Offline Activity Needs To Be A Part Of Your Endpoint Visibility Strategy – Charles Leaver

By | April 11, 2017

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO

 

A survey recently finished by Gallup found that 43% of Americans that were in employment worked remotely for a few of their work time in 2016. Gallup, who has actually been surveying telecommuting trends in the United States for nearly a decade, continues to see more workers working beyond conventional workplaces and an increasing number of them doing this for more days out of the week. And, naturally the variety of linked devices that the typical staff member uses has increased as well, which helps encourage the benefit and desire of working far from the workplace.

This freedom undoubtedly makes for happier employees, and it is hoped more productive staff members, but the complications that these trends present for both systems and security operations groups ought to not be dismissed. IT systems management. IT asset discovery, and hazard detection and response functions all gain from real-time and historical visibility into user, device, application, and network connection activity. And to be really reliable, endpoint visibility and monitoring must work regardless of where the user and device are operating, be it on the network (local), off the network but linked (remote), or disconnected (offline). Present remote working trends are significantly leaving security and functional teams blind to possible issues and risks.

The mainstreaming of these trends makes it a lot more challenging for IT and security teams to limit what used to be considered greater threat user behavior, for example working from a coffeehouse. But that ship has sailed and today systems management and security groups need to be able to adequately track user, device, application, and network activity, detect abnormalities and improper actions, and impose suitable action or fixes no matter whether an endpoint is locally linked, from another location connected, or detached.

In addition, the fact that numerous employees now routinely access cloud based assets and applications, and have back-up network or USB connected storage (NAS) drives at their homes further amplifies the requirement for endpoint visibility. Endpoint controls frequently supply the only record of activity being remotely performed that no longer always terminates in the organization network. Offline activity provides the most extreme example of the need for continuous endpoint monitoring. Clearly network controls or network monitoring are of negligible use when a device is running offline. The installation of a suitable endpoint agent is important to guarantee the capture of very important system and security data.

As an example of the types of offline activity that could be spotted, a customer was recently able to track, flag, and report unusual habits on a business laptop computer. A high level executive transferred substantial amounts of endpoint data to an unauthorized USB drive while the device was offline. Because the endpoint agent had the ability to collect this behavioral data throughout this offline duration, the client had the ability to see this unusual action and follow up appropriately. Through the continuous monitoring of the device, applications, and user habits even when the endpoint was detached, provided the client visibility they never ever had previously.

Does your company have constant monitoring and visibility when staff member endpoints are not connected? If so, how do you do so?

Leave a Reply

Your email address will not be published. Required fields are marked *