Let no endpoint go dark

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

The compromise of a single enterprise endpoint can ultimately lead to a wider security incident, ransomware outbreak, data breach, costly remediation and rebuilding of lost reputation. Most organizations know this, but still struggle to obtain visibility into and control over corporate endpoints, which are often distributed throughout the world.

When a device goes dark – goes off the corporate network, is lost or stolen, or operating without security controls – organizations have a limited window of time to remediate vulnerabilities and mitigate risk. These efforts are slowed or thwarted when the very software controls designed to protect are corrupted or removed.

Persistence technology helps security controls self-heal

Endpoint security company Absolute has a unique solution for that: firmware-embedded Persistence technology that allows endpoint security and management controls to “self-heal” or reinstall if they’ve been removed or compromised. This technology, a key component of the company’s endpoint visibility and control platform, gives IT security organizations a resilient connection to their endpoints for the insight and control to protect users, data and devices on or off the corporate network.

self-healing endpoint visibility

Absolute’s patented Persistence technology has been around for over a decade, and is already embedded in the firmware of over a billion endpoint devices globally. If your workforce is using desktops, laptops, smartphones and tablets by Dell, Lenovo, HP, Asus, Microsoft, Samsung and dozens of other hardware manufacturers, Persistence is already built in at the factory, waiting to be activated via Absolute’s cloud-based platform. (The company offers Apple add-on support that isn’t embedded at the factory.) After Absolute Persistence is activated, it can’t be deactivated by anyone except the customer.

Persistence lives up to its name, checking on endpoint controls and making sure they are present and healthy. If it detects that the control has been removed – whether accidentally or on purpose – it will automatically repair and reinstall it. In fact, there is no way for rogue employees, thieves or other attackers to prevent this “self-healing” process, as it can’t be thwarted by things like a replaced hard drive, flashed firmware, device re-imaging, or a smartphone/tablet clean wipe to factory settings.

self-healing endpoint visibility

This self-healing capability extends across a broad range of endpoint controls from the Absolute endpoint visibility and control platform to third-party agents to help companies build a strong endpoint defense and keep it that way. If an organization has a VPN client or a critical endpoint protection or encryption tool on the device and they want to protect the health of that application, they can use the same embedded technology to do so.

Enabling the always-connected endpoint

Many endpoint visibility and control solutions rely on a device being on the corporate network in order to work as intended. Other solutions offer off-network visibility and remediation, but are dependent on uncompromised software controls and additional on-premise infrastructure.

Security posture and alerts

The platform also provides insights into endpoint security risk via a security vitals dashboard, which displays a quick snapshot of the overall environment as well as its security posture.

Here, organizations can drill-down and see details about particular devices – information about hardware, operating system, software that’s installed – and see which data (potentially at risk) is present on each device.

This feature is policy-based, and can scan files stored on managed devices for data such as credit card numbers, Social Security/Social Insurance numbers, personal health and financial information, custom information unique to the organization, and so on.

self-healing endpoint visibility

This is especially important for compliance reasons, and even more so because of the imminent introduction of the EU General Data Protection Regulation (GDPR) – the regulation mandates that breaches must be reported within 72 hours when sensitive data has been put at risk, or the organization can be hit with severe financial penalties.

The reality is this: devices can be stolen or misplaced, and employees will leak data, whether intentionally or by accident. But with Absolute, organizations can immediately check if sensitive data is at risk and if they need to report a breach. From there, they can act on the information and freeze the device (lock it down) to prevent further access to sensitive data.

Organizations can set up their own alerts and set up different thresholds. Anything that can be reported on can be an alert: e.g. if the device leaves a particular geofence, if it contains healthcare information, if the hard drive changes, if a new program has been detected, if warranty is about to end, if a self-healing call has been made, etc. Customers can create an alert based on any of the variables and combine multiple variables, as well.

Reaching out to the endpoints, mitigating immediate risks

Absolute is great for data awareness and risk assessment, but also for risk response and remediation.

With Absolute Reach, the latest addition to the platform, IT security departments can execute custom workflow and task automation commands to remediate dark endpoints, evaluate and harden security posture, reduce vulnerabilities across all endpoints, and receive confirmation that the action has been performed successfully (or not).

It’s a simple matter of selecting a PowerShell (for Windows machines) or Bash script (for Macs), going through the wizard (change some of the conditions) and then running that particular script on the target device.

The performed interventions can vary from small things like changing a desktop background to more critical actions such as stopping malicious processes or closing vulnerable ports.

For example, when WannaCry went on a rampage, Absolute Reach could have been used to identify enterprise devices susceptible to vulnerabilities in the Microsoft SMB Service, and then turn off the vulnerable service or temporarily isolate the devices from the enterprise network if they didn’t have the right patch installed.

But that’s just one example – there are hundreds of different things Absolute customers are using Reach for. In fact, the company’s newly launched Reach Library provides a basic library of prebuilt scripts that can be used to address common challenges and rapid query and remediation of emerging threats. Customers can also create their own scripts, and as the number of customers using Absolute Reach grows, the company intends to launch the Absolute Script Community, where users can share and reference scripts created by their peers (and validated by Absolute) to solve common query and remediation use cases.

It used to be that endpoints were static and always connected to the corporate network, but now workers are mobile and endpoints are on the move, going on and off the corporate network many times a day. Organizations are finding it difficult not only to see the devices that carry enterprise data, but to also secure them.

Absolute Reach solves that problem: it provides organizations with visibility into devices living off the corporate network, and they can act on the received information to manage and actively secure endpoints.

self-healing endpoint visibility

Easy to deploy and easy to use

Absolute also provides for the ability to initiate an investigation to recover stolen or lost devices. Once an organization files a loss/theft report, Absolute deploys forensic tools onto the device to begin the monitoring process and collect evidence, working with local law enforcement to recover the device. This capability has allowed Absolute to recover over 30,000 devices in over a hundred different countries so far.

The company is also working on a plan to solve for the final piece of the security puzzle: user behavior analytics. By looking at how users interact with their devices, the applications they use, data they access and so on, they can provide baseline profiles and help customers identify suspicious behavior before it becomes a security incident.

Absolute provides organizations with the ability to reach their entire endpoint population at any time, and take immediate custom actions in just a few clicks. Endpoints need to be equipped with the software control, but no other infrastructure is needed – customers reach the endpoints via the cloud-based console. And with the unique, patented Persistence technology, endpoints are always “seen” whether they are on or off the corporate network, and can always be reached to mitigate the risks they are open to.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.