Ivanti Blog: Posts by

Ivanti Endpoint Security Now Integrates with Ivanti Neurons for Patch Intelligence!

Wed, 27 Oct 2021 11:30:00 Z

Ivanti Neurons for Patch Intelligence (https://www.ivanti.com/products/ivanti-neurons-patch-intelligence) helps organizations reduce the time-to-patch and to meet or exceed their service-level agreements (SLAs) for patch management. It does this by delivering automated insight into your risk exposure and helps you to prioritize, based on adversarial risk. In particular, it provides real-time intelligence on vulnerability exploits that are actively trending in the wild, and those that have ties to ransomware.

Ivanti Neurons for Patch Intelligence combines this risk-based prioritization with patch reliability data to help you focus your testing efforts and reduce the overall time to patch. This combination enables you to get a clear picture of how compliant the devices are within your environment and to identify which devices and patches need prioritizing based on your specific SLA timescales and dates.

We have now integrated Ivanti Endpoint Security with Ivanti Neurons for Patch Intelligence. With this integration you can populate the endpoint and patch content information from Ivanti Endpoint Security into Ivanti Neurons and then you can leverage the risk context and threat insights that we have in Patch Intelligence to ensure that you are taking that risk-based, prioritized action for patch management.

This integration enables you to see the vulnerability risk associated with your specific environment and help you understand where you need to focus your attention to reduce that risk.

This integration has been developed as part of the Ivanti Endpoint Security 8.6 Update 2 release, but the integration actually works on any currently supported version of Ivanti Endpoint Security!

We’ve also implemented some other enhancements in the 8.6 U2 release. These include:

SIEM integration for Device Control
Many organizations use Security Information and Event Management (SIEM) platforms to aggregate and analyze activity from different solutions in their environment.

To help you integrate with your SIEM of choice, we have developed a plug-in solution for Device Control events.

This solution is an agent-side implementation which enables you to forward events from Ivanti Endpoint Security Device Control agents directly to the SIEM solution. The following KB article (https://forums.ivanti.com/s/article/Ivanti-Endpoint-Security-Device-Control-SIEM-Integration?language=en_US) provides sample code and further documentation to enable you to integrate with your SIEM solution.

Microsoft Silverlight Removal / Additional Browser Support
Customers will be pleased to know that we have removed Microsoft Silverlight which reached end of support recently.

We’ve replaced Silverlight by a SignalR-based solution and the necessary component changes will happen in the background as part of the upgrade process to 8.6 U2.

In addition to updating the underlying technology to a supported platform, this change also means that you will no longer need to use Internet Explorer 11 to run Install Manager. You can now use your browser-of-choice to install new components.

OS Support Updates
We’ve also added support for the, just recently released, Windows Server 2022 and Windows 11 platforms. Note that in the case of Windows 11, this support applies to the Patch & Remediation, Application Control and AntiVirus modules only. Device Control is not yet supported on Windows 11, but we will add that shortly.

For more information about these and other important updates, check out the 8.6 U2 release notes.

Ivanti Service Desk Introduces Chat Functionality!

Tue, 26 Oct 2021 16:00:00 Z

We’ve been ‘chatting’ about it for a while now – and we’re delighted to announce that the latest release of Ivanti Service Desk introduces our brand-new Chat feature!

At the end of last year, we introduced a preview of Chat for both Workspace and Web Access to help users communicate more easily with Support. We received a lot of feedback via this preview which has helped us to refine the functionality.

Users can now request a Chat session with an analyst through the Self-Service portal in either Workspaces or Web Access. The request is then added to a queue where it can be accepted by an Analyst for a 2-way Chat.

The introduction of Chat in Ivanti Service Desk further underlines our ambition to bring innovative new features to the product – and we will continue to build on these features in future releases.

Check out the Update 2 release notes for more information on Chat for Ivanti Service Desk

Ivanti Workspace Control 2021.1 – Service Update 1 is Now Available!

Tue, 20 Jul 2021 19:22:05 Z

Our latest release of Workspace Control is a service update for IWC 2021.1 containing a number of bug fixes and compatibility updates. But it has so much more than that!

