Self-healing Endpoints are Critical to Endpoint Security

The hype around self-healing has grown significantly with the move to remote work – and rightly so. More endpoints are in the wild and maintaining visibility, oversight, and protection of endpoints is more difficult than ever. They are increasingly subject to compromise from any number of sources – external attack, software decay and collision, as well as users themselves. The ability for endpoints to autonomously correct themselves is a very attractive proposition – providing scale for already stretched IT teams as well as a measure of endpoint resilience when endpoints stray beyond oversight.

The stakes are higher than just productivity. Poor endpoint health creates a vulnerable target for security breaches, particularly when this compromises the endpoint security tools intended to protect against and respond to those breaches. Cybersecurity strategy will succeed and fail alongside the health of the tools intended to execute on it. Self-healing will mitigate this risk and ensure organizations remain protected and resilient.

There are many different claims of self-healing in the market and it’s important to take a step back and consider what makes a true self-healing endpoint. 

3 Fundamental Capabilities of a Self-Healing Endpoint

According to Merriam-Webster, self-healing describes the activity “to heal or repair oneself or itself, such as involving or promoting recovery from injury/disease or being able to repair physical damage without outside agency.” This is a biology-oriented definition, but still perfectly suited to endpoints. Endpoints are entities operating independently in an external environment and they subject to similar ‘injury’ or ‘disease’. Self-healing endpoints will repair themselves independently.

1. Confronting External Threats

Addressing external threats is the first fundamental capability. A typical form here is anti-virus. An endpoint is subject to attack from viruses, and anti-virus (AV) software helps identify the threat or infection and remediate without human intervention or oversight. Anti-virus software is one critical security control on the endpoint amongst many - without which, an endpoint could become compromised.

2. Addressing Software Decay

Now consider what happens when that anti-virus software fails - it could be behind on AV definitions, collide with another application rendering it useless, or more likely a user has disabled it. This is software decay and is just as much an ‘injury’ or ‘disease’ to an endpoint as an external threat. As an endpoint journeys through a lifecycle of users, installations and uninstallations, updates, etc. collisions will arise, performance will degrade, and endpoint processes will decay and fail.

Mechanisms that address decay are the second fundamental healing capability. These mechanisms monitor application health and take autonomous action to repair them. This could mean triggering an update, restarting a service, or re-installing a component or the software altogether. This is essentially the string of troubleshooting and actions an intervening administrator would perform – this logic learned and packaged up to occur autonomously on the endpoint.

3. Deep Self-Healing from the Firmware – Self-Healing must also be Self-Healing

Now consider what happens when those software decay solutions fail. They are applications just like any other and will be subject to the same hazards. What becomes apparent is that the mechanism to self-heal must also be self-healing otherwise it all collapses into disrepair.

The third and most critical capability is the ability to self-heal from a deeper layer within the endpoint – the firmware. Stored here will be basic instructions to simply restore an agent at the software level whenever it is missing or requires healing. This agent would subsequently monitor and take action to restore other key endpoint controls that address external threats and decay.

A Self-Healing Solution is Purpose-Built

The firmware is a relatively privileged location to have a footprint in, requiring close partnerships with key device manufacturers. Few vendors will have this privilege, let alone purpose-built code to self-heal.

The subsequent self-healing capabilities at the software layer will be more complex and are not all created equal amongst vendors claiming self-healing. Many stop short with simply the presence of the endpoint control but not necessarily that it is active. Applications could be installed, but still be broken or disabled. Some applications also require supplementary components for full functionality. Addressing health for each application will be unique.

Effective solutions will assess applications individually and develop specific remediation actions, as well as maintain their solutions as new versions are released. It’s a significant commitment for one application let alone an entire library of key endpoint controls.

Conclusion

IT and security leaders need to make a conscious decision to address endpoint health by employing autonomous self-healing technologies – or not. The entire endpoint technology stack is what is at stake where quite often the focus is on establishing key tools and security controls on the endpoint with the risky assumption that they just work.

Absolute is the leader in endpoint resilience and delivers on the promise of the self-healing endpoint. Absolute offers the only firmware-based solution already embedded in over half a billion endpoint devices that enables customers to always know where their endpoints are, take deep control and security actions on those devices, and help their security controls repair themselves. Absolute is embedded in the firmware of a half billion devices from the world’s top device manufacturers, and Absolute Application Persistence technology provides self-healing capabilities for a growing library of mission-critical endpoint applications, spanning security, management, productivity, and compliance.

See the complete list of applications Absolute Application persists here.