises on the endpoint from undermining Zero Trust principles.
In a sense, Zero Trust should be thought of as a layered strategy of defense. For it to be effective, it must involve more than verifying identities and access rights. Organizations also need to focus on maintaining visibility and control over the endpoints connecting to the network. At a time when many businesses are required to support remote workers and handle access requests that could come from anywhere and any device, the endpoint should still be a focal point of security.