Even before the drastic changes brought on by COVID-19, the expansion of the traditional perimeter to the user's point of access was well underway. With more devices and more ways to collaborate, the attack surface for a typical user has continued to expand. The expanded use of Cloud services and BYOD has created a scenario where the new network battleground is the point of access for your users. While this isn’t a new scenario, the adage “the endpoint is dead, long live the endpoint” has never been more applicable. The expansion of access to sensitive data and the day-to-day tools used by users to do their work requires that we reevaluate the way in which we protect those users at their point of access. However we choose to define this, their endpoint plays a key role in this protection.
As the world begins its recovery from this global pandemic, the disruption experienced by users in their day-to-day work has been palpable. The further acceleration we have witnessed in the need for remote access, remote collaboration, and remote security has created in incredible opportunity for cyber criminals to reach into organizations and disrupt and compromise the working lives of this rapidly expanded remote workforce. These changes have accelerated the need for MSSPs to evaluate, or re-evaluate, the way they provide security to these remote workers. Ensuring they can deal with the new normal that will come out of this crisis will be key to their future success, as well as the success of those companies that rely on them daily to provide the services that keep them safe.
With the point of access in mind, MSSPs have an opportunity now to evaluate how and what they are doing to protect these users. When doing this evaluation here are three items that can help steer you towards the security solution that best meets the needs of your customers, all while simplifying your day-to-day operations at the endpoint:
- Centralize management of all endpoints – It is critical that you can centrally manage not just individual customer accounts but also begin to standardize your security policies across your entire managed deployment, if you haven’t already. As part of this, make sure your solutions are able to create shared configurations to facilitate quick deployments and policy changes to all users. These central policies should cover the baseline protections needed for potential threats with basic antivirus, and endpoint detection and response capabilities, ensuring user identities with strong authentication policies, and potentially vulnerability patching.
- Automate your response to threats – Seeing threats is not enough, and manual intervention can only get you so far. Make sure that your endpoint security solutions are automating your response to emerging threats whenever possible. Taking action to delete or quarantine threats, isolating endpoints that are impacted, and ensuring that users can also be isolated and segregated when they are presenting anomalous behavior will be critical to long-term success. This automation should consider multiple variables and solutions whenever possible as it is incredibly helpful for incident tracking and tracing in any postmortems or troubleshooting that needs to happen.
- Unify your reporting – Using a central reporting tool to monitor and manage all your endpoint activity will provide an immeasurable amount of value to your team as they identify and respond to threats throughout your deployed user spaces. This unification of data should allow you to see not just all your data from independent security solutions, but should strive to include all of the data that may relate to a particular pivot point in the data. In any situation where you are investigating a threat it is incredibly valuable to change the angle from which you are viewing the data and this changed view should include data from users, devices, and any specific actions you are interested in.
- Bonus: Protect the data! – No post would be complete without discussing the key to what your users are trying to get to – their data! Ensuring that you can discover, classify, and protect the data living on user devices as well as in their Cloud services will be critical to the long-term success of user security.
As the way users access their data, and our understanding of the perimeter and the endpoint have evolved, it is a critical moment in protecting user point of access. These endpoints are multiplying rapidly and the need to protect both the devices themselves and the users that are connecting through them is key to the long-term success of any MSSP business. Ensuring that you can centralize management, automate response, unify reporting, and discover and protect data will play a critical role in the protection of your users and the success of both your, and your customers’, business. Now is a great time to evaluate your security stack and ensure that you are able to provide the critical protection your users need.