How to secure an expanding landscape of endpoints and identities

Exposed, unknown endpoints on an enterprise’s network are more than a security threat; they are a brand liability. This week, Forrester’s Security and Risk Summit made a compelling case for how technology trust is key to driving brand trust. 

The sessions highlighted how an enterprise’s effectiveness at improving its security posture directly affects profits. 

“Because when something touches as much revenue as cybersecurity does, it is a core competency. And you can’t argue that it isn’t,” Jeff Pollard, VP and principal analyst at Forrester, told the audience during a session.

CISOs face the challenge of consolidating tech stacks while supporting a growing base of endpoints and identities. Zero-trust network access (ZTNA) and zero-trust edge are core to zero-trust frameworks. In addition, zero trust does not have to be expensive to be effective, which was a pivotal point made during the event.   

Allie Mellen, a senior analyst at Forrester, noted during the event that, “Zero trust goes hand in hand with trust. Because what you can do is make sure that all of your devices are secure and safe. And that even in a potential physical conflict, you must move your entire team out of the country. Suppose they leave a device behind,” she said. “You can manage that risk; you can wipe that device; you can make sure that nobody is going to get access to customer data on that device.” 

Mellen underscored the need for every business to stay agile and adaptive to potential geopolitical risks. 

“This is incredibly important as you think that you might have to move operations at a moment’s notice,” she said.

Securing anywhere-work endpoints 

A session presented by Paddy Harrington, senior analyst at Forrester, highlighted several insights that organizations could use to protect their endpoints. CISOs and their teams need to adopt more effective mobile application management and endpoint management strategies to support how fluid anywhere-work scenarios are becoming. 

Understanding if an endpoint is trusted, tracked and known has a significant impact on revenue. On-premises endpoint protection platforms (EPP) don’t provide the visibility enterprises need to secure and keep endpoint configurations current. That lack of visibility into endpoint health and status drains revenue. 

“The on-premises deployments of endpoint protection showed their flaws, and one of the biggest flaws in this was a loss of visibility of what’s going on at the endpoint,” Harrington said. 

Enterprises moving to web apps combined with record rates of bring your own device(BYOD) adoption made clear that on-premise EPP was not up to the new challenges enterprises are facing. How enterprises can take on these challenges include: 

XDR demand is increasing, as is spending on endpoint security 

Faced with the challenge of securing an increasingly mobile, fluid inventory of endpoints supporting anywhere-work scenarios, CISOs are making endpoint security a high priority in 2023. Just 26% are going to stay at current budget levels for endpoint detection response (EDR) and extended detection response (XDR). Sixty-two percent will increase their spending on EDR and XDR in 2023. 

“Eighty-eight percent of the security leaders we have researched said that they expect to maintain or increase their budgets in security technology by 2022 to 2023. This gives you many opportunities to implement new security strategies to protect these endpoints,” Harrington observed. 

Endpoint platform vendors continue to see growing interest in XDR with their largest enterprise customers. VentureBeat interviewed several CrowdStrike enterprise customers at the company’s Fal.Con event held earlier this year who noted that XDR will help them consolidate their tech stacks in 2023, reducing costs and improving endpoint visibility. 

During his keynote at Fal.Con, CrowdStrike CEO and cofounder George Kurtz said the company “is focused on democratizing extended detection and response (XDR) for all Falcon platform customers.”

Cloud-native endpoint platforms deliver the greatest flexibility 

 The cloud has won the battle for endpoint platforms by providing faster time to value, a shorter runway to get users up and running, more flexibility in defining user experiences, automating patching, strong API support for integration and, with several leading vendors, self-healing. 

“As we’re going to the cloud, we want to look for cloud-native solutions,” Harrington said. “These are providers who built their solutions in the cloud, as opposed to taking an on-premises deployment and reengineering it for that anywhere delivery model. The latest one is not necessarily wrong, but the cloud-native solutions give you the greatest flexibility and the most options.” 

