Obtaining Insights on Device Activity Across a Remote Endpoint Environment

Nowadays, organizations have embraced the work-from-anywhere environment by adopting hybrid or remote work policies. As a result, their IT and security teams are tasked with managing endpoint fleets remotely, as a significant number of devices are now connecting to the corporate network either from an employee’s home office or public locations (e.g., the airport, coffee shop, or library). This creates several challenges for IT practitioners, trying to deliver a positive end user experience whilst ensuring that security policies remain active on the device. Today, end users expect seamless and uninterrupted access to corporate resources and business applications to get their jobs done.

In this context, it’s vital that remote endpoints have the necessary security controls and policies set at all times to thwart threat actors looking to infiltrate the device and initiate a potentially large-scale cyberattack across the organization. The acceleration of such incidents across industries drives the need for cyber resilience. Ensuring the latest patches are deployed and security applications such as Endpoint Protection Platforms (EPP), anti-malware, and encryption are active and functioning as intended, are critical in proactively maintaining the security posture across a remote device environment. However, it's impossible to guard against all threats in a proactive manner. Due to the increasing endpoint complexity and sophistication of today’s malware and rootkits, IT practitioners need to be able to continuously monitor device events to identify unusual activity before they develop into greater security risks.

Absolute Secure Endpoint 7.23

The Absolute Secure Endpoint 7.23 release offers a few notable enhancements to both user experience and device reporting, allowing Absolute customers to monitor device activity and diagnose application failures in a more seamless manner. These updates include:

• A new ‘History’ tab under the ‘Device Details’ page allowing Absolute customers to verify changes that have occurred on a specific device and to identify potentially suspicious activity. IT personnel can define a particular period to view a list of events associated with the device. This enhancement is available across all Absolute Secure Endpoint service tiers. Examples of the type of events shown include:
  • Location updated events (e.g., change in device location)​
  • User updated events ​(e.g., user sign-ins and sign-outs)​
  • System updated events (e.g., public IP address change)​
  • Rule triggered events ​(e.g., offline freeze execution)​
  • Action events ​(e.g., running of an Absolute Reach script)​

• Obtain clear application health status information to better understand the reasons for when application failures occur on a device. Specifically, the Absolute Application Resilience policies for BitLocker, Microsoft Intune, and Microsoft System Center Configuration Manager (SCCM) now provide enhanced application health status information through the ‘Status Details’ reporting field to better understand reasons for when the application(s) fail. In addition, ‘Status Details’ for successful repairs and reinstalls across all Absolute Application Resilience supported apps are now easier to read. These enhancements are available through the Absolute Resilience service tier.

The Absolute Secure Endpoint 7.23 release also includes eight new applications supported through the Absolute Application Resilience catalog. Check out the following release summary page and release notes for more information.