We’ve also included a number of User Voice requests which were submitted via the Product Ideas page on the Ivanti Community. In addition, we are currently developing a significant new feature called Workspace Control Cloud Relay which we will be releasing later this year.

However, this service update contains an Early Access version of this feature, so let’s start there!

Workspace Control Cloud Relay

Over the past year, most organizations experienced the rapid shift whereby users moved out of the corporate office and started to work from home. In many cases the endpoints they were using were no longer connected to the corporate network and, as a result, it made it very difficult to connect to these devices and to provide configuration and other updates needed for the users to remain productive and secure.

We already have solutions to help with this scenario, but they place the burden on our customers to add additional on-premises infrastructure and, for many customers, this is a very challenging proposition. Customers want and expect us to take this burden away from them and to provide a solution without the need for them to add infrastructure locally.

To solve this problem, we have developed Workspace Control Cloud Relay, which enables endpoints that are located outside of the corporate network to connect and receive updates without the need to use a VPN connection.

This feature is now available for customers to trial. If you want to try this feature out, contact our Support team through the Ivanti Community portal. We would love to get your feedback on it.

For more information on Cloud Relay, refer to the Release Notes.

User Voice and Other Enhancements

We are continuing to review and respond to your feature enhancement requests. Thank you for continuing to submit these requests and for voting on the requests that others have submitted previously!

These ideas and votes act as an input to our roadmap. In addition to including requests which have received a lot of votes, we also try to include some ‘quick wins’ (those requests that really don’t take that much effort to implement but provide benefit to our customers).

Please refer to the Release Notes for details on all of the User Voice feature requests and other feature enhancements that are included in this service update. The following are a couple of the more noteworthy additions:

Display Scaling (DPI) settings are saved per user

This was our top voted User Voice entry with over 70 votes, so we are very pleased to be able to fulfil this request!

In previous versions, Workspace Control was starting too late during the logon process. By which time the DPI settings had already been set on the endpoint. This made it very challenging for users with a visual impairment - and for those who preferred to have larger text on their displays.

The good news is that this top request has now been implemented. Workspace Control can save DPI settings on a per-user basis and apply these settings every time the user starts a Workspace Control managed session. This enhancement works for both single monitor and multiple monitor configurations.

Managed application GUID displayed in Application List

One of those ‘quick wins’ mentioned earlier, this request - which accumulated 16 votes - was to make it possible to show the GUID column in the Application List.

Having this information can be helpful when troubleshooting for example. The administrator may know the application GUID but identifying the associated application from the GUID can be challenging.

Simply adding the GUID as a column in the Application List makes it easy to search for and find the associated application, so that’s what we’ve done.

Workspace Control Agent status displays connected Relay Server name

This request didn’t come through User Voice, but it did come up in a conversation with one of our Cloud Relay early access customers and we recognized that it was a great idea and have implemented it!

If a Workspace Control agent is connected to a Relay Server, the name of the connected Relay Server is now specified in the “Connects to” column in the Agents view.

We’ve implemented some other requests that focus on improving performance, such as the ability to reset the last visited node in Workspace Analysis and the ability to reset the ‘Show all User Settings’ option when switching tabs.

In both cases, the current behaviour could cause a lot of information to be reloaded when the user visits these pages, resulting in extended waiting time for the page to load, particularly in larger environments.

We are already working on the next set of User Voice requests for the October release. If you have enhancements that you would like to see in the product, go ahead and submit them.

We won’t get to them all, but we do review them every week.

Compatibility Updates

Finally, one of the more significant compatibility updates is that Managed Applications can now be published to specific Citrix folders when using Citrix XenApp. Please refer to the Release Notes for more information on how to configure this.

What's New with Ivanti Workspace Control 2021.1?

Mon, 22 Mar 2021 20:47:26 Z

The past 12 months have seen significant changes and upheaval in the way we live our lives and also in terms of our work environment. Many organizations moved to remote working almost overnight, leaving IT with significant challenges in terms of ensuring users continue to remain productive and secure. Organizations have been increasingly looking to cloud technologies to provide solutions to these challenges.

