As we have entered into new hybrid work environments, businesses need to think about how they will proactively protect their organizations from the influx of new or “bring your own” (BYO) connected devices. This new normal has exposed the most challenging cybersecurity landscape we’ve ever encountered. As defenders, we know that users are 71 percent more likely to be infected on an unmanaged device.
This is because security and IT teams don’t have the ability to set the right security settings and configurations, can’t update and patch OS and software vulnerabilities, and can’t prevent shadow IT and shadow apps. These unmanaged devices that are connecting to company networks present a huge opportunity for attackers to compromise these devices and launch broader attacks.
Microsoft is committed to staying ahead of this threat on behalf of our customers. Today, we announce a new set of capabilities that empower organizations to discover and secure unmanaged workstations, mobile devices, servers, and network devices on their business networks. All this, without the need to deploy new hardware or software, or make changes to the network configuration. Now, it’s easier for organizations to lock down their network’s foundation as they monitor unmanaged devices, enabling them to execute on their Zero Trust strategy.
Customers enrolled in Microsoft Defender for Endpoint public preview can take advantage of the latest capabilities that give them visibility into unmanaged endpoints (such as Windows, Linux, macOS, iOS, and Android) and network devices (such as routers, firewalls, WLAN controllers, and others) within minutes. From here, customers can use integrated workflows to onboard and secure the devices. These new Microsoft Defender for Endpoint features increase the security, productivity, efficiency, and safety of your environment.
The new complexity of hybrid domains
Unmanaged devices are prone to attacks and are easily breached because they are invisible to security teams. Bad actors use them to stealthily perform lateral movements, jump network boundaries, and achieve persistence. Typically, few traces are left behind, enabling attackers to evade early detection and increase their dwell time.
Security researchers and industry experts equally recognize the risks that unmanaged endpoints and network devices present. Leaders at Red Canary, a provider of SaaS-based security operations solutions and penetration testing services, share this perspective:
“We often engage with organizations immediately following a breach. In many cases, the root cause isn’t novel or being conducted by highly skilled adversaries,” says Keith McCammon, Chief Security Officer, Red Canary. “Organizations are being targeted by prolific adversaries that have streamlined the process of finding unmanaged assets, exploiting them, and operating with impunity within the victims’ networks until they achieve their objective.”
What prevents organizations from addressing the problem relates to a lack of tooling in security solutions, such as endpoint protection platforms (EPP), that are most commonly deployed by organizations.
How Microsoft Defender for Endpoint delivers additional protections to hybrid settings
We believe our customers shouldn’t have to deploy additional tools to mitigate this problem. Therefore, we have added the ability to discover and secure unmanaged endpoints and network devices to Microsoft Defender for Endpoint. No hardware deployment or software deployment is needed, no change process, all these capabilities are part of Microsoft Defender for Endpoint, and customers can start benefiting from them right now. It’s that easy.
Once network devices are discovered, security administrators will receive the latest security recommendations and vulnerabilities on them. Discovered endpoints (such as workstations, servers, and mobile devices) can be onboarded to Microsoft Defender for Endpoints, allowing all its deep protection capabilities.
Figure 1. Security recommendations for network devices.
We’re excited to share this news with you today, and we welcome your feedback as we work together to deliver discovery of unmanaged endpoints and network devices to Microsoft Defender for Endpoint. You can easily provide feedback to our teams in the Microsoft 365 security center. For those not already enrolled in the public preview, we encourage you to do so by turning on the preview features. Once enrolled, you’re able to secure your unmanaged network devices within minutes.
As defenders, we’re committed to security for all, helping organizations gain confidence in the security of their devices, data, and digital actions, regardless of where the work gets done.
More detailed information on our new network and endpoint discovery features can be found in our just-released blogs on Tech Community:
- New network device discovery and vulnerability assessments
- Endpoint discovery – navigating your way through unmanaged devices
To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.