One of the largest cybersecurity fears for an organisation is not knowing there’s been a breach. In many cases, it’s commonplace for incidents to go unnoticed for months, if not years. Unfortunately, there’s no 100% foolproof method of preventing attacks.

This lack of visibility leaves organisations in a vulnerable state, preventing growth and transformation.

To strategically direct the limited resources organisations have to better protect the business and its IP, it’s imperative to know how breaches occur. With that knowledge, finite resources can be better allocated, and fewer incidents will pass under the radar.

The most frequent path taken by hackers is not the perimeter, compromised cloud resources, nor malicious activity by disgruntled employees. Instead, it is through compromised individual endpoints. Endpoint protection is, therefore, the foundation of a proactive cybersecurity posture.

Unfortunately, that’s where the chain of logic breaks against hard reality. Most organisations don’t have full visibility into their endpoint assets: in fact, most are not fully aware of the number of endpoints operating in their organisation at any one time.

Without full visibility, organisations cannot achieve a 100% security patch rate. Similarly, if security and IT asset audits are conducted quarterly, then the daily or hourly endpoint presence on the enterprise network is essentially unknown. The devices in the dark are the ones posing the greatest threat to both cyber security and effective digital transformation.

Armando Dacal – VP for South Asia region. Source Tanium

We spoke recently to Armando Dacal, VP for the South Asia region at Tanium, the endpoint security specialists. Tanium’s solutions are currently deployed by nearly half of the Fortune 100 companies. They first considered the issue of discovering endpoints, and why a sizeable chunk of enterprise assets don’t show up on the radar. Armando told us:

“Tanium was designed to operate effectively in dynamic, distributed environments. On first installation, Tanium typically finds 10–20% more endpoints than organisations knew existed in their environment.

“There could be a machine that has been retired, or a BYOD device that’s not recorded, or a server that hasn’t been managed well. Most organisations have around 80% visibility; then it’s the last 20% that becomes really difficult.”

Recent history, of course, indicates things haven’t improved in this respect. According to Armando, “That was before COVID hit and employees started working remotely. The issue was amplified because of device proliferation. It might sound basic, but if you’re not doing the basics, you can’t do the more advanced work.”

The necessary auditing process that Tanium undertakes isn’t necessarily simple, although the difficulty often has little to do with technology: “It has to do with the way that organisations are designed in silos,” he told us.

Once the initial data has been identified and gathered, it must be categorised and prioritised. Tanium helps break down silos by giving complete endpoint visibility to an organisation, allowing all tools and other tech to be visible too.

We asked if the traditional networking approach of segmentation might be effective for endpoints, or if something else might get better results?

Armando noted that many organisations implement a role-based approach, where they apply certain policies to specific devices, owing to individual needs.

When an organisation wishes to subdivide its policies, it needs real-time visibility into the environment, down to the single node. Of course, there are multiple other “wins” for the business from that point on — outside pure cybersecurity. There are governance implications, and statutory compliance processes get easier, as does visibility into future procurement plans.

The Tanium solution lets any function in the business be assigned an individual risk profile, with actionable policies to match. If — and when — breaches occur, instead of a delayed response comprising days, or even months, the real-time nature of Tanium means action can be taken instantly. Incidents can be scoped quickly and stopped (isolated) before the situation gets out of control.

To achieve the necessary level of granularity, agents at every endpoint can kill live processes in the event of a suspect incident and apply patches as part of ongoing oversight and maintenance. The same agents can also report on overall performance. That metric can be used in many ways: extending the ability of other point products in the security stack, or adding rich data into other products, like Salesforce, SAP, or NetSuite, for example.

At the end of the day, Dacal told us, “Our mission as a company is basically to help an organization manage anything that’s got a chip in it. Whether it’s a device you might encounter at a hospital, or some other industrial use case for IoT, […] we’re managing that life cycle from, basically, cradle to grave.”

Tanium offers an endpoint management and security platform built for the world’s most demanding IT environments, including multiple branches of the US Armed Forces, large financial institutions, and household-name retailers. Endpoint management and security is no longer the “traditional” antivirus installation on desktop machines: in an age of BYOD, a distributed workforce, and cloud-based apps, services, and endpoints, keeping real-time, protective oversight is business-critical.

To find out more from Tanium, get in touch with the representative nearest you.