It’s now more critical than ever for small- to medium- sized businesses to have strong antivirus (AV) software on all of their endpoints. According to Symantec’s 2019 Internet Security Threat Report, only 14% of small businesses say they have a “highly effective” ability to mitigate cyber attack — even though 43% of all those attacks target small businesses.
It was an easier problem to solve in the past, when IT admins were responsible for Microsoft Windows systems in a predominantly Windows environment that was largely on-prem. The basic rule of thumb then was:
- Set up a good on-prem firewall.
- Make sure every endpoint has the most recently updated AV software.
- Use Microsoft System Center Configuration Manager (SCCM).
But much has changed. The cloud has moved apps, infrastructure, and files off-prem. Mac and Linux machines now populate the workplace – meaning it’s no longer “one-antivirus-fits-all.” SCCM isn’t the comprehensive solution that it used to be either.
And with current predictions saying that cybercrime will cost the world $6 trillion annually by 2021, businesses now can’t afford to not have strict policies that mandate antivirus be on all endpoints.
What Antivirus Protects
Endpoints should be secured, regardless of whether or not their data is stored in the cloud. A compromised endpoint can easily lead to compromised applications and infrastructure — even cloud infrastructure — full of critical data. And while Mac and Linux may be targeted less frequently by malware, they’re not immune.
The fact is that end users still download and save information on their own systems, and the device itself grants them access to everything else — proprietary data, resources, and other secured information. AV protects against the possibility of the endpoint being taken over by a nefarious outsider, as well as malware, spyware, trojans, and other digital threats
What AV Tool Should I Use?
There are many AV apps to consider for each operating system. Some of the most common are Microsoft System Center Endpoint Protection, Sophos Endpoint for Macs, and Kaspersky Endpoint Security for Linux, as well as a wave of “next generation” solutions such as CrowdStrike, Cylance, and many others. All of these can protect your fleets (to varying degrees) from malware, rootkits, viruses, and other cyberattacks.
They can’t guarantee complete protection, however, and need to be supplemented by a comprehensive security strategy that can cover all endpoints and users.
How Do I Make Sure AV is on All My Endpoints?
IT should have a systematic way to ensure that AV is installed and updated on all endpoints. This can be achieved through certain reporting and analytics tools. Generally, these tools provide insight not only into installed applications like AV, but also into a much wider range of statuses.
One such tool is System Insights™, a sub-component of the JumpCloud Directory Platform. With it, admins can quickly assess which endpoints have AV software and which need to be updated. This resolves issues before they arise without disrupting the end user’s workflow. And using the JumpCloud API and the PowerShell module, admins can pull up hundreds of other data points in relation to an organization’s entire fleet. These include:
- Installed browser extensions
- Mounted volumes
- Installed applications
- Network configurations
- Users and groups on systems
- System hardware info
- Disk encryption state reporting
- Enhanced operating system info
These insights can then be used for compliance and auditing information, security interrogation, and much more. Plus, it works across all systems in your IT organization, regardless of whether they’re Windows, Mac, or Linux.
Ensuring that AV software is installed is an important step in endpoint security — but it’s not the complete package. Other key security abilities include:
- Requiring multi-factor authentication (MFA)
- Locking down USB ports
- Enforcing full disk encryption (FDE)
- Monitoring user logins, VPNs, and activity on lost or stolen devices
- Instantly revoke user access to endpoints in case of termination
These are all features of JumpCloud. With it, you can fully manage user identities and access across your entire IT environment, and across operating systems — be they Windows, Mac, or Linux.
This includes GPO-like functionality, with security policies for everything from password complexity requirements to FDE and MFA. It also connects users to virtually all of their resources, including SSO for web and on-prem applications, cloud infrastructure, file servers, and networks via RADIUS.
And with the premium System Insights® feature enabled, admins can pull hundreds of data points — updated every hour — across all of their systems. And all via one pane of administrative glass.