If you think of your enterprise IT environment as a combat zone — and the U. S. Department of Defense advises that you should — then endpoints become your first line of defense. This is where your employees access, use and process sensitive, personal and/or classified information as they connect to your organization’s mission-critical systems.
This is also where Zero Trust’s philosophy of “never trust, always verify” can really make a difference.
The National Institute of Standards and Technology (NIST) published NIST 800-207 Special Publication to provide a comprehensive framework for implementing Zero Trust. One primary NIST 800-207 requirement involves the ability to identify and monitor all endpoints — not only those owned and managed by the enterprise, but also associated endpoints that can access organizational systems and data, such as employees’ personal devices. Endpoint management has evolved into an area of struggle for many organizations. Yet it’s crucial to resolve endpoint management challenges to achieve Zero Trust.
Here are the top three gains you’ll achieve from Zero Trust endpoint management:
- Visibility into all endpoints. Almost 2/3rds of surveyed organizations say that a lack of visibility impacts their endpoint security most.[1] In hybrid and mobile workplaces, the proliferation of unmanaged and BYOD devices, in particular, greatly reduces visibility. A Zero Trust Architecture (ZTA) provides insights into your entire environment, enabling you to proactively detect all devices regardless of where and how employees and other users connect to IT resources.
- Real-time monitoring and mitigation. Every day, several dozen new vulnerabilities are being discovered, and they quickly add up. Research shows that on average, organizations have a backlog of 57,555 identified vulnerabilities.[2] Zero Trust endpoint management enables you to monitor endpoints and apply patches as warranted to mitigate vulnerabilities in real-time.
- Continuously Improved security posture. One of primary tenets of NIST 800-207 is to use the data collected on the state of your endpoints to improve your organization’s security posture. By continuously detecting, monitoring, and assessing all of your organization’s endpoints in real time — including servers, desktops, laptops, and mobile devices — you gain context into what’s happening across your entire IT environment and can use this information to constantly improve security and mitigate risks.
The Value of Continuous Diagnostics and Mitigation
NIST recommends implementing a continuous diagnostics and mitigation (CDM) or similar system to monitor the security of enterprise assets, including endpoints. A CDM system:
- Provides visibility into devices and monitors their state to help you identify vulnerabilities.
- Collects, analyzes, and correlates endpoint, security, and operations data from various sources.
- Allows you to handle compromised, unmanaged, or vulnerable devices differently than those in a secure state, denying access to resources, automatically applying a security patch, or closing down a device.
- Simplifies data collection for regulatory compliance and audit reporting purposes.
A CDM also plays a key role in any organization’s policy engine, which is used to make decisions about whether to grant access to data and systems. Data collected through a CDM feeds into a policy engine’s Trust Algorithm, a ZTA component that calculates trust scores to determine risk.
How HCL BigFix Helps
HCL BigFix can help you achieve Zero Trust. It identifies risks, such as vulnerable devices, and automatically pushes controls to endpoints, regardless of their ownership, connection status, location, and operating system.
The BigFix Zero Trust Endpoint Management System also helps you achieve NIST 800-207 tenets by:
- Continuously measuring the security and integrity of all owned and associated devices that connect to your data and systems (SP 800-207 Section 2.1.5)
- Collecting data about the current state of assets, network infrastructure, and communications enabling you to use these insights to improve security (2.1.7)
- Deploying a CDM system that collects telemetry about the state of your enterprise assets and applying updates to configurations and software components (3.0)
- Providing industry compliance to ensure that you meet regulatory requirements (3.0)
- Feeding data about the state of assets into a ZTA Trust Algorithm to provide known status updates and ensure continuous policy enforcement (3.3)
Zero Trust for Endpoints: Better Security and Compliance Readiness
As enterprises have evolved to embrace remote work and cloud environments, cybersecurity too has also evolved to embrace Zero Trust. Applying NIST’s 800-207 core tenets to the vast number of endpoints in today’s typical operations empowers organizations to strengthen defenses, reduce risk, and improve compliance.
HCL BigFix lets you apply NIST 800-207 Zero Trust core tenants to every endpoint. With BigFix, you can monitor, find and fix security issues on the fly — including immediate patching of vulnerable endpoints — without disrupting your organization’s daily operations.
How prepared are you for Zero Trust?Take our free 4-minute self-assessment here
Sources:
- https://www.darkreading.com/endpoint/nearly-half-of-enterprise-endpoints-present-significant-security-risks ↑
- Ponemon Institute/IBM X-Force, “The State of Vulnerability Management in the Cloud and On-Premises,” August 2020 ↑
Start a Conversation with Us
We’re here to help you find the right solutions and support you in achieving your business goals.