In a series of blog posts in April, we detailed the many tools used in security and endpoint management, why consolidation is needed, and why it makes sense to leverage products that combine endpoint and vulnerability management capabilities. In this post, we explore how security and IT management best practices should be actively managed and why it continues to be so difficult for teams to keep up with necessary updates or to deploy urgent patches.

Enterprise Strategy Group (ESG) surveyed hundreds of businesses to find out how they operate in the endpoint management and security arena. The findings made it clear why so many struggle to manage endpoints, maintain security, and stay on top of changes. The primary reasons are:

• Incomplete visibility into endpoints
• Inconsistent mobile device management
• Reliance on outdated or manual administrative practices
• Lack of unified tools

You Can’t Manage or Protect What You Can’t See: Inventory Unawareness

Almost 10% of businesses admit to not being aware of all organization-owned devices that access their systems. When non-organizational devices are included, the number rises to almost 20%. This is one of the big reasons why 27% of organizations are unable to maintain a current inventory of endpoint devices. Lack of a solid inventory is a security disaster waiting to happen. Without it, urgent patches don’t make it to all the endpoints that need them, and the organization simply isn’t able to guard all the possible avenues into the enterprise.

Every Mobile Device is Unique: Inconsistent Mobile Management

In an increasingly hybrid world, managing mobile devices has become a critical component of IT and security activities. While 90% of companies plan to increase the number of mobile and Internet of Things (IoT) devices running on their networks, 7% confessed that they lack the common policies, processes, and tools that can provide mobile device support alongside traditional management and security for clients and servers. Treating every mobile device as uniquely different than a traditional desktop or laptop can lead to an incomplete device inventory and thus, a broader, unmanaged attack surface. In the ESG research study, a lack of comprehensive mobile device management was another reason IT and security teams struggled to stay up to date.

Spreadsheets Everywhere: Manual Administrative Practices

Shockingly, ESG discovered that many organizations continue to rely on manual processes for IT and security administration. Specifically, 84% of organizations surveyed said that spreadsheets remain a key aspect of endpoint security management. As IT and security staff work diligently to safeguard their systems, they can also be stymied by the need for manual data entry and management onto spreadsheets, as well as compiling data from multiple systems to gain some idea of where they stand.

Endpoint management and security that relies on spreadsheets is a major reason why it is hard to keep up to date with necessary updates and patches. This reliance on spreadsheets also highlights a sharp disconnect between perception and reality: 91% of ESG survey respondents believe they are aware of all organization-owned devices and 93% say they follow best practices, yet 38% find it difficult to keep up with their endpoint management and security responsibilities due to frequent changes.

Consolidation Can Be Your Ticket to Improved Endpoint Management and Security

A further complication came to light during ESG’s assessment of the endpoint management sector: 65% of organizations use one set of tools and processes for endpoint management and a different set of tools for endpoint security, thus making it difficult to coordinate workflows. This is a big reason 51% find it difficult to prioritize the right endpoint actions that will have the biggest impact on risk reduction.

That’s why ESG noted the need for convergence as part of its recommendations for organizations looking to improve their security posture with better IT management practices. Enterprises that leverage one product with multiple capabilities, from endpoint to patch to vulnerability management, can significantly reduce time-to-patch and time-to-remediate.

Syxsense can help organizations looking to consolidate capabilities and vendors in the endpoint and vulnerability management space.

• Syxsense Offers End-to-End Device Inventory Awareness: Syxsense finds every device running anywhere in your network, whether remote or on premise. Regardless of the operating system, device type, system, or application, Syxsense provides a complete enterprise endpoint inventory rapidly.
• Syxsense Offers Comprehensive Mobile Device Management (MDM): Syxsense Enterprise includes integrated MDM functionality to implement common policies, processes, and tools across mobile devices as well as PCs, Macs, and other endpoints.
• Syxsense Provides Automated Endpoint Administration: With Syxsense, your teams can use one console to monitor, manage, and secure endpoints. Syxsense Cortex™ is the no-code automation engine that streamlines and simplifies endpoint management processes, eliminating scripting and ensuring that patches and remediation actions are implemented consistently across all endpoints.
• Syxsense Offers Unified Endpoint Management and Security: Lack of unified tools is a big issue in many organizations. By implementing Syxsense, IT gains the ability to implement patches, scan for vulnerabilities, implement remediation actions across all endpoints. No more jumping from screen to screen to manage different tools. Everything is included in one unified package.

