One of the weakest links in most company’s security process is the timely patching of software on employees’ computers. While the rigor around timely patching is critical, it’s often complicated by a number of things; multiple operating systems, geographically dispersed workforces, and the time and resources needed to manually keep track of each endpoint’s software.
One approach to guarding access from potentially malicious software and patches is to deny a predetermined set of software. Denying unwanted software is the tactic of identifying entities or applications that are known to put devices at a higher risk of security breach and blocking those applications from being installed or updated. These include obvious things like viruses, spyware and other malware. The strategy is to block any application that is unwanted and allow everything else.
As employees increasingly use additional devices like mobile phones and tablets for both work and personal, endpoint protection extends beyond workstations and servers. The benefit of this approach is it’s easy to manage and allows a broad range of other software to be installed depending on each employee’s business need. The drawback to denying unwanted software is the effort required to maintain an up-to-date list of malware programs. In 2017, there were 959 new specimens of malware identified per hour, or 16 per minute.
The opposite approach is to identify a list of allowable applications and deny access to any application, user, IP address, email, service, or program that isn’t on an approved list. Administrators take into consideration each user’s role, business processes, and privileges, build an approved list, and deem everything else to be bad. Approved lists are considered to be more secure, more accurate, and easier to customize. While relying on pre-approved applications lists creates a simple and distinct perimeter that protects a network, it’s a massive undertaking to manage considering many users’ need for specialized software required for their job function.
As a cloud native endpoint protection solution, Automox supports your security procedures by allowing you to enforce required software and removing unwanted software that is downloaded without your permission or knowledge. Once you have deployed the lightweight agent across your infrastructure, you immediately have full visibility of the hardware and software configuration of every endpoint. Once a policy is active, each time it runs, it corrects any changes that have been made since the last time it ran. If a user deleted a piece of software from their device, it will be reinstalled. Or if someone downloaded software that is unwanted, it can be removed.
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
