The Power of Endpoint Visibility

We’ve been talking for a long time about the need to understand just what is happening on your organization’s endpoints, since before the release of Nuix Adaptive Security. After all, that’s where your employees interact with the enterprise’s critical data. Any findings from the endpoint will arguably be equal parts machine and human behavior. Visibility at this level can significantly change the way you defend your organization from threats both internal and external.

We’ve run everything from limited tests with interested customers to deployments across full enterprise networks, and the feedback is consistent. Almost immediately, analysis of data flowing from the endpoints typically yields immediate insights into how data is moving, where attackers are probing defenses, and what users are doing on the network.

Adaptive Security Dashboard
The Nuix Adaptive Security dashboard gives you unparalleled visibility into activity on monitored endpoints.

Follow the Flow of Information

Understanding access to and the flow of information within an organization is paramount when it comes to making critical business decisions regarding risk and information governance. Nuix Adaptive Security provides an unprecedented level of visibility into processes executing within your infrastructure, processes that can impact information’s flow within your infrastructure, as well as illustrate where information may be going outside your network.

The most significant findings we’ve heard—anecdotally, since the data remains under the control of the organization and isn’t reported back to anyone at Nuix—included the pervasive use of cloud storage as well as the proliferation of external USB storage devices. While not specifically in violation of corporate acceptable use policies, this use of external storage poses a significant risk to the organization’s brand and information governance, as it poses challenges to the control of information. In addition, the unfettered and uncontrolled use of cloud storage provides an additional avenue of compromise and infiltration.

Consider possibly the biggest insider threat story we’ve ever encountered—Waymo vs. Uber. Masses of proprietary engineering plans walked out the door, and it wasn’t until well after the fact that anyone at Alphabet (parent of both Google and Waymo) realized what kind of information worked its way out of the organization. There’s no better example to make the case for needing improved visibility into endpoint activities and tracking the movement of critical data.

In the end, it’s impossible to make critical business decisions without demonstrable, empirical data upon which to base them. These decisions, despite common perception, are not limited to what you’d call ‘cybersecurity’ activities. Yes, Adaptive Security will stop a hacker’s activities on a targeted endpoint, and it will help you remediate malware before it can cause damage.

This same visibility will also help you refine and enforce your risk management policies in a meaningful and informed manner, putting you in a much stronger position to act in the event one of your employees tries to walk away with valuable intellectual property, your network starts behaving oddly, or a hacker starts testing your defenses.

Security & Intelligence
Posted on July 26, 2018 by Harlan Carvey