Alessia
Forster

How to choose the perfect UEM vendor?

Alessia Forster

Oct 4, 2021

12 min read

HexCon21 witnessed several exciting sessions by industry leaders from a wide variety of fields. The sessions brought answers to some hot topics, including securing endpoints, successful remote work implementation, compliance with regulatory standards and building leadership and managerial skills. A major highlight of day 2 of HexCon21 was Chris Robert’s interview; by Sarika Abraham, the marketing lead at Hexnode. The topic was “How to choose the perfect UEM vendor?”. With his element of wit and excitement, Chris Roberts made the hard-to-decipher topic of cybersecurity a lot more captivating.

Getting to know the speaker

Chris Roberts
Adviser, Researcher, Hacker, HillBilly Hit Squad
Chris is considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. Since the late 90’s Chris has been deeply involved with security R&D, consulting, and VCISO services in his quest to protect and defend organizations against various types of attack. As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences and is regularly featured on the CNN, The Washington Post, WIRED, and numerous other media publications.

The story- how it all began

Chris’s entry into the field of cybersecurity was governed by many different factors. Part of it was the comfort it offered; his comfort with computers coupled with curiosity. What fueled his passion further was making cheat codes, a desire to defy the game designers and the game creators and getting to the end goal without having to go through all the payments.

And, this is such a dynamic, ever-changing environment. It’s fantastic; it drives you nuts on a regular basis.

Not just that, with a varied background enjoying puzzles, math, science etc., it was easy for him to enjoy the dynamic environment of the field of cybersecurity. Technology has now reached a state where it’s now possible to have varied conversations; as the speaker says, “we’re doing this, the next minute I’m working on, you know, taking something into pieces in my hands and figuring out how it works. And then the next minute, I’m having conversations about quantum entanglement and biological reverse engineering of humans to figure out the next generation of compute.”

Who is a hacker? Is he the ‘bad guy’?

For Chris, that’s a mindset; it’s a mentality. Recollecting the 60s and 70s, and 1980s, the hacker mentality was more of an “I don’t know how the heck this works. Let’s figure this out. Let’s hack it together” kind of approach.

It’s looking at life itself in the digital and physical world and going what makes it tick. Right, that’s the hacker mentality.

As Chris beautifully points out, as a hacker, it’s taking that curiosity and looking at companies and sites and people and systems and going look; if I don’t play by the rules and I apply my own thoughts about how to do this, here’s how I would circumvent all your wonderful controls. Now let’s talk about how we fix it! Whereas there’s a criminal; It’s like, hey, I’m going to exploit how to break it and just take everything away from you!

In this tech world, you may have the skill to break into almost anything, but what do you do that for makes the real difference!

Do you use it for good? Do you use it to help educate? Do you use it to inform? Do you use it to take advantage of people? Do you use it to abuse the trust? Do you use it to extort, and I think that’s where that moral and ethical line definitely separates!

At the end of the day, all that matters is the purpose you are using your skill for!

Preventing ransomware- what should employees look out for?

We need to adopt an approach of not just educating to protect but helping the human, and that makes the real difference. He says, switching from the don’t click or else approach to the “Hey, how can I help you?” approach can have a significant change in the way the employees approach cybersecurity. By this, you change to a cooperation and collaboration mentality from a punitive mentality. With an emphasis on these measures that can be taken to help employees, he also brought forth the greater reality, “We can’t always rely on the human. We can’t”.

There is no such thing as protection, 100% protection, especially. There’s no such thing as a perimeter. It’s gone. You know, when we handed out mobile phone technology, we lost that whole concept of the perimeter.

People are now like the guardians of the information, be it their personal or company information. It has also become important for the company to realize the important fact; we can’t just rely on humans. It’s always good to be cautious; assuming that somebody is on the inside and making a plan as to what needs to be done is more important now than ever. Following a proactive approach and being prepared for the possibility of somebody actually creeping around on the inside can help you a lot more in staying protected.

After a ransomware attack- Is recovery a myth?

Ransomware and its impact can sometimes be daunting. After an attack, the post-recovery stage is often considered an element of the distant future. As Chris says, there are definitely ways of recovering. But, a lot of it is preparation. So, what did you do beforehand?
Taking us back to the 1980s, the speaker recollects how much they loved their backups- offline backups. It’s important to do simple offline backups which aren’t connected to the clouds to avoid instances of the ‘bad guy’ getting it! He recommends doing some basic hygiene practices even if you are not a fan of backups.

At least doing some basic hygiene, maybe this thing called network separation and segmentation that’s been around for about 20 years.

By network segmentation, Chris focuses on the importance of connecting devices to different networks or at least the critical devices to network different from the parent network.

Never the twain shall meet, you know, so we don’t do that. That’s simple stuff!

He further emphasizes the importance of being prepared for things beforehand. Ransomware attacks, though unfortunate, you need to have a plan; as the speaker says, “Here’s my instant response plan, here’s my back up and off I go from here.”

Identifying the markers- Knowing if your company has been compromised!

