What Is Converged Endpoint Management?
The old tool-centric take on cybersecurity has become a liability. Enterprises must view tools and data through a single pane of glass. Here’s how.
Converged endpoint management (XEM) refers to the convergence of IT management and security operations within a single integrated platform to better control complex IT and security environments. With a unified set of controls and a common taxonomy, siloed teams from across an organization can come together and align for the shared purpose of protecting critical business infrastructure and assets..
Large organizations have millions of globally distributed, heterogeneous assets they need to see and control in real time. These are typically managed with a tool-centric approach that applies a diversity of point solutions across the IT environment. However, this multiplicity of tools hampers visibility and control, often leaving endpoints vulnerable.
Consider these numbers: Ninety-four percent of today’s enterprises say that 20% or more of their endpoints are unprotected, and even with the adoption of point solutions across an IT ecosystem, ransomware attacks occur every 11 minutes.
That clock is ticking—and getting faster with every year. But this doesn’t mean enterprise leaders have no options. Far from it.
Converged endpoint management (XEM) addresses these challenges by bringing tools and data together in a unified solution to maximize visibility, control, and trust. Organizations can interact with all their endpoints in seconds, regardless of the scale and complexity of
their IT environment, using accurate real-time data to support end-to-end automation.
What is an endpoint?
An endpoint is any remote device that connects to and communicates with a computer network. While the term broadly applies to any network-connected hardware device, including modems, hubs, and switches, it more commonly refers to any device outside the corporate firewall. That includes desktop and laptop computers, smartphones, tablets, printers, and Internet of Things (IoT) devices. These types of devices are said to be on the “edge” of the network, allowing individuals to connect to them from off-premises locations.
While endpoint devices bring a host of benefits for business and employee productivity, they often represent security vulnerabilities, providing an easy point of entry for cybercriminals. Once an attacker gains entry through an endpoint, they can steal valuable assets on the endpoint device itself or use it to move through the organization’s network and conduct malicious activity. Cybercriminals can also take control of the endpoint to disrupt business activity through a denial-of-service (DoS) attack.
Because of this risk, endpoint management is a critical part of an organization’s cybersecurity practice. Businesses implement a variety of tools and processes to help prevent, detect, and remediate cyberattacks on every endpoint device connected to their network.
Why is endpoint security a problem?
A confluence of factors has made effective endpoint security a significant challenge for most organizations. These include:
- Increasing number of endpoints. Years of bring-your-own-device policies coupled with the pandemic-spurred shift to a remote workforce have tasked IT teams with managing more devices than ever before. This has expanded the attack surface for organizations and made it nearly impossible for security teams to maintain an accurate risk assessment. The explosion in the number and type of endpoints has coincided with a rise in increasingly aggressive and sophisticated attacks (phishing and ransomware, compromised business email accounts, etc.), further complicating endpoint security strategies.
- Evolving types of endpoints. Mainstream businesses are adopting IoT at a steady clip. The global number of IoT-connected devices is expected to grow to 43 billion by 2023, a threefold increase over just five years. Traditionally connected IT device growth is comparatively modest at 2% per year, but device integration is becoming critical considering the more than 5 billion smartphones, 2 billion personal computers, and
1 billion tablets that exist globally.
- Tool sprawl. IT teams regularly acquire new tools to deal with growing IT complexity, with multiple teams each owning their own toolsets. Tanium’s Visibility Gap Study in 2020 revealed that the average business uses approximately 43 IT operations and security tools. However, that figure can range from dozens to hundreds depending on the size of the organization. This tool sprawl hinders employee productivity, requiring excessive time to switch between tools and making it more difficult to find and keep track of information. Employees typically spend an hour of each workday searching through different tools just for the information needed to do their jobs.
- Poor tool integration. Tool sprawl is exacerbated by poor integration between tools across teams. The top challenge faced by security operations centers (SOCs), according to a 2018 study, is that “too many tools are not integrated,” as well as a lack of skilled staff and the need for automation and orchestration. A separate study conducted by Fidelis found that integration across endpoints, servers, and networks remains a significant challenge for SOCs.
- Rapidly changing IT environments. The modernization of IT environments through cloud solutions, mobile devices, and other technological evolutions, coupled with changes like the rise of hybrid work, have made it more difficult for teams to monitor IT performance and find and resolve problems quickly. According to a 2021 survey of more than 500 IT professionals, 55% of respondents cited the move to remote work as the primary driver of complexity.
What’s the best way to secure endpoints?
