Endpoint Devices Being Offline Doesn’t Mean They Shouldn’t Be Tracked – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO


A survey recently finished by Gallup found that 43% of US citizens that were in employment worked from another location for some of their work time in 2016. Gallup, who has been surveying telecommuting trends in the USA for practically a decade, continues to see more workers working outside of standard workplaces and more of them doing this for more days out of the week. And, of course the variety of connected devices that the typical staff member uses has increased also, which assists drive the convenience and preference of working far from the office.

This mobility undoubtedly produces better employees, and one hopes more productive staff members, however the complications that these trends represent for both security and systems operations teams ought to not be overlooked. IT asset discovery, IT systems management, and risk detection and response functions all benefit from real-time and historical visibility into user, device, application, and network connection activity. And to be truly efficient, endpoint visibility and tracking need to work regardless of where the user and device are operating, be it on the network (regional), off the network however connected (remotely), or detached (not online). Present remote working patterns are increasingly leaving security and operational teams blind to potential concerns and hazards.

The mainstreaming of these trends makes it even more difficult for IT and security teams to restrict what was before deemed higher risk user habits, such as working from a coffeehouse. But that ship has actually sailed and today systems management and security teams need to have the ability to thoroughly monitor device, network activity, user and application, detect abnormalities and inappropriate actions, and implement appropriate action or fixes despite whether an endpoint is locally connected, remotely connected, or detached.

Furthermore, the fact that numerous staff members now frequently gain access to cloud based applications and assets, and have back-up USB or network attached storage (NAS) drives at home additionally amplifies the requirement for endpoint visibility. Endpoint controls typically supply the one and only record of remote activity that no longer necessarily terminates in the business network. Offline activity presents the most severe example of the need for continuous endpoint monitoring. Clearly network controls or network tracking are of negligible use when a device is operating offline. The installation of an appropriate endpoint agent is critical to make sure the capture of all important security and system data.

As an example of the kinds of offline activities that may be found, a customer was just recently able to monitor, flag, and report unusual habits on a business laptop. A high level executive moved large quantities of endpoint data to an unapproved USB stick while the device was offline. Because the endpoint agent had the ability to collect this behavioral data throughout this offline period, the client had the ability to see this uncommon action and follow-up properly. Continuing to monitor the device, applications, and user behaviors even when the endpoint was detached, gave the customer visibility they never had before.

Does your organization have constant tracking and visibility when employee endpoints are not connected? If so, how do you achieve this?

Leave a Reply

Your email address will not be published. Required fields are marked *