According to Gartner the proportion of IT spending that is shifting to cloud will accelerate in the aftermath of the COVID-19 crisis. Additionally, a recent Gartner survey found that almost 70% of organizations using cloud services today plan to increase their cloud spending in the wake of the disruption caused by COVID-19.

The Workspace Control 2021.1 release has been designed to help customers with the transition to cloud and also with managing users working from home. The two standout features from this release in support of these initiatives are as follows:

Azure Active Directory Integration
Azure AD is Microsoft's enterprise cloud-based identity and access management (IAM) solution and is the built-in solution for managing identities in Microsoft 365. To support the increased usage of Microsoft 365, Workspace Control 2021.1 now integrates directly with Azure AD and customers can use Azure AD for context-based decisions in areas such as workspace containers, in zones and access control.
Azure User Settings
In this release, we added the ability to synchronize user settings with Microsoft Azure storage. Previously user settings could only be synchronized with a network share which meant that you had to be connected to the corporate network. With so many users now working from home and the expectation of greater flexibility in the future in terms of where users do their work, users are not always going to be connected to the corporate network. By providing the ability to synchronize user settings with Azure storage, users’ settings can be synchronized from wherever they are located. All the users need is to have internet access.

We’ve also continued to focus on your product enhancement requests submitted via our User Voice Portal. Your ideas and votes are an important input to our product roadmap so thank you for continuing to submit these. The following are some of those we’ve implemented in this release:

Delayed Automatic Launch of Applications
This was the top voted request in User Voice last year, so to reinforce that your votes count we added this feature to the release. The requirement in this case was that customers want certain applications to always run for all users so what they do is to configure a mandatory auto launch for those applications. Unfortunately, starting these applications puts a strain on the system resources during logon and provides a poor logon experience for users. So, we’ve provided an additional option to delay auto launch until the session startup has completed. With this setting, the logon finishes earlier, the users can start working and the applications will then start in the background.
Learning Mode for Authorized Certificates
We added authorized certificates as an additional security feature a couple of years ago. We have a learning mode for other security features such as Managed Applications and that has been really helpful to progressively introduce security measures. You can see what effect changes will have before you apply them. Learning mode is now available for authorized certificates such that you can continue to use application security in enabled mode, but then add Certificate Security in learning mode. This can help you to simplify your security configuration and progressively add certificates in place of more complex file rules.
SQL Always-On Multi-Subnet Support
This is another feature request that received a lot of votes, so we’ve added SQL always-on multi-subnet support to provide high availability database options for Workspace Control.

These are just some of the requests we’ve implemented. To learn about the others, read the 2021.1 releases notes which are available at https://help.ivanti.com. We are currently reviewing the User Voice backlog to identify candidates for the 2021.2 release, so continue to submit your ideas and vote on those ideas already in the system.

For more information on the Workspace Control 2021.1 release, please watch the recently added on-demand webinar.

The Reviews are In: What the Workspace Control Edge Intelligence Users Find Most Helpful

Fri, 11 Dec 2020 16:18:02 Z

The Ivanti Workspace Control 2020 release that occurred in August included Ivanti Neurons for Edge Intelligence, an innovative new feature which enables administrators to query endpoints and get real-time intelligence from across the enterprise in seconds. A function that works regardless of whether endpoints are on or off the corporate network. An essential feature considering the number of employees working from home.

Now that customers have been using the feature for a few months, we’ve asked them what they find most useful. Here’s what they have told us.

Logon Performance

The number one feature Workspace Control customers find most useful is the Logon Performance query. Achieving a fast logon performance experience is always a key goal for organizations. When users complain of slow logon performance, administrators need a quick and easy way to troubleshoot to understand what’s causing the issue so that they can remediate. The Edge Intelligence logon performance query includes a graphical breakdown of the logon duration including both the Windows component of the logon along with a detailed breakdown of the Workspace Control component. With this information, it is very easy to see where the problem is, to validate what the user is saying about the logon duration and also to immediately see whether other users are experiencing similar issues.

