NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Forgotten Endpoints

September 9, 2019

  • Blog
  • Archive

Having worked in Endpoint Privilege Management (Privilege Elevation and Delegation Management) and more recently the wider Privileged Access Management (Privileged Account & Session Management) space for a number of years now, I’ve witnessed an increasing awareness about, and concern for, what I will refer to as ‘forgotten endpoints’.

Most businesses have a good understanding of their desktop and server estate—they know what tools are used to protect them and can give you a pretty accurate account of what desktops and servers are in their environment, the OS they’re running, and other basic characteristics.

However, with internet of things (IoT) continuing its expansion at breakneck speed, businesses are suddenly realizing that they have numerous devices in their network that have been long overlooked – POS systems in retail, gambling and gaming machines, and things like pumps and switches in legacy OT networks. These are what I consider the ‘forgotten endpoints’.

In my experience, there tend to be three areas businesses should focus on when considering these forgotten endpoints:

1. Discovery

From my daily discussions with Security, Architecture and Infrastructure teams across numerous industries, it seems that, while some organizations can effectively scan their network to understand if any new assets have been added, for other organizations, this remains a lengthy and cumbersome manual process.

So, what can be done? In my experience, automation of asset discovery, when implemented, is a sure-fire method for reducing a large amount of cyber risk exposure.

Microsoft recently reported that the notorious Russian state-sponsored hacking group, Fancy Bear, is actively attacking businesses through internet of things IoT devices. According to Microsoft, the IoT devices observed in the exploits included a VOIP phone, an office printer, and a video decoder. These IoT devices enabled the attackers to establish an initial foothold on the victims' networks. In some cases, the IoT device’s embedded password had not been changed from the default. IoT devices with the default credentials intact are easy pickings for hackers with basic device knowledge.

2. Supply Chain / Vendors

In most cases, businesses require third parties to support and maintain their systems and devices. The majority of these third parties require admin access to undertake this support, often without any control over what they can and can’t do, with little-to-no audit capability.

Vendor access / vendor remote access tends to be the number one risk businesses are worried about when considering these forgotten endpoints. The perception is that “we cannot get in the way of these third parties providing their support as efficiently as possible.”

Organizations understand that vendor access is often a necessary risk to ensure the business continues to effectively operate. A great example here are third parties managing gaming/gambling machines in betting shops and casinos, or third-party engineers maintaining pumps and switches in OT Networks. These businesses cannot/will not risk downtime as it directly affects revenue.

However, vendor access is too often applied in broad all or nothing strokes—as opposed to managed granularly. There is no longer an excuse for this dangerous approach. Modern solutions can provide secure, third-party access, while maintaining a least privilege model and layering on full session auditing capabilities. This essentially means you’re extending to vendors and remote workers the best practices privileged access management (PAM) you’re applying (or should be applying) to your own employees. We can ensure mandates such as NIST and CPNI are met, without impacting the ability for these third parties to perform their roles.

3. Cost

Supporting, managing, and maintaining these forgotten endpoints can be costly, in at least several significant ways:

  • The time that business spend manually trying to maintain an asset inventory is often high.
  • Vendors are frequently required to be onsite when managing these devices as connecting to them remotely is too insecure (at least, when they don’t have robust remote access security in place).
  • If users maintaining these devices lack the correct level of privilege due to internal security policies, they are often unable to perform their roles in a timely manner. Without a mature PAM program, it may require a very manual and time-consuming processes to provision just the right level of access.

By discovering all devices and assets within their organization, streamlining and safeguarding support, and reducing the need for external third parties to be onsite to maintain systems, enterprises can reduce risk exposure and increase operational efficiency.

In my experience, the organizations that have been successful in implementing these measures have done so by adopting unified PAM solutions that can automate asset discovery, provide secure remote connections for internal and external parties, and audit all activity—enabling organizations to efficiently secure all types of endpoints at scale. Using a unified solution provides businesses with a holistic view of risk across all assets and allows them to take informed action on audit data quickly and effectively, limiting risk exposure.


Whitepapers

Privileged Access Management: PAM Checklist

​Related Resources

How to Secure Remote Access for Vendors & Employees: 10 Tips (blog)

A Guide to Endpoint Privilege Management (white paper)

IIoT Security: Managing Identities and Privileges (white paper)

Manage Third-Party Remote Access (solutions page)

Photograph of Charlie Wood

Charlie Wood, Regional Sales Manager

Charlie has been with BeyondTrust since 2014, working within the UK sales team. As Regional Sales Manager, he heads up a number of verticals, including Energy & Utilities, Gambling & Gaming and Telco for the UK & Ireland. Charlie is responsible for growing and developing business for the entire BeyondTrust PAM portfolio.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.