One of the most important responsibilities the average IT Manager has is to ensure the security of their environment. In previous installments, we discussed some of the tools available to assist IT professionals in that endeavor. However, no matter how secure you make your environment, it is all for naught if an authorized device becomes compromised. As such, endpoint security and management is a crucial factor that has to be implemented. Many professionals say “We have antivirus software, so I’m protected.” Unfortunately, that is not always the case.
Endpoint Management
What exactly does endpoint management consist of? The first part has already been covered and is pretty straightforward: antivirus software. Given the current state of cyber security, it is paramount that each of your endpoints has an antivirus installed. The next two parts of endpoint management are a little more complicated, not so much in concept, but rather in implementation.
Patch Management
Vulnerabilities are found on a daily basis. In fact, there have been so many that the news is rampant with reports of exploits carried out by malicious parties that put all of our information at risk. The most recent attacks with significant repercussions have come from Quora and Marriott. In order to prevent our organizations from becoming the subject of the next data breach news headline, we must ensure that endpoint patching is treated as a first-class citizen within our environments.
What exactly is a ‘patch’ and what does ‘patching’ consist of? A patch is a software update comprised of code that is inserted into a program’s existing code. In this context, we’re referring to our operating systems. Generally, this new code resolves reported bugs. More importantly, however, then new code closes up any vulnerabilities that are present within the existing code. The process of “patching” consists of applying these patches to your endpoints and is exponentially harder to keep up with the more endpoints you have.
Imagine manually patching 10 machines. Doable, but annoying and time-consuming. Now imagine you have 100 machines to manually patch. This effort is now a full-time job which, let’s be honest, no one wants to do. Finally, imagine manually patching 1000 machines. You can begin to see how daunting this task becomes and why so many people and organizations fall into the trap of letting machines go unpatched.
Configuration Management
Configuration management is the other key part of endpoint management. Some vulnerabilities are hard to account for because they originate from the users themselves. These types of vulnerabilities typically include things like easily guessed passwords, unlocked computer screens, and the ability to copy secure data to external devices. Most operating systems have settings that can be enabled to help account for these types of vulnerabilities. The challenge is applying these settings across all of the endpoints in your environment. As with patch management, the more machines you have in your environment, the harder it becomes to manage.
Another part of configuration management involves the ability to deploy software to your endpoints. Let’s say your organization just purchased brand new productivity software, such as SnagIt. This is software that has the potential to increase the efficiency of your employees. Naturally, you want to make sure it’s installed on all of your endpoints. As you can probably guess, the larger your environment, the less feasible it is to accomplish this by doing manual installations.
Can Automox Help?
Now that we know what the challenges are, what can we do to mitigate them? Well, that’s why Automox exists. Automox has a variety of features that help to simplify the administrative tasks needed to keep your endpoints secure. Better yet, we support the three major operating system families (Windows, Linux, and Mac) and require no on-premises infrastructure. Deployment can be done in minutes with the added benefit of a clean and intuitive user interface.
Patch Policies
Patch policies enable administrators to define how they want their endpoints to be patched. Available configurations within Automox include, but are not limited to:
- Scheduling
- Blacklisting/whitelisting specific patches
- Automatic reboots
- Manual approval of patches
Required Software Policies
Required software policies are used to install third party applications across your endpoints. MSI, DEB, and RPM installations are made easy through the auto-population of the required information needed for deployment to your organization. As an added bonus, administrators can add code, either Bash or PowerShell, to facilitate pre or post configuration requirements. For all other installations (EXE, DMG, etc.) this same feature can be used to provide custom installation scripts.
Custom Policies
The ability to create custom policies in Automox was added as a way to address all the other needs an administrator may have. With custom policies, administrators have the ability to define evaluation and remediation scripts. Depending on the return of the evaluation script, 0 for compliant and 1 for non-compliant, the remediation script may run to execute any necessary actions to return the endpoint in question to a compliant state. These policies can be used to accomplish a variety of configuration tasks to help address the vulnerabilities that originate from end users.
Device Management
Device management is made simple in the Automox console. Devices can be organized into Groups which can then be associated with specific policies. This allows administrators to manage different sets of machines as needed based on underlying requirements. Within the groups themselves there are also a set of configurations that can be used to modify patch management settings on each associated endpoint. Specifically, vendor auto updates, and for Windows, the use of a WSUS server.
Console
The Automox console is by far our biggest selling point. The majority of my previous experience in endpoint management has been with SCCM and I can attest to the fact that most administrators take somewhere around one year, if not longer, to become truly proficient within the system. What took me years to master with SCCM, I was able to learn with Automox in a matter of weeks. The console is extremely intuitive and allows administrators to see the status of their endpoints at a glance. On-boarding of new administrators is painless, and access can even be restricted with role-based access controls.
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.