IT Hygiene: Why It’s Time for More Endpoint Visibility, Not More Tools

11.30.2020 | Chris Hodson, Chief Information Security Officer, IT Security, Tanium

Chief information security officers could be forgiven for being somewhat distracted this year. The global financial and healthcare crisis forced most organizations to re-prioritize and throw everything at maintaining business operations. Some projects had to be shelved as resources tightened and supporting a fully remote workforce took precedence. The good news is that, by and large, we’ve weathered the early storm. It’s now time to think about what happens next.

In all cases, agility, resilience and efficiency will be paramount for organizations to survive and thrive. And IT hygiene will play a major role in helping businesses achieve these necessary capabilities. IT operations, security and risk management must be built around IT hygiene: the continuous identification and remediation of cyber-risk in the enterprise. Only by being secure from key threats can any business truly be prepared for this new era. Certainly, this brings even greater importance to National Computer Security Day.

Time for IT hygiene

The pandemic has given newfound significance to the term “hygiene.” And for IT, security and compliance teams, COVID-19 has made IT hygiene critically important for today’s highly distributed networks of remote employees and Zoom meetings. 

IT hygiene focuses on achieving comprehensive visibility of all networked devices and endpoints, to ensure their operating systems and applications are fully updated and patched so that they are protected and running at their best.

It could be anything from finding and fixing a zero-day vulnerability across the entire IT network to correcting a configuration error in a key cloud system. By focusing on IT hygiene, chief information security officers (CISOs) can prevent the breaches and disruptions that blight many organizations today.

However, over recent years, most IT environments have grown in size and complexity. Networks have expanded across continents, hybrid and multi-cloud environments are the norm, and endpoints could be anything from servers and laptops to virtual machines and containers. The pandemic has only amplified the trend, leading to an explosion of remote devices, many of which likely are unmanaged personal devices.

Unfortunately, complexity is often the enemy of good IT hygiene, making it difficult to keep track of all endpoints across sprawling distributed networks. 

In the early days of COVID lockdown, identifying remote endpoints became the number one concern for CXOs interviewed by Tanium. And over two-fifths (43 percent) of IT operations leaders said they had problems patching employees’ personal devices.

Too many tools. Not enough insight.

The crisis created other challenges to IT hygiene, most notably VPN failures, which caused security bottlenecks and patch deployment issues. This provided ripe opportunities for cyber-criminals. In fact, 90 percent of those executives we polled said they’d seen an uptick in attacks since the start of the pandemic.

Compounding these issues for CISOs is the fact that many have invested heavily over the years in endpoint security and management tools. A separate Tanium study reveals that organizations have an average of 42 security, compliance and endpoint management tools. These loosely coupled point solutions come with their own set of processes and people employed to look after them—creating extra cost and complexity, and worsening organizational siloes. The end result? It takes too long to find a threat, remediate it, and ensure no other systems are vulnerable.

Your IT hygiene checklist

Even before the pandemic, visibility gaps were endemic in large organizations. In our Tanium research, we found that 70 percent of CIOs discover new digital assets on a daily or weekly basis. Today the problem is worse than ever. 

IT hygiene can help address these challenges by driving a continuous cycle of broad visibility (via asset discovery and management, vulnerability scanning and configuration management) and precise control (with patch management and software deployment tools). 

To get started, you’ll need to take action in the following areas:

Inventory: An accurate, up-to-date and contextual inventory of your organization’s entire endpoint estate—anything with a chip in it should be recorded.

Patching: This should be supported by a robust risk management model, to ensure patches are prioritized according to which vulnerabilities and affected endpoints may have the greatest business impact. Business disruption caused by updates is a serious issue, but CISOs should never patch based on what is easiest.

Passwords: Use of password managers to create strong, long and unique credentials should be table stakes today. But multi-factor authentication (MFA) increasingly represents best practice in this space, mitigating the risk of phishing and brute force attacks. That’s especially true of the growing number of remote desktop protocol (RDP) endpoints being targeted with increasing frequency during the pandemic.

Teamwork: The proliferation of point products in the enterprise has ossified organizational silos, especially between IT, risk and security teams, and created dangerous visibility gaps and cumbersome, slow processes. 

The answer is to choose a single platform that synchronizes endpoint telemetry across the entire organization. With a single source of truth to provide a common view, disparate teams can unite to dramatically improve IT hygiene for their organizations. 

Risk management buy-in: CEOs must have full confidence that their company’s assets are being managed effectively from a risk perspective. But where to begin when most C-suite executives want an easy-to-understand, enterprise-wide dashboard? A CISO will need cross-functional support from any team that stores or processes sensitive data and/or critical systems.

Start with these questions

1) Are we more secure than our peers? Would we be vulnerable to X? It’s impossible to answer a question like “are we secure?” but this is the next best thing.

2) Who wants to attack us, steal our data or disrupt our services? The board wants an appraisal of the threat landscape. 

3) Where do our sensitive assets reside? Can attackers obtain a foothold on your endpoints? 

4) Where do we have security vulnerabilities? Do you have access to the holistic endpoint coverage and high-fidelity telemetry that can answer this question? 

5) How much time or money does it cost to fix these vulnerabilities? A common misconception is that security applications can be run for a few years and then the ‘problem’ will be fixed. Part of the battle as a CISO will always be to educate about the continuous, ongoing nature of security, compliance and endpoint management.

While we still face many unknowns, IT hygiene will help businesses be better prepared for whatever comes next. Importantly, IT hygiene provides an enormous return on investment through risk mitigation, reduction of operational threats, and lower compliance exposure, not to mention major efficiency improvements for IT, security and risk teams. 

Start now and start right as we exit the global crisis and you prepare your organization for whatever comes next.

To learn more about how Tanium can help your organization bring greater visibility and control to its devices and endpoints, please contact us today.