Forrester’s endpoint management report, from earlier this year, explains what CISOs need to look for in planning their endpoint strategies for 2023 and beyond. The research underscores how prevalent cloud platforms are becoming and how critical self-healing endpoints are. Forrester’s Andrew Hewitt says that “self-healing will need to occur at multiple levels,” including: 

• Application
• Operating system (OS)
• Firmware

The report states that self-healing embedded in the firmware will prove the most essential because it will ensure that all the software running on an endpoint, even agents that conduct self-healing at an OS level, can effectively run without disruption. 

Hewitt told VentureBeat that “Firmware-level self-healing helps in several ways. First, it ensures that any corruption in the firmware is healed in and of itself. Secondarily, it also ensures that agents running on the devices heal. For example, suppose you have an endpoint security agent running on an endpoint and it crashes or becomes corrupted somehow. In that case, firmware level self-healing can help to fix it quickly and get it properly functioning again.” 

Leading providers of cloud-based self-healing endpoints include Absolute Software, CrowdStrike, Ivanti, Microsoft, Tanium, VMWare and others. 

Forrester also found that “one global staffing company is already embedding self-healing at the firmware level using Absolute Software’s Application Persistence capability.”  

Firmware-based self-healing endpoints create an undeletable digital tether to every PC-based endpoint.   

Unified endpoint management (UEM) is key to security and asset management

CISOs should also consider how unified endpoint management (UEM) leads to better endpoint security and asset management on the same platform. 

“Unified endpoint management (UEM); sometimes we forget that basic things like policy control and OS control should be considered part of security deployment,” Harrington said. “They shouldn’t just be reserved to its configuration policies. They should be an integrated part of clearing the endpoint.” 

Harrington also noted how essential UEM is for ensuring every mobile device is secured to the application and browser level. Advanced UEM platforms can also provide automated configuration management and ensure compliance with corporate standards to reduce the risk of a breach. In addition, CISOs are exerting pressure on vendors to help consolidate tech stacks. As a result, product strategies and roadmaps from IBM, Ivanti, ManageEngine, Matrix42, Microsoft, VMWare, Blackberry, Citrix and other vendors reflect CISOs’ needs for more consolidated cloud platforms capable of reducing the costs of their tech stacks. 

Remote browser isolation (RBI) provides maximum control with minimum impact 

One of the key points made during the session is how pervasive web applications are across enterprises today. For example, 63% of information workers Forrester recently interviewed say that all their work can be accomplished using a web browser. Another 31% say most of their work can be done in a browser and local apps. 

“What we want to do is look for the use cases that will provide us the maximum amount of control with a minimal impact on the users,” Harrington said. “Some of the ones that do this are utilizing RBI for contract or with third-party actions so that you can do things like watermarking or clipboard control or download control and truly segment this application from the user.”

RBI has proven effective as a solution for organizations that rely on outside contractors and third-party access, who are also pursuing a ZTNA-based approach to protecting browser sessions. IT and security teams are adopting RBI because it doesn’t force an overhaul of tech stacks while still providing a zero-trust security approach to browsing.

Leaders in RBI include Broadcom, Forcepoint, Ericom, Iboss, Lookout, NetSkope, Palo Alto Networks and Zscaler. Of these, Ericom is taking a unique approach to zero-trust RBI by preserving native browser performance and user experience while hardening endpoints from increasingly complex web threats. RBI is used across enterprises to secure Office 365, Salesforce and many other cloud-based app sessions and their data. RBI protects these apps and browser sessions from potentially malicious unmanaged devices, including those used by contractors or partners. Ericom’s solution also secures users and data in virtual meeting environments like Zoom and Microsoft Teams.

What’s working to protect anywhere-work endpoints  

The cloud has won the endpoint platform market and is gaining fast in replacing installed, legacy endpoint protection platforms. That is good news for CISOs under pressure to make budgets go further while consolidating their tech stacks and gaining visibility beyond their endpoints. 

Unfortunately, the typical enterprise struggles to track all endpoints and have a complete view of every asset. Forrester’s session on protecting anywhere-work endpoints provides new insights into how enterprises can improve endpoint security without disrupting employees’ productivity, while helping reduce the costs and tech stack complexities of building toward a zero-trust framework.