Keeping track of all the devices making up a company’s IT estate is a monumental task. When it comes to security, the endpoint devices, often in the hands of employees, are a huge point of potential exploitation for hackers. And you can’t protect something when you don’t even know it’s there. Securing endpoints was hard enough when IT departments only had to worry about the ones in the office; in the age of predominantly remote workforces, the endpoint perimeter has been stretched, widening a company’s attack surface. So how are savvy IT teams staying ahead of this? It starts with device detection and management.
The hasty rush to remote
The story is well known. COVID-19 arrived and the entire business world went remote in the interest of safety – and it did so pretty much overnight. What may not be as well known is that, to facilitate this rapid change, IT experts had to scramble to re-configure their IT estate and bring in missing technologies that would enable and secure remote work at scale.
As a result of the haste, security risks were often accepted temporarily, leaving points of exploitation open, particularly in regard to the now even more disparately located endpoint devices that are now all operating over less secure home networks. This has increased the need to detect, manage, and secure devices.
Applications are risky too
Two groups that have thrived as a result of the move to remote are the SaaS and cloud-based vendors, whose delivery models are suited to accommodate employees working from home. Unfortunately, the increase in SaaS application use and lack of visibility of that use creates a “blind spot” for traditional security monitoring solutions.
These application blind spots create additional points of exploitation. Coupled with the increased threat surface of unknown devices on home networks, gaining network and anomaly visibility has moved from being a nice-to-have feature to a mission critical one. Organizations need the capability to discover their entire network footprint of authorized and connected devices and applications, whether those exist on-premises, in remote workers’ homes, or in a multi-cloud network model.
Thankfully, IBM provides a powerful solution to this challenge.
QRadar enables an organization to discover and map its entire IT estate and everything operating within it. User Behavioral Analytics (UBA) data is calculated, enhancing the security team’s understanding of end-user risk. The data is then mapped to the MITRE ATT&CK Framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The gathered knowledge is used as a foundation for the development of specific threat models and methodologies. This connection affords security teams with greater threat hunting and incident response capabilities, and analysts can use QRadar to automatically connect the dots for more decisive threat escalation.
QRadar is designed to automatically analyze and correlate activity across multiple data sources including logs, events, network flows, user activity, vulnerability information, and threat intelligence to identify known and unknown threats. Phishing activity, Command and Control (C2) traffic, ransomware, and data theft and exfiltration are just a few common threats it can detect to increase any organization’s security posture. To stop a threat, you must first detect it, no matter where it may be hiding and operating.
To learn more about how QRadar and IBM can help secure your IT infrastructure, no matter if it’s on-premises, in the cloud, or hybrid, please visit https://convergetp.com/cybersecurity/.