How IT and security teams can work together to improve endpoint security

Credit to Author: Christine Barrett| Date: Thu, 04 Aug 2022 16:00:00 +0000

For executives in the IT and security spaces, the current climate offers reasons to worry.

As workers become accustomed to new flexibility in the workplace, hybrid and remote work options present more challenges. Users want to access corporate resources from their own devices without the inconvenience of onerous security protocols or giving up their privacy.

As digital estates are growing, attacks are increasing in size and sophistication. Serious threats are real, even for small and midsize businesses, as explored in this breakdown of the H0lyGh0st ransomware

IT and security professionals must manage their endpoints and users to counter these threats and maintain efficiency. Historically, these roles have been distinct. IT administrators commonly siloed the processes and tools used to monitor user activity, device health, and compliance. Security operations (SecOps) teams deploy their tools, often running a separate agent on endpoints managed through a dedicated, isolated console. While historically these departments have had different goals for a good reason, this continued separation hinders the collaboration needed to achieve a Zero Trust security model. As explored in this blog post about the federal Zero Trust strategy, the Zero Trust model is recognized as the new standard for the United States government and should be adopted by other organizations.

Spreading security and administration services across a distinct set of tools can also create inefficiencies or inconsistencies. Policies may have to be defined or settings changed on multiple consoles, increasing the risk of error, omission, or conflict. Adding to the friction between IT and security is the inherent tension between usability and security. Permissions and policies must consider how people want to work in addition to how to keep them safe.

Because of the challenges of enterprise endpoint security, enterprise companies must play it like a team sport.

Management and security functions are better together. When security and management tools are integrated, digging for answers to questions across multiple consoles is minimized. The combination of Microsoft Tunnel, an IT endpoint management function, with Microsoft Defender for Endpoint to enhance the security and connectivity of devices managed with Microsoft Intune is an example of this philosophy. Additionally, this combination of services grants access to on-premises networks and provides security services like anti-phishing, anti-malware, and threat detection in a single place.

One way to encourage the necessary collaboration is to center on the user as the key stakeholder. IT and security professionals must create an experience for the user that enhances productivity while keeping endpoints secure. Users find other ways to get their work done when security becomes too intrusive. Employees emailing documents to themselves or uploading them to personal clouds can lead to data leaks. Focusing on the user experience may be a challenge for administrators, but this shift may lead to new perspectives and a departure from the status quo.

Perhaps the best way to encourage collaboration between security and IT is to simplify operations. An ideal tool is one that both functions can share—a “single pane of glass” where IT admins have visibility into the security status, alerts, and activities in the process, and SecOps teams can see endpoint status policies and configurations.

One of our goals with Microsoft Endpoint Manager is to meet this ideal and enable seamless collaboration between security and IT.

Consider this scenario: A security team wants to change a firewall rule in response to threat intelligence.

Without a unified tool, the security team opens their security console and applies a change. The IT team learns about this change after a surge of calls to the helpdesk and must scramble to find a solution. Because Endpoint Manager has integrated firewall management, the security team could communicate the need for a change to the IT team. The IT team can then take a proactive review of possible outcomes and consequences before implementing the requested rule modification and avoid any potential issues. Such a simple change can prevent hours of downtime and hassle, freeing up teams to tackle more challenges and reducing the multiplication of security alerts and configuration changes.

Female office worker smiling and looking away, with a cheerful and relaxed expression.

While no single tool can guarantee a good night’s sleep, using a single, powerful tool for endpoint security and management can help relieve stress. But you don’t have to take my word for it. In this Microsoft customer story, Andrew Zahradka, Head of Workplace Compute Technology at National Australia Bank (NAB), speaks directly to the power of simplification. Before adopting Endpoint Manager, security agents on NAB desktops impacted performance, and update compliance rates were around 60 percent. “Now incidents are down by 30 percent, and people have grown to expect quality deployments and efficient desktops. That’s a direct result of our move to the cloud and modernizing the NAB digital workplace,” he says. Zahradka’s colleague at NAB, Technical Service Owner John Disco, concurs, saying “With a unified Microsoft solution set, we’ve created a new standard for usability and security.”

Learn more

See how Microsoft Endpoint Manager can help collaboration in your organization—visit the Endpoint Manager homepage. Ready to deploy? Reach out to the Microsoft FastTrack Enterprise Mobility and Security team for assistance.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post How IT and security teams can work together to improve endpoint security appeared first on Microsoft Security Blog.

https://blogs.technet.microsoft.com/mmpc/feed/