Endpoint Security: Mind the Gap
*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
By definition, a gap has two ends. In the case of desktop security it’s AV on one end and a secure, user-accepted workspace on the other. Unfortunately, AV’s effectiveness isn’t what it used to be, and delivering a “user acceptable desktop” is becoming more demanding.
Frankly, I’m getting tired of vendors badmouthing “traditional” AV. News flash: I know you block new stuff but you cannot pull the plug on AV, not for a long time! AV blocks hundreds of millions of variants every day. When I got an ADT alarm system, I didn’t start leaving my doors unlocked. No security policy would be complete without AV, but more is needed.
You know the story. Zero-day threats hit your employees’ desktops before AV definition files can be deployed. They hit fast and wreak havoc in a matter of hours.
This endpoint security gap can be addressed. Privilege management and application control provide a must-have layer of protection. They reduce the attack surface that threat actors can exploit. However, every IT person I’ve spoken with said, “true, but doing that really hurt (or will hurt) my users’ experience.” Well, not really.
Least privilege practice used to mean least happy users. With modern solutions you can have security and a great user experience. How? By providing tools that make the user *feel* like they’re in control. Want to install an app? Even if I get blocked automatically, I can give myself an exception without having to directly contact IT. Need to get privilege to add a printer? Again, I can self-elevate my privilege to make that happen. User satisfaction is not a factor of getting keys to the kingdom – it’s much more about having dominion over my desktop without having to go through IT.
Here at AppSense we:
- Prevent unknown executables – Through our kernel-level filter driver we intercept file execution before application launch – regardless if the endpoint is online or off. In other words, “we rootkit incoming rootkits.”
- Make list management obsolete. Our Trusted Ownership™ goes far beyond traditional whitelisting and blacklisting to ensure that only applications from a trusted source can run. It’s pretty effective against malware like Cryptolocker.
- Enforce least privilege access – Our platform precisely controls user and application privileges so that users only access what they need. This helps to minimize the risk of human error. A great user experience is maintained through self-service, as mentioned above.
- View endpoint analytics for proactive threat prevention – AppSense Insight offers scalable visibility to endpoint and user data. This helps to identify suspicious activity and potential threats before they impact your environment.
- Assure user and license compliance – AppSense helps you enforce both corporate and industry-based compliance such as HIPPA, FINRA, and PCI by engaging granular, context-based policies for each endpoint. This also helps to ensure application and desktop license agreement compliance.
No security strategy is complete without addressing the endpoint security gap. With Application Manager you’ll have the perfect complement to your comprehensive security strategy with a bullet-proof endpoint security solution that fuels user productivity while keeping the bad guys out.
Read more in the Forrester Research Report: Endpoint Security Innovation is Intensifying.