Jamf Blog
July 14, 2022 by Jesus Vigo

Most critical misses in security

The important role that cybersecurity plays in modern computing cannot be understated. Simply put, when integrated as part of a holistic solution, security:

  • Keeps data secured from unauthorized access
  • Protects users from threats that impact productivity
  • Hardens devices against known and unknown attacks
  • Enforces organizational policies, maintaining compliance

When implemented as a half-measure or unvetted solution to a larger problem, it may have the adverse effect of growing into a vulnerability, compromise or full-scale data breach.

In this blog, we discuss these near-misses and how they affect your security posture, as well as how to better insulate your organization against missing critical points in their cybersecurity plan.

There’s no blueprint that identifies what a good, proper cybersecurity plan looks like. After all, while industry best practices and solid security tooling can go a long way toward protecting your organization from threats, the fact remains that what “works” varies widely from one organization to the next.

It’s difficult to pin down exactly because of the many variables that could potentially alter the course from “this works 100%” to “this works most of the time in X scenario” to “this doesn’t work anymore”.

Among the commonly seen variables affecting the efficacy of cybersecurity solutions are:

  • Not having dedicated IT/Security teams
  • Skills gap for IT and Security teams
  • Lack of security awareness training for employees/staff
  • Utilizing software tools that are mismatched or do not fully support devices
  • Missing policies and compliance guidelines or not updating them iteratively
  • No alignment between policies and enforcement within security solutions
  • Minimal insight or reporting capability to monitor device/app health
  • Lack of consistency when deploying preventive solutions
  • Interoperability with device management solutions
  • Inability to scale and/or evolve with solutions as needs change
  • Not performing thorough risk assessment of network and computing infrastructure

Sadly, these and other variables that may be unique to your specific industry make developing a “one size fits all” solution just plain inaccurate at best – and with the potential to leave your organization open to security risks they cannot defend against at worst.

The aim of this writing is not to ascertain what is the best way to address the unique needs of [insert your company name here], but rather to answer the question, what happens when security is an afterthought?

Also, to consider the possible fallout when security is not considered a regular practice, instead being relegated to nothing more than a tool or app run “when there’s an issue”.

More to the point, we dive into the critical “misses” that sometimes occur when security solutions are implemented haphazardly. Also, how despite a good-natured attempt to shore up vulnerabilities, a mishandled security solution may actually introduce additional risk while providing a false sense of relief that the solution is identifying and mitigating threats.

“Release the Kraken!”

In their haste to implement a solution after a security incident has occurred, organizations often scramble to deploy risk mitigation. While understandable, the need to be quick may ultimately serve to betray the needs of the organization if done so on a whim. If the appropriate due diligence is not taken to properly vet a new solution before it is deployed, the result could lead to lessened – not increased – protections against risk due to:

  • Incompatibilities with existing infrastructure
  • Lack of support for device and/or OS features
  • Decreased performance of critical apps/services
  • Loss of confidence from employee/staff
  • Learning curve stemming from training
  • Unknown factors introduced by security solution

Part of the solution or part of the problem?

Conversely, on the opposite end of the spectrum to a solution that hurts instead of helps – and just as equally perilous to strengthening organizational cybersecurity – is one that seemingly does nothing at all.

It could be argued that this may be the worst of them all, since they may provide a false sense of security, providing organizations with the feeling that threats are being addressed and risks mitigated when in fact, none of them may be occurring.

Let me explain. An important aspect of a comprehensive endpoint security solution is its capability to detect threats as they occur, identify risky apps and behaviors, provide IT and Security teams insight into device health through continuous monitoring and provide real-time alerts of detected instances through granular reporting data.

Consider an endpoint security solution that is implemented to thwart threats, but due to oversight, misconfiguration or the solution simply might not be a good fit for your organization’s device fleet — these are all factors that can result from the rush to “get something out there”. Further complicating matters, is the misconception that all-in-one solutions are superior to those that are purpose-built for a specific platform, like Jamf Protect.

There are many endpoint security software vendors to choose from that claim multi-platform support for different operating systems. While the thought of managing all endpoints from one pane of glass is tempting in theory, in practice, providing a minimal level of support for each OS typically comes at the cost of not supporting critical security features for certain platforms, such as having the ability to detect vulnerabilities, but not offering a method to remediate them automatically.

Other times, support for the latest OS version may not be available until a later date which leaves organizations hamstrung with devices that:

  1. Cannot be updated to the most recent version of an OS
  2. Remain vulnerable until the vendor implements support for the latest updates

Not only does this impact organizational plans to deploy recent patches and new OS features, but this lack of support negatively impacts the level of security protection since visibility into device health and subsequent reporting that is fed from device health data gathered will be inaccurate. In effect, the software may report endpoints are healthy with the latest patches, when in fact they are not, leaving endpoints open to risks unknown to the endpoint security software.

You sunk my battleship

As mentioned previously, there is literally no end to the possible combinations of variables that could affect the security solutions required for your organization to protect its endpoints. While we’ve touched on some thus far, the following list should serve as a checklist that IT and Security teams can leverage as takeaways relating to misses in policies and practices critical to always maintaining the security of your endpoints.

  • Not paying attention to device logs
  • Deploying patches without testing them first
  • Malware protection that isn’t updated regularly
  • Endpoint security software missing or delaying support for OS
  • Lack of compliance and/or policy enforcement
  • Not training IT/Security staff on newest technologies
  • Not providing end-users security awareness training
  • Failing to document change management, incidents and lessons learned
  • Relying on a single tool to administer all aspects device management lifecycle
  • Alerting functionality that does not operate in real time
  • Reporting that is not centralized nor provides granular details
  • Remediation workflows that do not provide automated actions
  • Solutions not built to scale as organizational needs grow or change
  • Limited integration with other tools, such as MDM and IdP
  • Cloud-based solution that does not adhere to industry-based compliance requirements
  • Minimal to no alignment with security frameworks or standards
  • No ability to capture baseline for network-based endpoints
  • Risk assessment not performed on infrastructure resources
  • Negative impact to performance and/or user experience
  • Security tools lack robustness to mitigate internal and external risks

Jamf Protect, the purpose-built solution for Mac endpoints offers full support for managing your Apple security needs.

You’ve tried the rest, now it’s time to try the best endpoint security solution for macOS!

Photo of Jesus Vigo
Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.