Endpoints are protected by deploying specialized software to all the desktops, laptops, mobile devices, and other endpoints within a network. This software simplifies or automates endpoint management tasks such as software and operating system deployments, vulnerability scanning and patching, and configuration of managed devices to ease the burden on IT teams.
Different teams typically rely on different endpoint management tools to do their jobs. Operations teams may use one tool to help configure mobile devices for employees, for example, and security may use another endpoint management tool to secure them and prevent breaches.
Employees typically spend an hour of each workday searching through different tools just for the information needed to do their jobs.
This approach often leads to a proliferation of heterogeneous tools that increases endpoint management complexity. A single endpoint device may have a dozen different endpoint security agents installed on it, each capturing different data for different software interfaces. The result is often a patchwork of point solutions deployed across IT operations, security, risk, and compliance groups, that silo crucial data, strain resources, and make it harder to effectively manage and secure the organization’s endpoints.
XEM solves this problem by uniting tools and data into one unified solution. A converged solution acts as the backbone for all crucial interactions among data, tools, and teams, so IT domains can align their efforts to protect the organization against attacks.
What is visibility in an endpoint management platform?
Visibility in endpoint management is the knowledge of what types of endpoints are connecting to your network, where they are physically located, and how they are behaving. Telemetry data is collected from all endpoints to enable observation of the current state of each endpoint and provide insights into its behavior.
Endpoint visibility is critical for securing access points to an organization’s network. Comprehensive visibility, however, has become increasingly difficult as corporate networks have become accessible to myriad devices and users, and as IT teams have employed a multitude of isolated endpoint management tools.
Why is scalability an issue with endpoint management tools?
Scalability is an issue with endpoint management because of its tool-centric approach. Each time an endpoint is added to the network, endpoint management software agents must be deployed to the device. Over time, this leads to a cacophony of point solutions in which tools may not integrate with one another and may even cause conflicts. As the number of endpoint management solutions grows, endpoint visibility and control decrease, potentially leaving endpoints unprotected or otherwise vulnerable to attack.
Why is siloed data an issue with endpoint management tools?
Siloed data hinders the organization’s ability to build cohesive end-to-end processes. Competing data from different endpoint management solutions creates disputes among teams and inhibits confidence in potential courses of action. Teams must be able to automate security and compliance processes to safeguard the organization, and silos create a hurdle to the partnership needed among IT domains to do so.
[Read also: Develop a cybersecurity action plan—focusing on visibility and breaking down silos]
Interoperability is the key to eliminating data silos. By centralizing operations, organizations can improve coordination among teams and streamline workflows. Unified platforms that facilitate the flow of information from one team to another can surface critical data faster from more sources than conventional endpoint management solutions, allowing teams to respond to and resolve issues more quickly. Tool consolidation means that unnecessary steps—switching between apps, lost productivity, and conflicting data—are things of the past.
How does converged endpoint management (XEM) differ from traditional endpoint management solutions?
XEM differs from traditional endpoint management solutions primarily in its unified approach. Rather than deploying piecemeal point solutions, as is the strategy of traditional endpoint management solutions, it unites endpoint tools and data and makes them viewable through a single pane of glass. This gives IT teams greater visibility into and control over their endpoints and enables them to make faster, more informed decisions.
What are the advantages of XEM?
Converged endpoint management offers several advantages over traditional endpoint management approaches. At its core, it flips the endpoint management paradigm. Traditional endpoint management approaches are based on applying tools to the endpoint from limited vantage points. XEM puts the focus on the endpoint device itself. It considers everything the endpoint device needs during its lifecycle. This fosters a big-picture mindset that outlines roadmaps addressing the different needs of the endpoint from operational, compliance, and protection points of view.
Another benefit of XEM is that converged platforms unify tools and data in a single solution. Teams can view all the data coming in from all endpoints in one place, including:
- Risk and compliance management. Teams can monitor file and registry changes and ensure compliance with privacy regulations and practices. They can scan the network for unmanaged assets, find compliance gaps, and assess computers against industry benchmarks.
- Client management. Converged platforms enable teams to patch deliveries consistently and quickly. All systems can be kept running and up-to-date with automated patching and minimal downtime. Critical configurations are simplified, centralized, and easier to enforce.
- Threat hunting. Converged platforms assist in this proactive approach to cybersecurity, in which threat hunters go sleuthing through systems looking for forensic evidence of compromise, identifying risks, and rooting out attackers before they can do damage. The platforms alert teams to suspicious behavior
and can restore endpoints to a steady state. They identify high-risk accounts and systems, find and fix vulnerabilities at scale, and perform automated remediation through prioritized actions on endpoints.
