The Convergence of Endpoint Management & Endpoint Security
A Q&A with Ashley Leonard CEO, Syxsense Inc.
Leonard discussed unified endpoint management (UEM), key trends, and how Syxsense is bringing together the fields of UEM and unified endpoint security (UES) with its Syxsense Enterprise product.
What are the biggest trends in UEM?
The biggest trend in UEM currently is the addition of security tools to the traditional UEM toolset. Gartner is now calling out security functionality as a key product ingredient in its latest UEM Magic Quadrant. In an effort to narrow down the attack surface that comes from multiple agents and multiple consoles, customers are searching for solutions that provide both functions.
Another hot trend in UEM is the fact that more intelligence is filtering through the haystack of incoming security telemetry into a meaningful subset of what is critical in user environments. This includes key features such as better management of supersedence (i.e., new patches being issued that combine and replace multiple older patches from the same vendor), as well as better insight into the kind of threats that are triggered based on presence or lack of presence of vulnerable software in the environment.
We are also seeing solutions hitting the market that combine the necessary functionality to remediate threats that are blended: threats that require the application of a patch as well as configuration changes. This ties with threat prioritization whereby both patch and security threats are given different levels of risk based on the specifics of their environments. And finally, we are seeing software designed to bring about intelligent endpoints that can automatically maintain an endpoint in a desired state.
What are the key features of Syxsense Enterprise?
Our solution provides three critical functions.
- Scanning, detection, prioritization, and application of missing patches.
- Scanning, detection, prioritization, and remediation of security vulnerabilities most often caused by misconfigurations such as open ports, firewall settings, device sharing, etc.
- Remediation of all these threats using a SOAR-like product called Syxsense Cortex that allows for drag-and-drop remediation workflows with no coding or scripting required. And while the Cortex product is drop dead simple to use, most customers will never need to use it, as our security research team continually monitors the threat landscape for emerging threats and pre-build Cortex workflows and playbooks that provide quick-turn remediation.
Some competitors partner with 3rd party companies to provide similar functionality. However, their tools operate in silos without the benefit of a coherent workflow tool that provide seamless integration. Syxsense Enterprise offers a single agent that not only automates the management of endpoints but secures reduces the attack surface and simplifies management.
Is there a coming together of UEM and UES?
Definitely. We see customers continuing to move toward combined solutions. We also see it in the analyst community as reputable analysts such as Forrester and Gartner begin requiring endpoint tools to have both security and IT management functions. In addition to its patch management and mobile device management (MDM) features, Syxsense Enterprise does deep scanning for known security flaws and provides a list of misconfigurations that require remediation. It provides Syxscore, a scoring methodology that reports on discovered threats and how prevalent they are in customers’ environments. High priority threats can be remediated immediately, allowing security teams to allocate their time and resources to remediating the most critical flows first, and then moving to lower tiers of threat as time allows.
In addition, our security research team provides pre-built workflows and playbooks that accomplish key IT management functions. This encompasses tasks such as setting up new laptops and rolling out new software as well remediating security flaws using Syxsense Cortex. The simple drag-and-drop interface enables customers to build their own workflows with little expertise and no coding. Once an environment is clean, our tool provides “proof of compliance” against industry standards (HIPAA, PCI, etc.) that is often required for security insurance or reporting.
In summary, our intelligent, zero-trust approach combines the user (location/time etc.) plus the state of the endpoint (patch, AV, security status) to control real-time access to corporate assets.