Tackling the Top Threats in Cybersecurity with VMware TrustPoint
Searching for the term “cybersecurity” in your favorite search engine yields some interesting and somewhat alarming results. You will see advertisements from security vendors telling you not to become the “next target”. If you search within the U.S., the Department of Homeland Security website will likely show up. You may see yet another organization who just got hacked, maybe even for the second or third time in recent years.
Threats in the cyber world are showing up everywhere and every day. With the rise in bring-your-own (BYO) initiatives and workers using more devices for work, the most dangerous threats often show up on endpoints.
Organizations are struggling to get complete visibility of what is on their network to efficiently secure and manage their endpoints. An effective endpoint security and management strategy starts with a modern approach that can scale and respond quickly to today’s demands.
We introduced VMware TrustPoint to provide security and IT operations teams with complete endpoint visibility and control to secure and manage endpoints at speed and scale. Let us look at how TrustPoint can help tackle some of the most common cybersecurity threats trending in the enterprise today.
Tackling the Top Threats in Cybersecurity: Ransomware Example
Ransomware is a hot topic these days and for good reason. Hackers can essentially infect devices owned by users or organizations with ransomware, usually in the form of malicious code that disables access to files. The malicious actors then hold the user or organization at ransom until they meet demands, usually in the form of payment through bitcoin currency. This type of threat is very popular:
Nearly 50% of organizations had a ransomware attack between 2015 and 2016, per Osterman Research.
Because ransomware authors typically exploit endpoints running outdated software, enterprises can work to protect their network from ransomware by keeping software and patches up to date, something TrustPoint can help with.
Using TrustPoint, security and IT operations teams can simply ask a question, retrieve results in seconds and quickly act. For example, teams can use TrustPoint to query which endpoints are out of date with the latest patches from Microsoft Windows, Internet Explorer or any other application.
Unlike security tools with outdated architectures that rely on databases, TrustPoint is built on a modern communications platform which returns results in seconds from a live environment. Once the query completes, the security or IT team has the information they need to take the appropriate action to remediate the threat in real-time. In this example, IT can remotely distribute a patch across vulnerable endpoints.
Securing Unmanaged & BYO Endpoints
Having complete network visibility also helps security teams combat ransomware and other advanced threats. TrustPoint can quickly discover unmanaged endpoints and take actions to either gain control or prevent them from being a threat.
According to a recent SANS Institute report:
“You can prevent 80-90% of all known attacks by implementing and staying current on basic cyber hygiene.”
If you do not know how many IT assets are on your corporate network, how can you assess the impact of existing threats, like ransomware, and prevent IT assets from future threats? That is where a strong security hygiene strategy begins and what TrustPoint can help answer.
TrustPoint + AirWatch Together
The popularity of the Windows operating system (OS) in the enterprise created security and management challenges over the years, in part due to the traditional systems management approach forced upon IT. The release of Windows 10 signaled a shift from this traditional management approach to a mobile-first management approach called unified endpoint management (UEM).
Already the leader in enterprise mobility management (EMM), VMware AirWatch evolved into a platform that could not only secure and manage mobile device, but also Windows 10 endpoints. With AirWatch, organizations get the full benefit of a UEM platform to manage both mobile devices and desktops. Now with TrustPoint, organizations can extend the security and management of AirWatch-managed desktops.
Security and IT operations teams can find potential threats using TrustPoint, report them back to AirWatch and take action for automated compliance. Customers also benefit from having one vendor in VMware to secure and manage mobile, desktop and server environments.
Let us look at an example of the integration. An organization looks for unsigned applications on any Windows 10 device in its environment. Using TrustPoint, the security or IT operations team can run a query that will quickly find Windows 10 devices running these unsigned applications and tag them as compromised. Using AirWatch, the team defines a compliance policy to block VPN access from any compromised device. Any user using a device with an unsigned application will be blocked from connecting into the corporate network through VPN.
Security teams can take it a step further and set up different actions according to the various threat levels they define. This helps drive even stronger compliance and real-time threat containment across all endpoints in any environment.
The Next Era of Cybersecurity: It Is Time to Get Proactive
Other types of threats security teams need to focus on include rootkits, viruses, worms, trojans, adware and spyware. According to AV-Test:
Over 390,000 new malicious programs are registered every day.
Since viruses, worms, trojans and other types of malware have been around for decades, many organizations are still using tools from the ‘90s and 2000s to combat and remediate against old and new threats.
Signature-based security alone no longer helps, as 97% of malware is unique to a specific endpoint. Large organizations end up using dozens of point tools that cannot communicate with each other and do not provide a clear picture of overall security posture. TrustPoint can help address these inefficiencies.
Let’s say you identity a process as malicious and spreading through your environment, like a worm. Security teams can use TrustPoint to discover affected endpoints quickly by running a query that looks for a specific MD5 hash tied to the process. The team can then take action, such as quarantining the devices and then reimaging or uninstalling the app to bring the device back into compliance. You can further automate this process, so there is a continuous check for the malicious process.
We highlighted some of the top threats that cyber criminals use to expose enterprise organizations today. TrustPoint helps security and IT operations teams get visibility into their environment, so they can efficiently detect and remediate against these advanced threats and increase their security hygiene. With VMware ecosystem integrations, such as AirWatch, TrustPoint can give organizations a complete end-to-end security approach.
For more information on how TrustPoint can help you, visit vmware.com/products/trustpoint.html.
Because you liked this blog: