Many of the job functions within IT operations that have operated in silos have, over time, been converged with other functions where it makes sense. This is particularly the case with changes brought on due to the hybrid work model. For example, in the past, network engineering and telecom eventually came together, as did storage and server operations.
Then there is desktop and security management. These are two areas that logically make sense together, as the data that comes from an endpoint can be used to either make management decisions or may indicate a threat. In fact, many of the vendors that play in management or security pull that same data, but that leaves data in silos. The net result is that a particular tool might do what it's intended to do, but that data can't be leveraged for any other function.
There are several problems with keeping these functions discrete. The first is the obvious overhead of collecting the same data twice. A bigger issue is that there is no visibility across the functions to have a complete view of any issue that might arise. Security tools inspect the data to look for potential threats by monitoring anomalous traffic. If a breach occurs, the security tool can tell the administrator “what” happened. Endpoint management tools ensure that patches are applied, and software is up to date and can determine "why" things happen. Without converging the two, the correlation of information must be done manually. This is why I've maintained the stance that tools like EDR (endpoint detection and response) are very good at the "D" but not the "R."
Synergies needed to support hybrid work
I recently attended the Tanium user conference titled Converge, where the company highlighted the benefits of bringing these two capabilities together. The convergence of endpoint management and security significantly improves a company's ability to evaluate and proactively assess its levels of risk. Historically, the biggest impediment in doing this has been getting the different teams in the IT organization to collaborate, but hybrid work is taking a difficult situation and making it untenable.
Over the summer, I surveyed US-based enterprises and found that 51% of employees will work remotely 2-4 days a week, with another 25% being permanently remote. Hybrid work introduces new risks as the same level of network security isn’t available in a worker’s home when compared to the office. Some IT leaders I’ve talked to have shifted apps to the cloud to help with security, but this is a bit of a red herring. While the cloud providers are secure, users still download data and risk credential theft. In some ways, moving to the cloud increases risk as the environment is more complex. Tanium’s Risk solution is designed to address both sides of this coin.
At the event, I had a chance to catch up with Tanium's Chief Product Officer, Nic Surpatanu, about the impact of hybrid work. He told me that this shift in work style has caused widespread interest in zero trust, and Tanium is able to deliver a solution that's more than PowerPoint. He told me, “At any given time, we can do very complex posture checks giving us a good solution for conditional access. Typically, if a user is blocked because of the segmentation scheme, they suffer a loss of productivity while the patches are implemented. With Tanium, we can automate the patching process making it very fast at minimizing the productivity impact while significantly improving the overall experience.”
End result: Reduced vulnerabilities and improved compliance
At the event, I also talked with several customers to validate Tanium’s claim. The head of cyber security for an Australian-based healthcare organization told me they began searching for a tool like Tanium when the WannaCry ransomware attack was running rampant across the globe. His leadership asked how many endpoints were vulnerable to it. He posed that question to the Microsoft SCCM administrator, and it took them the entire day to generate the report. Even with the long reporting period, he told me the report was generally useless as there was so much information that there was no easy way to identify endpoints at risk.
The security professional showed his frustration when he said, "I had no visibility, and that was just the first step in stopping the threat. After identifying what was vulnerable, I wasn't sure how to respond, so that's when I sought out a patch management solution". He expressed his criteria for what they were looking for, and it was a combination of near real-time visibility, which includes visibility into operating systems, patch levers, and software on the endpoints. I also needed to know the versions of the software and then what to do about it. “If I had Tanium and there was another zero-day attack, I can quickly see which endpoints are vulnerable and quickly patch them. Lastly, the solution needs to be simple so I don’t have to spend all my time learning how to use it. That’s when we selected Tanium”.
I asked him about the impact Tanium has had. He confessed that prior to Tanium, they had stopped patching because people had taken their computers home during the pandemic, so patching was limited to the servers that were on-prem. I asked him to quantify the impact Tanium has had, and he told me the organization went from 1.4% patched to 99% compliance. One of the other benefits of Tanium is it works with offline devices. He told me, "Once devices come online, they are immediately updated." He added, "The solution is particularly effective for software like Adobe that is particularly susceptible to attacks. We have reduced the vulnerabilities on endpoints by 50% just by updating Adobe consistently".
This is a good lesson for IT leaders. The IT operations and security teams may resist working together, so this needs to be driven from the top down. Then it's critical to pick a tool, like Tanium, that provides a single source of truth for both groups to work with.
Zeus Kerravala is the founder and principal analyst with ZK Research.
(Read his other Network Computing articles here.)