Visibility Gaps Leave Even the Best-Configured Networks Open to Endpoint Attacks

When it comes to assembling an accurate picture of what’s happening in their environment, security practitioners are in a daily race against time to take action as quickly as possible.

While retaining persistent policy-based management is still important, successful defenses nowadays need to gather up additional information as needed from their endpoints in seconds. It just won’t do any more in many cases to wait hours, days - or longer - to find out which machines might be at risk for a vulnerability by missing patches or a specific configuration.

Not only are attacks increasing in intensity but they’re more and more targeted -  which puts a premium on reducing latency in data collection so that organizations can respond appropriately. In my experience, however, we often see customer environments that take as long as three to four weeks to get new patches rolled out, and in some cases endpoints that are not VPN or LAN connected are missed.

Any delay creates needless risk and this process can be streamlined, automated and done in a compressed timeframe. In today’s security landscape, organizations face a constant stream of new threats with the potential to inflict incalculable damage - as demonstrated by the WannaCry attack in 2017. Although the patch for WannaCry was already available months in advance of the attack, the ransomware attack wreaked havoc globally because so many organizations around the world had failed to upload the patch issued by Microsoft. The upshot: Billions of dollars in subsequent damages and reputation.

All the more reason why IT operations needs access to this kind of real-time intelligence in addition to the information in their CMDB in order to respond in a timely fashion to these anomalies. WannaCry is a great example since it was very targeted and needed to be dealt with right away. There was no time to wait for the system to report back in a day or two later and then wait for the patch cycle to occur.  

This task is only getting more complex as organizations find themselves managing completely heterogeneous environments where employees work with any number of different types of devices, including Windows, Mac, and mobile, while accessing myriad cloud applications in the course of doing their jobs.

For the people who are responsible for configuration management and IT operations, this adds obstacles in the way of getting a clear view of what devices are running which versions of what OS and Software. More than ever, they need to make sure that their systems are running up-to-date patches and that all of the company’s endpoints are protected with the latest and greatest.

Enhancements to ITMS

This is where the new version of Symantec’s IT Management Suite (ITMS) will make a major difference. With this latest release, we’re rolling out several enhancements that will help make IT’s task of managing and thus securing their endpoints easier and more efficient. Here’s a look at some what’s new:

• Customers can now collect data on-demand and in real-time. The upshot is more flexibility and greater visibility for administrators as they manage their IT environments.
•  ITMS’ integration with Symantec Endpoint Protection helps block and quarantine any endpoints failing to pass compliance scans, a weapon that organizations can deploy to protect themselves against attacks from ransomware and other dangerous threats.
• Scan endpoints based on vulnerabilities and then automatically deliver patches to endpoints for automated remediation.
• Symantec is providing updated and modernized UI workspaces. The streamlined look is easier to use from any browser and doesn’t require technicians to undergo special training to carry out daily tasks and utilize the power of ITMS.

Helping the Move to Consolidation

The design work that went into our updated version of ITMS also addresses another increasingly familiar pain point: Most customers nowadays tend to use several different cyber security vendors. That’s both expensive and increasingly unwieldy.

Having to go to three or four different tools makes security more challenging than it needs to be. This is an additional area where we can help by bringing these features together in a consolidated package that integrates with Symantec Endpoint Protection and Control Compliance Suites. That reflects our overarching philosophy, which is to provide best-in-breed remediation abilities as part of an integrated cyber-defense posture.

In practice, our Integrated Cyber Defense Management Platform means faster pre-detection, remediation, detection mitigation and response for any issues that occur. Importantly, customers can now acquire these important use cases in a consolidated platform. It’s a significant step towards toward helping them manage the security of increasingly heterogeneous endpoint environments.

We think it’s a big deal. Here’s where you can find out more about ITMS 8.5.:

• Symantec IT Management Suite
• Data Sheet
• Release Notes
• Product Documentation