If you want to find out how Syxsense helps IT and security teams reduce the risk and complexity in their environments, schedule a demo with us today.

In a previous post, we detailed the vast array of endpoints a typical enterprise possesses, why having too many devices can open the door to malicious cyber actors, and the importance of tool consolidation to help manage endpoint operations and security. In this article, we cover endpoint management tool proliferation and its consequences.

In a Syxsense-sponsored research effort with the Enterprise Strategy Group (ESG), the survey revealed that most organizations possess a dizzying array of endpoint management tools. As covered in an earlier blog post, it is not uncommon for more than 20 tools to be in use. But what are these tools? 60% of organizations surveyed harness remote access and remote desktop sharing applications to allow IT personnel to remote into user systems, troubleshoot issues, and apply updates. Similarly, 59% of enterprises make use of software distribution and license management systems. 59% also use asset management software.

Next comes mobile device management (MDM) with 55%, followed by application health and performance tools at 44%, auditing and reporting tools at 40%, privilege management at 39%, and device health monitoring at 38%. Of particular concern to ESG, however, was the low number of organizations using patch management software – only 37% of respondents noted that they use patch management software to manage their endpoints.

Some of these management tools aren’t surprising – but what is surprising is how few organizations leverage foundational tools such patch management and device health. This may be why so many aging patches continue to be exploited by malicious hackers and why recently revealed vulnerabilities can take months to years to remediate.

The Need for Consolidation

As well as pointing out the importance of patch management, the ESG research showed a need for greater consolidation of endpoint management tools to help close the vulnerability gap. Similarly, Gartner sees such consolidation as an overall trend, especially with Unified Endpoint Management (UEM). UEM is entering the mainstream, according to Gartner, having reached a market penetration level of 20% to 50%, with large organizations and certain verticals the biggest adopters.

UEM can help organizations by making it easier for IT and security operations teams to manage data protection controls, device configurations, and usage policies using telemetry from identities, applications, network connectivity, and more. UEM solutions pull together areas such as MDM, patch management, asset management, and other tools into one centralized, integrated package. At the end of the day, UEM simplifies endpoint management by bringing together several different capabilities and streamlines management processes across devices and operating systems. By enabling IT teams to manage all assets and endpoints from a single console, greater efficiency can be realized.

Syxsense Supercharges UEM With Security Tools

ESG highlighted the importance of asset management and MDM as some of the most popular endpoint management tools in use in the enterprise today, while pointing out the urgent need to augment these with automated patch management. Syxsense provides all of these functions, and more, in one integrated package.

Syxsense customers can scan and inventory their entire network to find every endpoint, whether they are in the cloud, on-premise, or operating remotely. Regardless of the operating system, application, or location, device status and health can be identified – and if any endpoints need to be updated to ensure they have a low-risk security posture, fixes and remediations can be pushed immediately. This makes it easy to set up and automate tasks such as permissions and configuration changes for devices, to distribute patches to all systems, and to verify that patches have been implemented across the enterprise.

But Syxsense takes things a stage further by integrating these UEM functions with a plethora of security capabilities. These capabilities include:  

1. Scanning, detection, prioritization, and application of missing patches.
2. Scanning, detection, prioritization, and remediation of security vulnerabilities most often caused by misconfigurations such as open ports, firewall settings, device sharing, etc.
3. Remediation of any risks using an automation and orchestration engine called Syxsense Cortex™ that allows users to create complex workflows via a drag-and-drop editor, with no coding or scripting required.