Watching your network can help you get clarity; you need to analyze not just where your internet traffic is coming from but also where your internet traffic is going! As Chris points out, if for the last 30-60 days you’ve had traffic going out to the US to India to Nepal, and all of a sudden traffic’s going out to Belarus and Latvia and the Ukraine and Korea. We might want to actually look into this one and see what’s going on. He also points out the importance of spreading awareness among the employees.

If you’ve engaged the user population, let’s just say you’ve done some training; the best call you can ever get is from a user going, “Hey, I think I clicked on something.”

Logging is yet another important aspect. Paying attention to them can be beneficial; it can help you find out the areas that you need to focus on, for instance, if somebody turned the antivirus off or if the patch isn’t installed. With these, you can easily find the loopholes and fix them at the earliest.

Passwords and the possibility of a password-less future

Passwords really help; they definitely do. Chris effectively conveys that by comparing it with the ease of breaking in through the door. He says if you have the password breaking in is really easy; you just need to rattle the door. What if you don’t have the password and the user has adopted a default one like spring2021? Well, that’s equally easy; it’s as simple as rattling the door and maybe putting your shoulder a bit in!

A password-less world is all about being able to validate that we are who we say we are and that we are what we say we are! He then points out the absolute idea of assets as a means of validation. As Chris says,” We are allowed to get access to the assets that we should have. Not that we might want to have, but we should have and that we’re able to do it when we need to be able to do it”. A couple of companies are making this possible by coordinating the assets they can validate where you physically are by geotagging humans. This can be trusted to the extent of 95-98%. The speaker then points out another important advancement, biometrics.

What you can’t change is fingerprints and facial recognition and forehead prints and differences between the eyes and all that stuff.

A purely biometric mode though extremely beneficial, also comes with its set of challenges. Chris accurately points out how scary it can be if the data gets lost due to the lack of efficient data protection measures. And this can be challenging as changing the fingerprints is not a feasible option at all!

Do you really need an endpoint management solution?

We have thousands of vendors now, each of them debating about the features that their point solution has got! By highlighting its benefits, Chris says; I love that idea. I think it’s fantastic. Because it does at least open people’s eyes as to what is what they have to deal with.

I worked for one of those companies for a while, and I loved the tech, was actually pretty cool.

With an endpoint management solution, you can get a better idea of what you need to deal with. Sometimes users connect devices other than the ones showcased, and consequently, keeping track of them and avoiding instances of compromise can prove to be a challenge.

So, there’s that. There’s, unfortunately, that culpable deniability if you don’t know, then, well, maybe you can get away with it, but you can’t do that anymore.

It gives you a platform that helps you understand what the asset is, where it is and who’s accessing it and many related aspects. According to Chris, the solution should be platform-agnostic, easy to use across a variety of platforms and also capable of supporting IoT systems. IoT systems have become critical as they are all over the place now and can potentially turn into vulnerable sources if not handled carefully!

Do small organizations need a UEM solution?

Sometimes getting a good security resource like people for virtual CISO work can be a bit expensive. So, that makes choosing the best option suited for your organization all the more necessary. All these are sometimes focused on making the small companies understand what they have and then dealing with their logs and everything else. For small companies, it’s all about putting their trust in someone, and for that, you need to understand their service agreement. As Chris points out, it’s necessary to understand if you are really cared for, or you are just another number in the queue.
Smaller organizations are targeted for a variety of reasons. Some of these include

  • The chances are that you may have insurance that may be the target of some intruder.
  • Sometimes due to ignorance, because you didn’t think you were easy to break into!
  • The thirty million small and medium businesses are easier targets compared to the top 30,000 companies.

You need to go to a trusted party, and for that, all you need to do is ask them some of the questions like, “You know what platform and how does it work? How’s it integrated into all the service level stuff?” These can help you get clarity on your solution and thus arrive at better decisions.

Choose the perfect UEM vendor

Being a consumer offers you a lot of perks. Here, you are your decision-maker; if you don’t like something, don’t buy it, it’s as simple as that! As Chris says, “Vote with your money.”
But you also need to know the right questions to ask. It’s also important to choose the vendor who offers a feasible solution. Chris speaks of choosing a vendor who says;

We’ve got a good team of people, and we’ll watch everything. And we’ll keep an eye on things we’re keeping awareness in place. We monitor, we manage, we control. We have our own. We hold ourselves to NIST 800.53 of the common security. And by the way, we use something like security studio to manage effectively how we and our clients are doing.

You can easily differentiate such vendors from others who make promises that are not practical. some of the other questions that help you decide include:

  • Do they have the best interest of you?
  • Do they have the best interests of making the best deal?
  • Are they taken in or swayed by vendor swag?
  • Are they doing an objective analysis of the technology, or are they swayed by buzzwords?

Educating the customers is equally important. Making them aware of some key factors or questions can help them choose the right solution for their organization and thus help them vote with their money more efficiently.

Share
  •  
  •  
  •  
  •  
  •  
Alessia Forster

Product Evangelist @ Hexnode. Take life as it comes. One day at a time.

Share your thoughts