Device Uptime

When a user complains that something is not working as expected, the ability to quickly see how long since the device was last rebooted is helpful. As one administrator described it, “when a user is having an issue, one of the first things I check is the device uptime. If they haven’t rebooted in several days, it is often one of the first things I get them to try to see if it resolves the issue. Having that immediate visibility is invaluable rather than having to rely on the user remembering when they last rebooted”.

Security Dashboard

Many customers commented on security use cases and how Edge Intelligence really helps solve these challenges. Different customers provided different examples but, in all cases, customers liked being able to quickly find the information they needed. One of the most common examples was being able to see Missing Patches, as an additional validation step on top of other patching tools being used. One user also commented they use the Device Uptime query to identify pending reboots, whereby a system might still be vulnerable until the reboot has completed. Other users liked using the Local Admin Users query to identify systems with local administrators, which would be considered a security risk. And yet another user commented that he liked the User Logon Failures query so that he could proactively reach out to users that were having difficulty logging on.

Simplicity & Shift-left

Edge Intelligence is simple to use. Customers have expressed their appreciation for a clear and simple view for normal Help Desk users. In order to get the information they need to investigate an issue, these users often need to contact a 2^nd or 3^rd line technician. However with Edge Intelligence it is already there for them, laid out in a way that makes it easy for them to use. One administrator told us that he had been looking at using APIs to provide the required information to the Help Desk users and now he no longer needs to do this. These users can now get this information for themselves (shift-left) which frees him up to focus on other, more important tasks. Another customer told me that Edge Intelligence allows him to gain insights that would require multiple other tools, so having this all in one place makes things more efficient. He went on to say that their management team preferred the user-friendly graphs created by the program vs. the detailed reports they were previously creating.

Have you tried out Edge Intelligence yet? If not, go ahead and upgrade to Workspace Control 2020 and enable it. Please provide any thoughts or feedback on the product directly to david.murray@ivanti.com.

DAVID MURRAY

Director, Product Management

Workspace Control Now With Ivanti Neurons for Edge Intelligence

Mon, 10 Aug 2020 16:10:29 Z

Following the formation of the Extended Products Group earlier this year, we’ve been refocusing our attention on Ivanti Workspace Control. With the previous release being mainly focussed on maintenance, security, and performance improvements, this Workspace Control 2020 release will be our first major release since then.

Workspace Control 2020 introduces several significant new features while also incorporating many of your User Voice requests (please continue to share with us). You will also see a new splash screen when opening the Workspace Control console to reflect the rejuvenation of the product. So, here’s what we have delivered in Workspace Control 2020.

Ivanti Neurons for Edge Intelligence... for Workspace Control

Ivanti Workspace Control is now connecting to the cloud and adding Edge Intelligence, an Ivanti Neurons, feature which gives IT the ability to query devices using natural language processing (NLP) and obtain real-time intelligence from across the enterprise in seconds. With so many users now working from home, this feature enables IT administrators to retrieve data quickly and easily from endpoints, whether they are on or off network.

In Workspace Control 2020, Ivanti Neurons for Edge Intelligence is made available on a controlled release to a subset of customers to assess both the benefits and investments associated with this feature at scale. It is also available to customers who purchase Ivanti Neurons for Edge Intelligence as part of the Ivanti Neurons platform. Watch for further developments on this feature as we progress through the year.

Microsoft Profile Containers Integration

We’ve added support for Microsoft Profile Containers, formerly known as FSLogix. This integration has been added to provide support for non-persistent Virtual Desktop Infrastructure (VDI) environments where Microsoft Office 365 is in use, enabling Virtual Hard Disk (VHD) cache roaming for Office 365 applications.

One of the main challenges with using Office 365 in non-persistent VDI environments is that the user profile needs to be rebuilt at logon and this typically involves copying lots of files, including large files such as .ost files. Other items, such as the search indexer, need to be rebuilt every time you log in. Because of this, sign in and sign out times often become unacceptable in these non-persistent environments.

Microsoft Profile Containers solves this problem by redirecting user profiles to a network location. Profiles are placed in VHD(X) files and mounted at run time. Mounting and using the profile on the network eliminates delays and results in a better overall user experience.