Instead of management and security tools existing in siloes, Syxsense enables IT and security teams to operate as collaboratively with a solution that provides seamless integration. A single agent not only automates the management of endpoints but monitors, safeguards, and reduces the attack surface and simplifies overall management.

Managing vulnerabilities, configurations, and exposures, on top of the foundational need to manage patching across an enterprise, helps IT teams reduce the complexity in their environments without sacrificing products that the business units need to get their jobs done. If you want to find out more, schedule a demo with us today.

In Part Two of this series, we highlighted that the more tools there are in place for IT management and security, the less secure the enterprise becomes. Those with more than 10 tools running were found to have large numbers of unmanaged endpoints. Each unmanaged endpoint opens the door to a potential cyberattack. In fact, 81% of organizations with more than 10 tools experienced at least one cyberattack via an unmanaged endpoint.

A construction site analogy can clarify this phenomenon. When standing up a new building, workers use dozens of tools and create various pathways around a new structure. Oftentimes, teams are constructing from both the outside-in and the inside-out. Some people use windows, doors, or just temporary gaps in the structure to move around and get their jobs done. In finalizing a building, some of the tools and gaps being used can be left unfinished. In fact, a quick Google search on this topic produced nearly 61 million results in less than a second, with multiple results for how to fix holes in a wall and why holes in walls are used for construction. While there are fixes, these holes also leave gaps in place that can accelerate deterioration or cause rodents or other unwanted creatures from entering your house.

It is the same in IT and security. There are so many tools in existence that some are misplaced, one or two are forgotten about completely, and many are likely misconfigured.

The Most Common Security Tools in the Enterprise

What are all these management and security tools that businesses have in place? Enterprise Strategy Group (ESG) surveyed organizations to find out. Top of the security list, as expected, was antivirus (AV). 64% said they run an AV point solution for endpoint devices. Next came endpoint detection and response (EDR) at 55%, a secure browser at 45%, and specific Internet of Things (IoT) and/or Operational Technology (OT) security technologies at 44%.

Further security technologies scoring high in the survey included: Password managers (43%), biometrics (43%), application controls (42%), vulnerability scanning (41%), device control (37%), full-disk encryption software (35%), zero trust network access (ZTNA) 35%, VPN agent (34%), digital certificates (33%), and asset management (33%). That’s a whole lot of tools. And there can be dozens more running when you consider all the security point tools that exist to take care of areas such as data loss protection (DLP), ransomware protection, secure access service edge (SASE), and many others. As the number of endpoint tools rises, so rises the potential for a cyber-breach.

Security Tool Consolidation is a Necessity

According to Gartner, integrating endpoint management and security is going to grow. In the Gartner Hype Cycle for Endpoint Security, 2022, analysts highlight how Unified Endpoint Security (UES) is a growing area for endpoint management and security. UES integrates “endpoint operations tools and endpoint security tools to help close gaps in the early detection and remediation of security threats,” according to coverage of the report from VentureBeat. For organizations looking to lower costs, improve threat prevention and detection, and accelerate time-to-respond, adopting a UES strategy should be a critical initiative.

This unified approach is where Syxsense has driven forward, in collaboration and on behalf of its customers. After helping customers stand up a thorough endpoint and patch management program, the Syxsense team saw how disjointed the patch teams were from the vulnerability management teams. But both needed to work closely, often needing information from the same sources (the endpoints) and needing to secure those endpoints. That’s why Syxsense built out additional security capabilities.

Syxsense unifies several endpoint management applications and makes everything available on one console. Syxsense Enterprise provides consolidated patch management, vulnerability scanning and remediation, mobile device management, and a zero trust evaluation engine for device attestation in one fully integrated package. Syxsense can see every endpoint running anywhere on your network, regardless of the device’s operating system. And our Enterprise tier provides complete end-to-end automation and management of all vulnerabilities that may impact IT assets and endpoints. With a built-in security scanner, you can identify any devices with OS and security vulnerabilities, weak spots, misconfiguration issues, and more. And with an extensive library of vulnerability remediations, you can push fixes to all devices that need remediating.

