In our Video Byte format, we ask experts to explain one topic of cybersecurity in short and precise words. And while that has been received very well both by the experts as well as our audience, these short videos are usually not everything there is to the conversation with our experts.
One example was our last Video Byte with Zac Warren from Tanium, where he explained what modern endpoint management really means. The discussion continued afterwards, and one topic we spoke about was how a good visibility of your environment can make your security measures a lot easier. Here’s what Zac said on visibility.
Cyber Protection Magazine: These days, endpoints can also mean IoT devices. Those are firstly very often insecure. Secondly, they don’t really have the storage or processing capabilities to actually run full endpoint management software. So how do you circumvent that restriction?
Zach Warren: First of all, Tanium is has been developed to be an endpoint management and security platform. So we have five different solution areas that we focus on. The very first solution area that we focus on is asset discovery and inventory, meaning we give our customers that understanding of their own environment. Many organizations today suffer from shadow IT, i.e. people utilizing things in the cloud that they haven’t really told anybody about. Or if it’s a known device like a laptop or workstation that has been misconfigured and fallen out of compliance, that becomes shadow IT as well. The IT department is no longer able to see that device. So first of all we go through the company network with our light agent, which is it is non blocking, and go and find all of these devices that are in shadow IT and even find things that we don’t want in our environments. One example I experienced myself was that we found Xboxes in an organization, which we got rid of.
So that’s the first thing, asset discovery inventory. And then on top of that, we have the visibility about anything you can do on an endpoint, which helps in monitoring sensitive data. We can also support and check the compliance of an endpoint. If it’s not compliant, we can push any type of patches or any type of updates out to each of those devices. And just that visibility gives you a high level of security already.
Easy Security and Compliance
And with all your endpoints patched, your known vulnerabilities are much lower. In addition, you have vulnerability management, so again, your vulnerabilities are much, much lower. Which also improves your compliance, so your auditing becomes a lot easier. Hence, visibility across all of your devices already gives you a good security posture.
Now when it comes to IoT, we have this dream where Tanium can be put on anything that has a chip, which is where we are heading. We’re trying to get further and further out into the perimeter. So as OT becomes a target when it comes to critical infrastructure, we’re trying to push into OT through different partnerships that we have to make sure that we get the same visibility of an OT environment that we are doing today in a regular IT environment. But, again, that is a future state, something we have on the roadmap.
But back to visibility and how it improves security: If we give organizsations that visibility, if we start to showcase what they’re reliant upon, what is critical for their organization to survive, then we can start working with them and say where they need to have an extra layer of security. There’s a lot of different things that we help organizations understand that they just don’t have visibility to today. Just think about it in your own house. If you have all your doors and windows open at night, but you have no lights on in your in your house, people can come and go and take what they want and steal from you all they want. But if you do your patching, if you do your basic security hygiene and close all your doors and windows and if on top of that you have the visibility, i.e. turning your lights on in your house, then you can see potential intruders moving about if they are in your house and you can keep them from taking your things.
Security is IT well done
I always say good cybersecurity is hygiene done well or IT ops done well because that makes IT security easy.
One last thought here is the idea is to tear down silos. You’re either in IT or you’re in IT security. Unfortunately, there’s not a whole lot of communication or not enough communication happening between these two branches of an organization. Try to break down those silos. Try to get all these different teams to work from the same set of real time data directly from the endpoint, so that there’s few arguments around what should be done in an environment, and we can also help each other. That’s the core message and the core thing that security should be focused on.