With this integration it is now possible to configure Microsoft Profile Containers from the Ivanti Workspace Control Console with the result that you can continue to manage all your user profile settings from a single console. For more details on the integration and how it works, take a look at the associated Community Article

Tags on Administrative Roles

We’ve added Tags as a new scope option for Administrative Roles. Tags can be used to configure which administrative roles can administer an application or printer and they can be used to provide more granular role-based access control (RBAC) for organizations with multiple administrators. Check out the Community Article for some typical use case examples for this feature and how to configure Tags.

User Voice – Responding to Your Requests

Thanks for continuing to submit your Product Enhancement Requests via the Product Ideas page on the Ivanti Community. We review these each week and they form a valuable input to our product roadmap, so please continue to submit your ideas and vote on those that are already there!

At the start of 2020, there were only 40 requests and a handful of votes in the system. I’ve been asking you to get your ideas into the system and to start voting. You have responded. This list has now grown to over 100 requests and over 1,000 votes across these requests. We’ve included several of these in Workspace Control 2020. To find out which ones made it in, check out the Release Notes.

Compatibility Updates

We’ve also updated Workspace Control so that it is compatible with even more 3^rd party applications and products. Some of the main enhancements include:

Support for SQL 2019
Support for Windows 10 Virtual Desktop
Interception support for VMware Horizon published apps
Improved support for Citrix Cloud, which was originally introduced in Workspace Control 10.3.90.0.

For a full list of these, along with additional security and performance improvements, read the Release Notes.

We’re Just Getting Started

We’re planning on another Workspace Control release towards the end of 2020 and our roadmap for this release and beyond is taking shape. If you would like to have a conversation around where we need to focus our efforts, send an email to david.murray@ivanti.com or just continue to submit your ideas via User Voice. I look forward to hearing from you.

The Next Chapter for Ivanti Endpoint Security (IES)

Wed, 03 Jun 2020 20:55:53 Z

As part of the re-affirmed commitment to customers as announced on January 30, Ivanti launched an Extended Products Group (EPG) consisting of proven solutions with a large customer following (dare I say, fans?) that deserve some TLC. One of these solutions is Ivanti Endpoint Security (IES), previously referred to as Endpoint Management & Security Suite (EMSS) and also as Patch for Linux, Unix and Mac.

So, what’s new with Ivanti Endpoint Security?

Windows 10 Branch Upgrade Support

We’ve added a much-requested customer feature: the ability to upgrade from one Windows 10 version to the next, starting with Windows 10 version 1903. Ivanti Endpoint Security customers no longer need to rely on other Endpoint Management solutions to keep their Windows 10 systems up to date. Additional patch content starting with “Feature Update to Win 10 Version 1909” is now available as Recommended Content and can be applied to Windows 10 1903 systems just like any other patch.

Once the upgrade has completed, the patch status will be updated to reflect that the endpoints have been successfully patched.

New Add-on Patch Functionality

Released to support Windows 7 and Server 2008/2008 R2 extended security updates (ESU’s)

Windows 7 and Server 2008/2008 R2 officially reached end of support on January 14, 2020. This was the last Patch Tuesday with security updates available to everyone for these operating systems. They will of course continue to function but will be at increased security risk as time passes and additional vulnerabilities are identified without updates.

Ivanti now offers custom content support, which allows the Microsoft ESUs to continue working seamlessly with Ivanti Endpoint Security. Please note that this is not part of the general maintenance or annual content subscription. The custom content for the Microsoft ESUs is available for a fixed annual subscription fee which includes Technical Support and does not have an associated endpoint count. Please review the Custom Patch Support article in the Ivanti Community for more details or reach out to us directly.

Additional OS Patch Support

On March 27^th, we released an updated version of the Patch Agent for Linux, Unix & Mac, also known as the LUM agent. This version adds support for Red Hat Enterprise Linux (RHEL) version 8 and also addresses a number of customer bugs. Please review the Release Notes for more information.

On June 3^rd, we released a further update to the LUM agent which provides support for patching CentOS 8 and SUSE Linux version 15 SP1. Refer to the Release Notes for more information.