See it in action. Schedule a demo today.

In Part Four, we discuss the abundance of point solutions that businesses currently have in place for endpoint management and highlight weak areas that need attention.

In Part One of this series, we laid out the extent of tool sprawl in the enterprise. According to a recent Enterprise Strategy Group (ESG) survey, two thirds of enterprises utilize ten or more IT management and security applications. One in ten organizations run more than 20!

ESG delved into the consequences of operating so many tools across the enterprise. Researchers unearthed the fact that as the number of tools rises, more and more endpoints go unmanaged. Inevitably, this increases an organization’s attack surface and exposes it to greater risk, such as being the victim of a cyber-attack.

Here’s why: if an organization manages one group of endpoints with tool X, another group with tool Y, and yet another group with tool Z, it is nearly impossible to get a comprehensive view of the enterprise’s endpoints and environment. There is no single source of truth. Gaps are there, but no one notices. Attempts to inventory all endpoints fall far short of achieving full coverage. Patch rollouts may reach many endpoints – but not all. Vulnerability scans cover certain portions of the enterprise but miss others because most vulnerability scanners must be told exactly what to scan – and if you don’t know about it, you cannot scan it.

The Extent of Unmanaged Endpoints

ESG correlated the number of endpoint tools running with the quantity of unmanaged endpoints in existence. The analyst firm found that 50% of organizations operating more than 15 IT management and security tools had more than 20% of their total endpoints unmanaged i.e., despite all those tools in place, one in five endpoints (or more) were not being monitored or patched. A further 37% of businesses with more than 15 tools in action were found to have 11% to 20% of their endpoints completely unmanaged. 8% had 5-10% of their endpoints unmanaged, and the remaining 5% had less than 5% unmanaged. In other words, 100% of organizations with at least 15 tools running had some blind spots within the enterprise that attackers could use to breach security.

As the number of tools lessened, the zones of non-coverage reduced. Still, 72% of those with 11-15 tools had more than 10% of endpoints unmanaged. That percentage drops to 47% for enterprises with 5-10 tools operating. Yet 15% of those with fewer than 5 tools to deal with still had at least 10% of endpoints unmonitored. 

Unmanaged Endpoints Magnify Cyber-Exposure

ESG followed up by tying lack of comprehensive management of endpoints to cyber-risk and exposure. 53% of organizations with 15 or more management and security tools experienced several cyberattacks related to unmanaged endpoints. Another 37% admitted to one cyberattack and 5% were unsure if any cyberattacks were due to unmonitored endpoints. Only 5% claimed to have not suffered a cyberattack that could be traced directly to unmanaged endpoints.

One thing is clear: the fewer the tools in existence, the lower the risk of a breach. Only 12% of those with 11-15 tools running didn’t experience a cyberattack on unmanaged endpoints. That figure jumps to 22% for those running 5-10 tools and to 60% for those with fewer than five tools.

By lowering the number of tools running, the enterprise can become more secure. Obviously, those tools have to offer comprehensive coverage of endpoints. A balance is needed between tool consolidation and the ability to manage and monitor the entire enterprise and all endpoints.

Balance Tool Consolidation with Complete Endpoint Coverage

A unified approach to security and endpoint management can provide robust coverage of all endpoints and systems across your enterprise. Whether on-premises, in the cloud, or roaming (as mobile devices often do), a unified security and endpoint management solution detects, inventories, manages, and secures all endpoints.

Syxsense takes this unified approach of end-to-end management of all endpoints even further by offering automated identification and remediation of security vulnerabilities that may impact IT assets. With a built-in security scanner, Syxsense customers can see all devices with operating system (OS) and security vulnerabilities, weak spots, misconfiguration issues, and more. Syxsense pushes an extensive library of vulnerability remediations into its automation engine to resolve issues without significant human intervention (you can choose the level of human interaction based on your corporate risk profile.) And, with Syxsense, organizations can generate out-of-the-box reports for executive management, auditors, and regulatory agencies.

