Twitter: @darrell_kesti
When I was growing up my dad would say, “Darrell, the only guarantees in life are death and taxes.” Such an uplifting message :). Well, if you work in IT Security you have a third guarantee – endpoint agents.
I am fortunate in my job to have the opportunity to meet with a lot of IT Operations and Security professionals and get insight into their organizations, security operations and security approaches. A few weeks ago, I was in such a meeting, talking about ForeScout’s approach to visibility, when the individual I was meeting with abruptly stopped me. He said, “Please tell me you don’t need an endpoint agent to do this, we have agent fatigue.” First, I responded with, “No, we do not need an agent, “and then I had to ask, “agent fatigue?” That was a new one to me. He started to explain that they have over fifteen agents installed on corporate windows systems today for various tasks like endpoint protection, detection, updating, patching, host based intrusion detection systems (HIDS), data loss prevention (DLP), anti-virus (AV), endpoint detection and response (EDR), etc…OMG!
As he was running through the list my mind wandered a bit and I had this vision of the management of this environment – it’s as if you were bringing fifteen kids on a field trip to a museum, alone. “Billy, why did you punch Sally?”, “Hey, where is Timmy…has anyone seen Timmy?”, “Who ate all of the lunches?”, “Where did Amy go?”, “Tommy, why are you crying?”, “Don’t break anything!”, “Why am I doing this?”…
Returning back to the conversation, intrigued, I had a few more questions:
- How do you manage this many agents?
- How do you ensure the agents are installed, running and current?
- How do you know if they are installed where they should be?
- How do you gain visibility into connected devices during deployment?
- How do you do upgrades and version management of these agents?
After discussing these questions further, along with ways to address each of them, the conclusion is:
Endpoint agents are needed and aren’t going away as there are controls, protections and tasks that need to be done on the end device. You need something resident on the endpoint to do the work and take action: an agent. However, technology exists that can assist with the visibility, management, care, hygiene, validation, install and updating. There is good reason you wouldn’t take fifteen kids to the museum alone.
Since this meeting, I have been asking, “How many endpoint agents do you have today?” The answers have ranged from five to over twenty endpoint agents. Looks like it is safe to say endpoint agents are a guarantee. I need to call my dad and tell him I have found a third item to add to his list.