5 Key Highlights of What’s Coming Next!

We’re just a few short weeks away from the release of Ivanti Endpoint Security 8.5 Update 4 which focuses primarily on enhancements to the Device Control module. The following are some of the key highlights of that release, which we expect to deliver to market later in June.

1. BitLocker Encryption Support is now available!
Do you currently use BitLocker encrypted devices? And require more control around whitelisting these, alongside a full device control solution? Ivanti Endpoint Security now allows continued use of BitLocker encrypted devices while also providing additional granular controls around whitelisting, policy, permissions and reporting. You can now define policies for Removable Storage Devices, such as USB sticks, based on whether or not they have been encrypted using BitLocker. For example, you could allow users to read files from BitLocker encrypted devices but not write to them, thereby protecting your corporate data.

2. File-type filtering enhancements
The Device Control file-type filtering feature has been enhanced to add support for the portable device class and for MP4 files. This means that you can now apply granular Device Control policies for mobile phones in the same way as you currently do for removable storage devices, such as USB sticks. For example, you can allow users to transfer pictures to and from their phones while still blocking other file types. You can do the same for MP4 video files across all device classes and decide whether your users can copy these video files to or from their workstations.

3. Device Detached events
Ivanti Endpoint Security has always generated log events when a user connects a device, such as a USB stick, to a computer. We now also provide log events when devices have been disconnected or removed. These device-detached events could be used, for example, to determine when a device was physically removed in the event that a device was lost or stolen.

4. Encrypted media unlocked event
Some customers have software that they want to execute after a user finishes unlocking a USB device. By providing a log event that can be used as a trigger to initiate this software, Ivanti Endpoint Security 8.5 Update 4 offers a capability to automate this otherwise manual task.

5. Keeping up to date
As with any new release, we are adding support for the latest Microsoft platform updates. We’ve also added Device Control support for Thunderbolt 3 devices so that they are correctly recognized as USB devices. We’ve also updated the Device Control engine to avail of the latest bugfixes and stability improvements.

More details will be available in the release notes in June, so watch out for them. The next release of Ivanti Endpoint Security is also in the works. This release will be focused on the Patch module. I’d like to get your input for that release. What new capabilities do you need us to add to Ivanti Endpoint Security? Submit your product ideas via the Ivanti Community. Select “Security Ideas” followed by “Endpoint Security” and add your idea for us to review.

Cutting Through the 'Fog of More' to Implement a Solid Security Foundation

Mon, 14 Oct 2019 21:03:50 Z

I recall seeing a TV ad a number of years back in which a lost tourist in a rental car is driving in a very rural area. He sees a farmer walking along the road and stops to ask for directions to the nearest town. The farmer stops walking and pauses to think for a minute, looks around at the surrounding wilderness and turns back to the tourist and says, “Well, if I were you, I wouldn’t start from here.”

I can’t recall what the ad was for, but I do remember the bemused expression on the tourist’s face. Implementing cybersecurity can be a bit like that. It is very rare that you get the chance to start over with a clean slate and design your ideal cybersecurity defense.

Defense-in-Depth or Expense-in-Breadth?

Invariably you will have a collection of different security technologies that will have been implemented over the years to address specific security needs or in response to specific security compliance issues or security breaches. Every time a new issue arises, you look to your existing security solutions to determine whether they can provide a solution or try to find something else to cover that gap. As you add each of these components, you start to ask yourself whether you’re really achieving defense-in-depth or just expense-in-breadth.

This is why I like the CIS Controls from the Center for Internet Security.

As outlined in the introduction to the latest 7.1 version, “The CIS Controls™ are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks.” Developed by a community of security experts, the CIS framework acknowledges the wealth of security tools and technology that are available to security practitioners and identifies the resulting “fog of more” that can be overwhelming and can distract organisations from taking the necessary decisions to achieve basic security fundamentals.

In total, there are 20 controls which are set out in a prioritized manner with the first six controls, known as the basic controls, providing cyber hygiene. The message from the CIS is that if you start at the top and work your way down, with each step along the way you are maximising your impact on improving your security posture. There is a very logical flow to the list and the top six in particular.