For more information, visit https://www.syxsense.com/enterprise.

In Part Three, we discuss the alphabet soup of security point solutions that many businesses have in place as they battle cybercriminals intent on breaking into the enterprise.

Sprawl happens in many ways. Urban sprawl is common in major metro areas. The City of Los Angeles takes up about 500 square miles. But greater LA now comprises more than 5,000 square miles as it spreads out from Thousand Oaks, Simi Valley, the San Fernando Valley, and Santa Clarita out to the San Gabriel Valley, Long Beach, Anaheim, Irvine, Riverside, and San Bernadino. The result is endless commutes, gridlock, and smog.

Organizational sprawl is also common. Global conglomerates have so many divisions, departments, acquired entities, and partners that it is a constant battle to keep everything aligned and operating smoothly. It is not uncommon for employees within a big company to be utterly unaware that people in neighboring departments have tools or solutions to problems they have been desperate to solve for years. Inefficiency, excessive costs, and lack of market agility become the norm.

And then there is tool sprawl in IT. A few decades ago, organizations might only need one application to manage on-premises systems and an antivirus (AV) application to take care of security. How things have changed. These days, many organizations operate in hybrid environments – both on-premise and in the cloud. Even more, they often have multiple cloud environments, multiple operating systems, and several platforms to manage from a dozen or more vendors. They have added layers of virtualization, containerization, and monitoring that necessitate the adoption of various management tools to look after different vendors and systems, cloud platforms, and areas of the network. Factor in, too, the presence of a hybrid workforce now spread around the planet and the mobile devices they likely use for work – and you can see how device sprawl drive management complexity for organizations.

If anything, the situation is even worse on the security front. Organizations may be running AV, anti-malware, ransomware prevention, data loss prevention (DLP), intrusion detection/prevention systems), next generation firewalls, secure web gateways, endpoint detection and response (EDR), threat intelligence, vulnerability management, patch management, and more. In recent times, concepts like zero trust network access (ZTNA) and secure access service edge (SASE) have led to a wave of new networking and security innovations, tools, and systems. The result of all this sprawl is so much complexity that it is difficult for IT to monitor and protect the entire enterprise. Security holes are inevitable, breaches are harder to detect and prevent, and IT personnel are bogged down in rifling though logs or jumping from screen to screen as they attempt to troubleshoot the latest performance or security issues.

The Shocking Extent of Tool Sprawl

How bad is it? Recent research from Enterprise Strategy Group (ESG) investigated the problem of tool sprawl among IT management and security applications. The survey findings were shocking. Only 6% of enterprises said they used fewer than five tools for management and security. Note, however, that they are reporting on the number they are aware of. Some may be lurking that a lone IT manager, security staffer, or line of business head uses to run things unbeknownst to the CIO.

According to ESG, 27% use 5 to 10 tools, 33% use 11 to 15 tools, and 26% use 16 to 20. That leaves another 9% who counted more than 20 applications in operation to deal with IT management and security. In other words, the survey reveals that two thirds of organizations are simultaneously running 10 or more tools.

“More device types and OSes equal more management and security tools, so when does it become unsustainable?” asks ESG.

Unified Security and Management Solution Reduces Complexity

How can organizations fight against tool sprawl and security complexity?

With a unified security and endpoint management solution. Such a platform can bring together the worlds of IT and vulnerability management into one fully integrated package. This enables multiple teams (IT and Security Operations) to leverage one tool to monitor and implement robust patch management, vulnerability scanning and remediation, MDM, and zero trust device attestation. As the only Unified Security and Endpoint Management (USEM) suite on the market, Syxsense Enterprise consolidates multiple tools, lessens IT complexity, and improves security and compliance. For more information, visit: www.Syxsense.com.

In part two of this series, we dive into the dire consequences of tool sprawl in more detail.