Securing Shadow IT Starts with Automation

By: Jason Short | 7/30/2018

Shadow IT is a modern security challenge for the very best reasons – your users rely on it to find new and arguably innovative ways to be more productive. While getting more done more effectively isn’t a bad thing, rogue applications that aren’t supported and maintained by IT is. While we haven’t seen Shadow IT in the headlines as much recently, the problem remains very real. Gartner estimated 38% of technology purchases in 2017 were managed and controlled by business leaders, not IT.

There’s another reason the headache of Shadow IT persists – because addressing the pain of these security incidents waiting to happen is well, painful. There are a few solid approaches you can try to reduce the use of renegade applications and services. The first is a PR program for your IT team. Building awareness of and trust in the important work IT does every day is key to attacking the root of the problem. Collaborate; get involved with other business units. In theory, by creating a bridge between IT and users, it can be easier to break down misconceptions about the barriers to bringing in new technologies and reinforce important security policies.

Automation is another important (and less ambiguous) component to addressing Shadow IT and it’s easier to accomplish in the short term. Setting rules that block traffic by application or network path is a strong step forward in at least blocking the known trouble makers and setting policy for what can and cannot be done. It also makes sense for your budget. According to the 2018 Total Economic Impact study done by Forrester, information security professionals can save 12 minutes in the analysis and triage phase on every security-related response with Absolute.

New Reach Automation Tools

Absolute Reach is a custom query and remediation feature of the Absolute Platform. Today, we added nine new scrips to the hundreds already executed across millions of devices. To address the challenges of Shadow IT, you can now add firewall application rules to prevent traffic from routing through a specific application. Regardless of what your user does on the device, no traffic will flow through the application. This is useful for preventing any unauthorized applications or network paths such as cloud-based file transfers or Torrent applications. And, if you need to reset your firewall settings after a period of time, there is a script for that too.

To address the challenge of managing Windows Updates, two additional scripts have also been added to disable Windows Update Sharing to support bandwidth constraints. You can also generate an automated log of any failed Windows Updates across a given device population.

Because incorrect network settings or misconfigurations often cause user frustration and negatively impact productivity, two more new scripts flush Address Resolution Tables (ARP) or DNS Resolver Caches, helping reset settings back to standard configurations. The ability to run an automated script to enable DHCP settings to automatically assign an IP address within a defined range can help prevent man-in-the-middle attacks.

Like all features of the Absolute platform, they can be performed on devices on or off the network which helps you address potential security vulnerabilities or misconfigurations on devices that are outside of the bounds of your traditional tools. They are available to all Absolute Resilience customers and can be found in the Reach library. The full list of new Reach scripts is in the table below. And more will be dropping soon. Explore Reach for yourself in this short video.

New Script Name Description
 Flush ARP Tables Flush the ARP tables on a system
 Add Firewall Application Rules Add / create a firewall application rule
Remove Firewall Application / Port Rules Remove firewall application / port rules
Reset the Firewall Advanced Firewall Settings Reset the Windows Firewall to defaults
Flush DNS Resolver Cache Flush the DNS resolver cache on a system
Release / Renew IP Address Release the IP & renew IP for the active adapters a system
Email Failed Windows Updates Report the failed installation of Windows Updates on a system
Disable Windows Update Sharing Disable the Windows Update Sharing feature / Windows Update
Enable DHCP for DNS Update the DNS to DHCP, instead of static
Financial Services