The first control is the inventory and control of hardware assets. If you don’t know it exists, you can’t secure it. So, step 1, discover what’s in your environment.
The second control is the inventory and control of software assets. Once you know what hardware you’ve got, understand what software is running on this hardware. Is this software that you want to have running in your network? Technologies like application control or application whitelisting have a big part to play here.
The third control is continuous vulnerability management. Once you have identified the software applications that exist, you know that these applications will have ongoing vulnerabilities, so you need to continuously scan and remediate these vulnerabilities.
The fourth control is the controlled use of administrative privileges. Admin privileges provide attackers with a way to spread inside an enterprise. When an attacker gains access to a system, typically by exploiting an unpatched vulnerability, they can do a lot more damage and navigate more easily throughout the network if they have admin privileges.
The fifth control is to implement a Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. Default configurations for applications and operating systems are designed for ease-of-deployment and ease-of-use rather than for security. However, these configurations often make systems easier to exploit so the settings need to be adjusted to make them secure and systems need to be scanned regularly to ensure that they haven’t deviated from these secure configurations as new software is added and patches applied.

Originally, only the top five controls were required for cyber hygiene, but the sixth control, Maintenance, Monitoring, and Analysis of Audit Logs, is now also included in the set of basic controls in recognition of the need to capture information to help detect, understand, or recover from an attack.

Like the tourist in the TV ad, while it mightn’t be ideal to “start from here”, the CIS framework enables enterprises to evaluate their existing security infrastructure against this carefully thought out, prioritized set of controls to identify where they have coverage or where there are gaps that need to be filled. Armed with this knowledge, enterprises stand a much better chance of navigating the “fog of more” and getting to the destination of a solid security foundation.

David Murray is Principal Product Manager at Ivanti for Ivanti® Security Controls, a solution designed to deliver the basic controls outlined by the Center for Internet Security. Visit the Security Controls web page to learn more, request a demo, or to start your free trial.

How Can I Protect You in This Crazy World?

Tue, 16 Oct 2018 22:13:11 Z

The Irish band Aslan is one of my favourites. Their lead singer, Christy Dignam, has an incredible voice and is often my go-to artist when I need to unwind and relax. He sings with such passion; you sense that he believes every word and note. Listening to him is almost a religious experience.

Christy really lived the rock ‘n roll lifestyle and had more than his fair share of problems along the way—even getting dropped by the band for a period of time as a result. Thankfully, he eventually emerged out the other side of his problems and continues to entertain us today.

As he emerged from his troubles with drugs and alcohol, he and the band recorded the song “Crazy World”—one of their biggest hits. The song, the opening line of which is “How can I protect you in this crazy world?”, reflected on Christy’s sense that he couldn’t protect those he loved when he kept failing himself.

Cyber Security and the Task of Protecting Customers

Sometimes when I listen to this song, I think of the cyber-security industry and the mammoth task of protecting customers. I remember my first time visiting the RSA security conference. I was really excited to be going there, partially because San Francisco is my favourite US city and I had only been there a couple of times previously.

However, on entering the Moscone Center where RSA is held, I felt quite intimidated by the sheer size of the place and the huge number of exhibitors. How was my company going to stand out from this crowd and make an impact?

But as the crowds streamed through over the following days, I felt they had an even tougher job in terms of selecting products to protect their organisations from malware, apart from those attendees who were there simply to collect lots of free stuff! It is exhausting just to walk around the Moscone Center and visit the various stands and understand their messaging. It is even tougher to take all that information back and develop a coherent strategy to protect an organisation.

Where Do You Start?

That is why I really like the Center for Internet Security (CIS) and their security framework, the CIS Critical Security Controls. On their website they describe the CIS Controls as “a prioritized set of actions to defend against pervasive cyber threats.” They have a total of 20 controls and their message is to start at the top and work your way down. Each step along the way, you are maximizing your impact on improving your defences. This is particularly true of the first five controls, which are the things that you must do to create a strong security foundation. In other words, get these in place first and build from there. It removes a lot of the mystery in how to get started and how to develop your security strategy.

