Taking zero trust beyond the user: The importance of endpoint visibility
- By Matt Marsden
- Oct 19, 2021
Escalating cybersecurity threats -- combined with government mandates -- are driving federal agencies to develop a zero-trust strategy. However, discussions about its architecture often center on the user -- evaluating individual credentials, location and reasons for accessing specific data. Certainly this is an important piece of the security puzzle, as evidenced throughout the Office of Management and Budget’s draft Federal Zero Trust Architecture Strategy, but it is only one part of an ever-evolving enterprisewide security posture.
Too often such strategies overlook the critical importance of evaluating the endpoint device. While a user may be legitimate when running an authentication test, can an agency trust the device being used? It might have been compromised without the user’s knowledge. Without endpoint visibility, devices at the network edge can remain critically exposed to threats via unpatched vulnerabilities and insecure configuration settings.
The importance of endpoint visibility
Endpoint security is of particular concern as the number of remote employees working on personal devices has increased exponentially, and bring-your-own-device policies complicate an agency’s network infrastructure, increasing the risk of a breach. For example, a user might access an agency’s network from a personal home computer that has not been patched in years. In addition, when evaluating access, systems often rely on data that is several weeks, or even months, old -- or simply inaccurate because of configuration changes or other factors.
Government agencies must have confidence that their endpoint devices haven’t been compromised; visibility into the endpoint is critical to establish this confidence. An effective zero-trust strategy will, in addition to evaluating the user, examine the endpoint device using real-time data to make more informed decisions about allowing access.
Achieving endpoint security
In their zero-trust journey, government organizations need solutions that provide:
- Real-time visibility of assets, both on- and off-network.
- Clarity on the dependencies between assets, applications and services.
- Assurance that enterprise security policies remain applied to endpoints, regardless of whether or not they are domain-joined.
- Visibility into the trusts and permissions granted to users and assets in an Active Directory environment.
- Improved general cyber hygiene and insight into network-connected devices.
While employees typically access cloud applications from their agency-provided computers, sometimes an employee will need to use another computer to log into agency cloud applications. For example, an employee who has left their agency-provided computer at home while visiting family might use a relative’s unmanaged computer to log into a cloud application if an urgent work request comes up. In this situation, the agency needs a solution that checks the device against the known managed endpoints and will not allow an unmanaged computer to access sensitive systems or applications with proprietary data.
The advantages of a platform
Today’s security concerns cannot be resolved by linking disjointed solutions, by following policies and procedures that worked in the past or by asking overstretched teams to do more. To obtain real-time data for zero-trust access, agencies should unify teams on a single platform that integrates endpoint management and security, providing high-quality data to facilitate ongoing assessment and validation of devices. The right solution breaks down data silos and closes gaps that often exist between IT operations and security teams.
This approach to zero trust is context aware. It combines all the signals and assesses them against real-time data and threat intelligence, creating an accurate and comprehensive view of what’s happening on the network at any particular moment. It gives agencies the necessary end-to-end visibility across end-users, servers and cloud endpoints and allows them to identify assets, protect systems, detect threats, respond to attacks and recover.
The right platform can enact automated security responses and remediation actions at scale with minimal manual intervention. Agencies must assume that a breach or attack will happen; they cannot wait until an event occurs to implement a solution. It is imperative they select technologies that allow for maximum extensibility and the capability to respond to threats in real-time and at enterprise scale.
We live in complicated times. Where once there was a clear model for network security -- when agencies knew who they were letting in -- today, things are much more complex. Agencies need a seamless security solution designed for the new reality of remote work, cloud services and mobile communications. Zero trust was created for this new paradigm, but making the approach work at scale requires complete endpoint visibility.
Matt Marsden is vice president, technical account management, federal, at Tanium.