Introduction

Many things blur the line between endpoint management and security. Examples? Managing an endpoint. Configuring it. Performing application and software management. And patching the endpoint. The fact is, managing and securing a device is so interrelated that it makes sense for these two functions to come together in a single platform that can accomplish these, and other tasks needed in your IT organization. Here are the seven ways Unified Endpoint Management (UEM) can support security.

#1 Discovery and Visibility

The first step to securing what you have right now is knowing what’s on your network. Not knowing what software is installed on devices means you don’t know whether it’s received necessary patches, whether the device needs hardening, etc. Getting a good view of all the devices on the entire network and everything connecting to it—whether it’s connected to the corporate network permanently or whether a device comes up temporarily, maybe for a few minutes or so, and then disappears—you need to be able to see that. UEM can give you this visibility and discovery through on-demand and passive discovery. It’s always looking for devices or software on the network while keeping your IT team alerted and aware.

#2 Compliance Management

It wasn’t too long ago where compliance management ensured that devices were protected with a password—a strong password. And now today, we are dealing with forms of device encryption, multi-factor authentication, device tracking, remote management, the list goes on. Now add the need to overlay government or regulatory-commission policies such as HIPAA or PCI DSS, in which a violation of, or a breach of compliance, could result in fines or fees and threaten the business. UEM can support security by ensuring that each user and each device is compliant with the policies your organization needs or is required to follow, whether internal or external.

#3 Patch Management

Patching has become much more extensive and is one of the most effective things you can do to prevent device vulnerability and prevent your environment from being breached. UEM can efficiently deliver excellent visibility on what needs patching and what has been patched and instill confidence that those patches are implemented—not only the devices connected to the corporate network but those off the corporate network also.

And that goes for patching the OS as well as applications. If you look at the top vulnerabilities that are listed regularly, many of those are in applications. UEM can scan a broad list of applications, as well as operating systems, see what needs to be patched or updated, and can be configured to apply updates automatically as they become available.

#4 Application Control

With application control, the balance you’re trying to strike is between reducing risk and increasing productivity—protecting systems and users while at the same time freeing them to do their jobs as efficiently as possible. And that’s where application control steps in.

We’re all faced with the possibilities of unknown threatening applications running against our corporate networks. Application control enables you to not only identify applications running on devices but restrict access as well. And the amount of time that’s required to do this manually can be significant. Application control can reduce the time it takes by automating a lot of those processes. It ensures only desired applications are installed. It can make sure that users have the right application at the right time with the proper access. Simultaneously, application control is preventing unwanted applications from being run. And then, in some cases, you need to remove an application. UEM can provide a comprehensive solution for application management, from installing it to controlling its usage to blocking and removing it.

#5 Privilege Management

One of the battles IT faces is whether or not a user should have administrator rights on their computer. Privilege management can help solve this dilemma. You have two ways to go about solving the issue. One way is to assign the user’s account basic user rights and then elevate certain OS or application privileges as needed, and then reduce or reset those privileges once the user’s needs have been met. These specific capabilities and rights let the user take actions they might want to do that they cannot do with basic user rights. Sometimes, however, a user must be set up as an administrator, which some necessary OS capabilities require. Privilege management would then allow you to restrict specific admin rights, reducing privilege elevations or adjustments.

#6 Secure Remote Access

The number of devices that IT organizations must manage is significant. Plus, the landscape is changing. We have large remote workforces that now need to have secure remote access more than ever. Establishing rules and policies for the management of all these remote devices—and then trust that no matter where that device is, it is appropriately managed—is critical. UEM tools can manage remote devices to ensure they are properly configured and always up-to-date. They can also identify devices that are compromised or out of compliance and prevent them from accessing specific data, services, or even the corporate network. UEM can maintain a connection to the device and update it so that it is compliant and is allowed needed access.

#7 Full System Reset

When we talk full system reset, we’re not only talking about resetting the operating system or removing data, but also about reimaging it in a break-fix scenario or when a device needs to be repurposed. You get more options when you leverage a UEM solution within your organization.

When a device has been compromised in some way, such as through a virus or some other malware / ransomware, there are a few different ways you could handle returning this machine to a good state. First off, if you have a malware tool you trust, you can use it to clean the device and hopefully be confident that it’s back in good working order. Sometimes that’s the right answer.

A second option involves a more drastic decision—replacing the compromised device. Restoring the device to a good state may not be worth the time or risk. That’s a useful method for some IT organizations, albeit an expensive option.

A third alternative is the middle-ground choice—reset or reimage the device. This choice is about not wanting to replace the device but ensuring it will work the same once you’ve cleaned it of the compromise, instilling confidence there is no additional risk. With UEM, you can reset the device and reimage it with your organization’s gold image, and install the user’s previous applications. UEM enables you to put user-profile information and user data back on the device as well. And by quickly resetting the device, you can have it back in working order quickly—in many cases sooner than it would take to run through several tools trying to clean the device and hoping the risk is fully remediated.

Why You Should Be Using UEM to Support Security

To wrap up, we’ve talked about how a UEM solution can support your security needs. But let’s also address the why. Bringing UEM and security together first reduces the administrative complexity occurring as organizations manage many device types. Second, securing devices means appropriately managing and configuring them, which you’re doing many times in your endpoint management tool today. And third, it’s going to improve device performance, plus it means a better user experience for your end-users.

Learn more about how Ivanti powers the everywhere workplace with our Unified Endpoint Management solutions.