At Ivanti, we’ve aligned our security solutions and our product strategy to these CIS Controls. With our strong heritage in asset discovery, vulnerability management, application control, device control, and privilege management we can help you get your cyber-security foundation in place.

Come and talk to us. Maybe we can protect you in this crazy world.

David Murray, based in Ireland, is an IT industry veteran and Ivanti product manager focusing on bringing to market application control technology as well as integrated endpoint security solutions.

Application Control – Are We There Yet?

Mon, 08 Oct 2018 20:39:27 Z

Every now and again, a technology comes along that just makes sense and you wonder how you ever got by without it.

Calculators, Fortnite, and GPS

I recall, as a child, my first time using a calculator and realising that this device was going to change my life and eliminate the drudgery of the multiplication and division tables that I had been learning off until then.

I spent countless hours trying to catch this device out with complex calculations, being amazed at the speed at which it could return accurate results that would have taken me forever to work out by hand. Hey, life in the west of Ireland in the ‘70s could be a little dull! Back then, Fortnite was not a computer game but a two-week period of time during which the rain might not let up.

Similarly, I recall my first time encountering GPS. I grew up with maps and compasses. I was an excellent navigator. I was the guy you wanted in the passenger seat heading on a long journey into unknown terrain. Mountains and rivers could be used to substitute for lack of road signs to confirm whether we were still on track or not.

I am blessed to have a wonderful wife, but even she will admit that she has a couple of flaws: 1) she doesn’t like to drive, and 2) she feels sick if she tries to read in a car.

Let’s just say that in the early years of our marriage this resulted in more than a few heated arguments when we found ourselves 20 miles off track in a car on holidays somewhere in the French countryside with three hungry kids in the back of the car continually asking, “Are we there yet?” All because she refused to look at a map. I’m pretty sure that our sat nav has saved our marriage and anyone who has travelled in a car with me is probably familiar with the sound of “Happy Holly” cheerfully keeping me on track. My wife and Holly coexist in a long-term relationship with me, without any signs of jealousy or rancour between them.

The World of Endpoint Security, Application Control, and Malware Protection

I had a similar reaction when I first entered the world of endpoint security many years ago and encountered Application Control.

Back then, malware was still somewhat in its infancy. A new strain of malware was propagating rapidly due to sad guys like me who just had to open a picture of the lovely Russian tennis star Anna Kournikova that they had received via email. I was working in the telecom industry at the time, but I could see that, for better or worse, security was a market that was going to grow and grow, and I felt that I had to be part of it.

When I first heard about Application Control, it was a technology that simply made sense in the battle against the malware writers and was the trigger for me to enter the industry. I soon began to realise, however, that while the concept was simple the practical implementation was anything but.

The concept? Well, it is that you have a set of applications that you know and trust and these are allowed to run. Everything else is blocked. Fairly simple, right? It just makes sense.

However, that is all well and good in a static world with a relatively small number of applications. Back when Anna Kournikova was gracing the tennis court that was probably valid. There really weren’t that many applications available for you to use to do your job, so it seemed reasonable to put these in a list and lock computers down so that only applications on that list could run.

However, as malware writers continued to discover security flaws in the computer operating system and in common applications, these had to be continually updated. As the Internet took off, there was an explosion in the sheer number of applications and utilities that became available to help users do their jobs more effectively. So, while creating a “whitelist” of allowed applications was relatively easy, maintaining that list was a huge challenge.

To address the challenge, vendors have changed from creating lists to creating rules that define what’s allowed and what’s not allowed to run. I’ve witnessed lots of innovation in this area to remove the complexity and make application control operationally simple. I talk to customers all the time, and while I meet some that have been burned in the past by the burden of a first-generation whitelisting solution, I see more and more customers adopting application control as part of a defense-in-depth strategy.

Are we there yet? I’m not sure we are quite there, but I think we are getting close. Let me know what you think.

Also, you may want to look into Ivanti’s Application Control and other Endpoint Security solutions. You can also request a demo.

David Murray, based in Ireland, is an IT industry veteran and Ivanti product manager focusing on Application Control and Endpoint Security solutions and bringing them to market.