Endpoint Vulnerability Management in a Remote Workforce World
Share with Your Network
The great global remote workforce. What was initially a temporary solution to keep operations humming and ensure the safety of employees has evolved into a permanent state for many businesses and their employees. Prior to the arrival of the COVID-19 pandemic, a mere 17% of the nation’s workforce worked remotely five days or more per week. By April of 2020, a staggering 70% of US workers reported they were punching in from home at least some of the time. As we rev up for the second half of 2021 and beyond, most employers are accepting that working from home is here to stay.
Remote work is now fully integrated into the modern landscape, and both organizations and their employees are reaping the benefits. Companies are realizing exponential savings and increased productivity and workers are enjoying a better work-life balance and even threatening to quit if a working-from-home option is not on the table going forward.
It’s a brave new world for employers—and for Security and IT teams simultaneously defending their infrastructures against heightened attacks by bad actors looking to take advantage of a widely distributed workforce, while also adapting their environment and Security strategies to accommodate a growing number of devices and applications.
Handling the new influx of information can be confusing, complicated, and inefficient.
Security ramifications of a remote workforce
These increasing assaults on a growing attack surface only add to the vulnerability management burden. And for teams lacking a true data-driven way to effectively prioritize these risks, the number of vulns deemed high or critical will be inflated. This leads to more work for IT teams who are already frustrated with their current workload and often stagnant risk profiles.
Security and IT teams are at odds, and with no way to align around clear priorities, resources continue to be wasted. Not a fun scenario, yet many organizations try to power through with a traditional vulnerability management approach.
The missing pieces: Visible and actionable, risk-based vulnerability management
While the key to addressing these issues is multi-pronged, one potent antidote is risk-based vulnerability management (RBVM). Contrary to what all the high CVSS scores might indicate, the actual number of exploited vulns remains relatively low. Therefore, your goal must be to distill your remediation list down to the endpoint vulnerabilities most likely to pose a threat to your organization. To do this, you need a data-driven, predictive approach powered by data science and actionable threat and vulnerability insights. With a RBVM foundation, swiftly making decisive and effective security actions (and measuring their effectiveness) becomes part of your daily security operations.
Wrangling these endpoint vulnerabilities into one centralized location is the second step in this remote workforce evolution. More devices, applications, and servers means more scanners are entering your environment. This makes it more important than ever to see across your entire stack from one central tool.
Microsoft and Kenna Security just made endpoint vulnerability management easier
There’s good news for Microsoft Defender for Endpoint customers looking to evolve their endpoint vulnerability management.
Kenna Security has partnered with Microsoft to build a new integration to give joint customers more personalized vulnerability prioritization and actionable insights. By integrating with Microsoft’s threat and vulnerability management capabilities, Kenna.VM customers can incorporate data directly from Microsoft’s threat and vulnerability management solution in a centralized environment that normalizes scoring data and prioritization across all scanners and the entire IT stack.
Linda Brown, Kenna Security’s director of technical product management, notes how this integration “allows customers to bring in not only a broad base of vulnerabilities but also a ton of metadata about their assets.” With extensive experience in directing customer integrations and deployments, Brown helped inform the collaboration so it would address the pain points of the new remote work landscape. “Now customers can really get granular with their endpoint vulnerability data,” she says. “They can slice and dice it to examine areas of risk by management level, department, business unit, asset class, remediation owner and more. It’s a game changer.”
Simplifying security, without compromise
Prior to the pandemic, teams were examining opportunities to both enhance and simplify their security efforts. The past year only accelerated these efforts as infrastructures continue to grow, security employers are hard-pressed to find security talent, and teams are challenged to do more with less. Leveraging cloud-based, intel-driven RBVM solutions and integrations is proving to be a viable way to meet these demands and protect businesses by focusing on the risks that matter most.
For more on enhancing endpoint vulnerability management, meeting the demands of a remote workforce environment, and the new Kenna Security and Microsoft integration, join us on June 24 as we break down how to maximize efficiency to improve your security posture.