The work of a large company’s IT security experts consists of safeguarding the network, the business infrastructure and devices, and all the data processed by the company.
example, if a business has 10,000 employees, each may use a laptop and/or a desktop,
as well as a mobile device and will connect to a server. As such, the total
number of devices utilized at an enterprise may be enormous. Alternatively,
another company may have a small management cadre of 100, and 10,000 employees
involved in production, retaining a relatively low number of endpoint devices,
but numerous servers, a production line with its own operating system, and a
number of Internet of Things (IoT) devices. These may be used to monitor
product distribution or production, for example to monitor dairy cows and the
tracking of cattle.
both cases, the devices used are connected to a corporate network, and as such,
IT security experts understand that maintaining protection for all of these
devices, the corporate network and stored data is very complicated. They also
concede that company security is at risk of being breached, either via a
mistake, the negligence of an employee, or due to some form of cyber-attack.
Industry consensus shows that it takes about 150-200 days before companies discover that cyberattackers have impacted their businesses in some way. Such a discovery is followed by an investigation into how malicious code entered the company’s network and what damage it has caused. It may be the case that a company never gets answers to these questions.
When less is more In many cases ESET has encountered companies simultaneously running a large number of agents up to an incredible 15 to 17 on their network and devices in an attempt to achieve maximum coverage. However, the utilization of a large number of agents, often sometimes from different vendors, creates an environment where they do not play well together. This can have a significant negative impact on system performance, security, and the workload of IT staff who are tasked with managing it all.
As a consequence of this complexity, companies have been experiencing increased pressure on their IT security resources, higher costs and increased risk exposure. Under such conditions they (usually) try to evolve towards reducing the number of agents by choosing platforms where multiple agents can be managed from a single dashboard.
To better meet this need ESET has continued to adapt solutions like ESET Remote Administrator, which was originally designed for the remote management of endpoint device security. Increasing market demand for deeper insight and further security capability has helped give rise to a new product: ESET Security Management Center (ESMC). The new name better reflects the actual functionality of the console.
This solution consolidates the management of a number of powerful technologies into a single dashboard that can increase visibility into the state of the system. This includes, cloud sandbox and also covers ESET Endpoint protection platform for endpoint devices with a wide range of detection technologies, from UEFI protection to ransomware shield.
is able to provide an administrator with a lot of information on the hardware
of individual computers, such as device type, manufacturer, model, serial
number, processor, RAM, and disc space. It also monitors all installed software
and version numbers, providing the companies deploying the solution
comprehensive and clear insight into all devices, hardware, software, and
potential security incidents.
Research shows that the East Africa is facing a critical shortage of IT specialists. Another standout issue relates to the low proportion of security experts among IT specialists. Kenya is reported to have only 1700 certified cyber security professionals showing a huge skills gap for large businesses requiring these skills. This industry-wide issue can be confirmed by ESET, challenges shared by companies we have business relationships with and as a conclusion of our ongoing market research.
“Finding good IT specialists is difficult
enough but finding good security experts is almost like a Sci-Fi Fantasy,”
explains Michal Jankech, Chief Product Manager, ESET. Security experts must
have very comprehensive knowledge, however, there are too few of them and their
numbers may actually decrease further due to a lack of understanding about their
importance to core IT practice.
The “neurosurgeons” of IT specialists
Let’s make a comparison to healthcare
specialists. Assume an IT specialist is the equivalent of a general
practitioner (GP), then a cybersecurity expert represents a neurosurgeon. IT
specialists primarily support an organization’s business, but also help protect
corporate networks by setting up hardware and checking basic security settings,
functions, and automatic alerts. However, there are many situations where a
technical or business need arises that may have a security impact that must be
assessed by a security expert. These can include: advanced security settings,
enabling remote access and management of IT systems, use of collaborative
tools, cloud accessibility, use of encryption and or two factor authentication,
as well as managing and securing collected data. To address these and other
areas, experts need specialized knowledge and tailor fit tools that assist them
tin securing the network, and both searching for and detecting suspicious
activities and behaviors.
“It is similar to a GP referring a patient
to a neurologist, then on to a neurosurgeon, who then examines a CT scan of the
brain and decides whether a suspicious object is a blood vessel or may be
something worse. Subsequent analyses determine further diagnostic methods to
determine whether the object in question is a blood vessel or a tumor,” Jankech
says, describing the work of a security expert
Security services outsourcing—a way
According to Jankech, one reason for the
lack of such a skill set on the labor market may be the fact that globally,
education systems have failed to adapt to the wide gap between supply and
demand of such specialized skills. In the past, many countries provided
top-level education in various engineering disciplines, but now the market
needs top-level IT and more specifically IT security education. But there are
simply too few schools and not enough training institutions focusing on the
education of security experts.
ESET Security Management Center provides real-time visibility for on-premise and off-premise endpoints as well as full reporting for ESET enterprise-grade solutions from a single pane of glass securely deployed on premise or in cloud.
At ESET, we know that every company and
organization is unique. Therefore, our service offers are configured on
needs-based analysis and provide recommendations on what is appropriate for the
business in terms of its physical capabilities, network topology, etc. This
enables us to cover all the needs of large companies across a wide range of
Many may think that companies exclusively use Windows devices. However, while it’s the most widespread operating system, it may not be the most suitable platform for all company needs. The current market share of operating systems in Kenya shows Android at 53% of the market, Windows at close to 28% of the market, OS X at under 5%, IOS close to 3% and Linux below 2%. Thus, it’s quite common to have an IT team monitoring the security of five different operating systems—Windows, Linux, Mac, Android, and iOS. However, the accompanying complexity may lead to certain cybersecurity risks that must be addressed.