- Asset discovery and inventory. Converged platforms make it easier to get a complete inventory of hardware and software assets. They allow teams to identify all machines on a network, including their current software and how it’s being used.
- Sensitive data monitoring. Converged platforms track and manage sensitive data to help protect it from attackers. Teams can quickly search for sensitive data and identify its location to take quick action. They can also uncover unauthorized changes of events in file paths, check for data exposure and potential risk, and index file systems.
- Service management. Converged platforms enable IT teams to support employees and resolve help-desk tickets. Teams can create a streamlined, help-desk workflow using accurate, real-time data.
Because converged platforms were developed in response to the current endpoint explosion, they can see and control the most common types of endpoints whether they are on-premises or in
By solving the organization’s technology problem, XEM also enables companies to address organizational issues. In the past, broken tools and siloed teams limited accountability. The unifying approach of XEM makes that a thing of the past by enabling better inter-team communication, providing complete visibility and control over the organization’s assets, and engendering trust in decision-making around those assets. As a result, teams will make better-informed decisions more quickly.
[Read also: The growing need to unify IT and security]
Finally, XEM platforms make everyone’s job easier. CIOs can ensure their endpoints are patched for the latest vulnerabilities and configured appropriately. CISOs can use converged platforms as their last line of defense against breaches. Infrastructure teams scope cloud migrations in weeks instead of months or years. Procurement teams can validate that they aren’t paying for more software than they are using. Auditors can assess how well companies comply with regulatory and compliance frameworks,
and data custodians can more easily find and remove sensitive
data at scale.
What specific technologies are converging in XEM?
Converged endpoint management integrates three proprietary capabilities:
- Linear chain architecture. This enables the rapid collection and distribution of data. Real-time data is constantly transmitted back from the endpoint with zero intermediate infrastructure, within seconds. Faster and more scalable than the traditional hub-and-spoke model that enterprises previously relied on, XEM can allow a customer to manage 350,000 endpoints with only three to five servers instead of the more than three dozen servers they would need with competitor products.
- Extensible data model. An extensible data model collects new, ad-hoc data from endpoints. It’s not possible to simply stream and write analytics on certain sources of data. The only way to collect massive amounts of data in real time is through an endpoint-centric view. Instead of centralizing data to make decisions, XEM enables decision-making where data is generated—at the endpoint itself. A converged platform can collect this data across the enterprise through real-time information coming back from each endpoint.
- Lightweight agent. Converged platform agents consume minimal endpoint resources and bandwidth, allowing them to operate with limited system impact. Unlike traditional endpoint management solutions, converged platforms won’t bog down the network.
What types of security issues does converged endpoint management (XEM) address?
XEM addresses a host of security vulnerabilities that could potentially lead to devastating ransomware, DDoS, or other cyberattacks. That’s critical because businesses suffered 50% more cyberattack attempts per week in 2021 compared to 2020. Those attempts reached an all-time high in the fourth quarter of 2021, largely because of the Log4j vulnerability, which has been called a “symptom of a larger sickness in the security of the software supply chain.”
Log4j is a critical vulnerability in a popular online software logging tool. The flaw, which is known as Log4Shell, allows hackers to get into computer systems and servers without a password. It came to light when hackers exploited it to gain access to servers that host the popular game Minecraft.
The vulnerability became an immediate global threat because it exists in an open-source Java library that is incorporated in many enterprise applications, open-source software, and other services. That prevalence made the vulnerability extremely difficult to identify and remediate. Within hours of its being revealed, hackers were using it to target several U.S. state governments.
[Read also: CISA—Federal agencies must urgently patch Log4j vulnerability]
XEM also helps facilitate threat hunting, a cybersecurity technique that’s become more critical in the age of cyberwarfare. It has reached critical importance since the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued guidance to companies and organizations to shore up their defenses against potential Russian cyberattacks on critical infrastructure and financial institutions in the wake of the Russia-Ukraine war. XEM helps facilitate threat hunting by alerting teams to suspicious behavior, identifying high-risk accounts and systems, finding and resolving vulnerabilities at scale, and performing automated remediation
- How to mature endpoint and visibility management for public sector agencies
- 2022 endpoint security visibility report
- The crisis of visibility—Do IT security teams really understand what’s happening on their network?
- Security and risk management in the wake of the Log4j vulnerability
- Building the foundation of a mature threat hunting program