ESET’s longitudinal data suggest that most large companies have at least one Mac computer. There are two reasons for the presence of Mac computers in the corporate ecosystem. Macs have long been highly sought by people employed in creative jobs—for example, in internal graphic teams, architectural firms, or advertising agencies—because the architecture of the Mac operating system is particularly suited to graphic design. In all these cases, Mac is used because of a clear business need. In other cases, it is mainly a matter of personal preference of employees or the management who choose Mac; for example, because its user interface suits them better or exclusively because of its high-end design.
Mac as a carrier of malware
Many users believe that the Mac operating
system is inherently safer than Windows. However, this is a distorted view
caused by the fact that attackers focus on operating systems that are deployed
on a broader scale, which in turn enables them to make more money either by
stealing it, or by monetizing stolen data. However, there are many examples of Mac malware and users
should not fall into a false sense of security.
One way that attackers leverage Macs is by
looking beyond their value as a potential end-targets, but instead, as
carriers. Yes, Macs can be used to introduce malware that is not targeted at
the Mac platform itself and deliver it to an otherwise secure network. If the
Mac computer in question is not protected, it can transfer Windows-targeted
malware onto Windows devices within the company’s network—the malware
connects to the network, bypasses the network firewall or sandbox, and the
corporate network gets infected. The same applies to Linux and Android devices
that can be potential carriers of malware as well as targets.
Mobile devices: iOS is more secure
The situation is different with respect to
mobile devices. The iOS platform for Apple mobile devices has been
designed to be safe via its internal structure. In iOS, each application runs in
its own sandbox with very limited rights for interacting with other
applications. The application does not have the access rights unless the user
explicitly grants that permission. It’s different from Windows where each
application runs primarily under the system account, thus receiving access
rights for the entire system. The reason why there are no security applications
for iOS is that this type of application would have access rights only for
itself. It could scan itself and maybe photos and contacts. Apple also performs
whitelisting in its application store in an attempt to prevent harmful items
entering. For these reasons, iOS could be described as a safer operating
system. However, this does not apply if a jailbreak has been performed on an
iOS device. Jailbreaking is a process that disables certain security
Security risks also arise when a corporate mobile, is stolen or lost. In
this scenario, iOS is not immune from risk since an employee’s device may
contain business emails, valuable contacts, and photos from internal meetings
because people often take pictures of the meeting notes. In other words, there
is a lot of potentially sensitive data on employee devices that is not always
efficiently protected. For example, when employees do not set a PIN, or use a
weak PIN on the device in question.
Companies can enforce security policies
How does a company know whether a corporate device is jailbroken or whether an employee has set up an effective PIN to protect access to their Apple phone? Companies can do this using Mobile Device Management (MDM) solutions; for example, ESET Mobile Device Management for Apple iOS. The iOS system uses the Apple Mobile Device Management framework, and in some countries the Device Enrollment Program (DEP) is available as well. In this scenario, the company buys an iOS device pre-enrolled within its organization. When the device is turned on, it connects directly to the company’s MDM solution and installs a security profile based on the company’s specifications.
The company can define what security
settings or state it requires for a device; for example, to confirm that a
device is not jailbroken or that a secure access PIN code is deployed
containing at least 6 characters (or alternatively a fingerprint lock) and the
employee changes it at reasonable intervals. If a device does not meet these
requirements, the company can remotely disable access to corporate email or
restrict other device functionality. Further, it is also possible to localize
the device, flag it as lost and thenremotely wipeit. This is
useful, for example, when a corporate iOS device is lost or stolen or if the
company discovers that the employee has been leaking sensitive company data.
Android really needs a security
The Android operating system is more open than iOS, which is the primary reason why a security app should be used on all Android devices. Just as with iOS, an employee’s Android device can contain sensitive data, emails, and photos. There are several MDM solutions available for Android that enforce specific security policies on corporate Android devices.
For example, there is Android for Work, i.e. the native Google ecosystem. Alternatively, there are solutions that run with administrator privileges within the device. An example of such an application is ESET Endpoint Security for Android that contains not only MDM functionality but also multi-layered security features such as protection against malware and anti-phishing. The Google Play store, which is the main source of Android apps, has less stringent rules than Apple’s app store; therefore, sometimes, attackers are able to upload malicious apps. Thus, an Android device without a security app installed can get infected even when the employee’s behavior is neither risky nor unsafe.
Diverse operating systems require Integrated management
All company devices with the ESET MDM solution or ESET security program installed can be monitored remotely from the ESET Security Management Center web console. The operating system of those company devices is irrelevant—it could be Windows, Mac, Linux, Android, or iOS. This remote management console informs the administrator about the security state on the device in question and can help warn the company about unwanted or suspicious activity.
Complete network, hardware, and software
ESET’s remote management console can also
provide the administrator with a lot of information about possible security
incidents in the network, the hardware of individual computers, such as
their manufacturer, model, serial number, processor, RAM, disk space, and much
more, and installed software including version numbers and additional