So, let’s face it: every business goes through change. They need to evolve to generate new opportunities and react to new threats, and as part of that process, in a general sense, information technology always has to facilitate some part of this change or deal with the effects of this change, even if it was unintended or undesired.
When I look at these changes, I think they can fit it into three broad categories:
These are planned changes that have been actioned and have been applied as envisaged and which have not had any adverse effects or outcomes.
These can come in two forms:
First, there are planned changes that are applied and lead to an unintended adverse effect or outcome. Sometimes this can simply be due to a lack of testing or the issue not manifesting itself during the testing phase. This is not that unusual when we consider the sheer complexity and interdependence that exists within modern IT environments.
The second type of malignant change is quite simply the wrong action or change being applied which was unintentional. This could be operational errors or simply pressing the wrong button.
Again there can be two broad forms of malicious changes:
First, something or someone from the outside is making changes, meaning they were able to ingress into the environment and are making changes with malicious intent.
Secondly, someone in your organization making changes with malicious intent.
You may have noticed that here at 1E we’ve launched a new product called Tachyon. Tachyon enables organizations to deal with this change and the adverse effects of change. Let’s see how Tachyon helps you deal with these different types of changes.
When benign changes occur, there is no real detrimental effect. However, sometimes from a business perspective, these changes can take too long to deliver. There can be a number of factors as to why this happens. It could be limitations in the toolsets available to the team responsible for delivering the change, it could a lack of skills or knowledge to deliver the change in question, or it could be the sheer complexity of the IT environment that is responsible for holding up the change.
With Tachyon, you are able to hold a conversation with all endpoints in the environment. You can ask them questions, and perform remediation actions in real time. This means making changes is no longer the challenge it once was. Obviously, this is very powerful functionality, so by default, all changes require a second person to authorize the change. Tachyon was designed to be very resource efficient and highly scalable and can manage estates of over 1 million endpoints. With Tachyon you really benefit from its awesome speed.
What about malignant change? How can Tachyon help? When we think about introducing a significant change in the environment, this often involves a lot of work and preparation. But, despite all the preparation, something unexpected or undesirable happens when the change goes live. What can you do? You are faced with two choices: firstly, you can revert to your back out plan (if you have one), but this can sometimes be as complicated and disruptive as the original change itself. Alternatively, you can try to remediate (or at least put some mitigation in place).
This is where Tachyon excels with the ability to start a conversation and ask questions with all your machines in real time. It can help you identify which systems already have the change and it can help filter into the data to see if there are common factors there. Once identified, the issue or the machines with the issue can be targeted with Tachyon with whichever course of appropriate remedial action you have chosen.
This ability as described above is just as applicable in any situation where changes or errors have been introduced by accident.
Lastly, there is the malicious change. As we all know, software is becoming more and more complex. And despite real efforts around quality control, software is still released with security vulnerabilities. When these security vulnerabilities become public knowledge through information sources such as the USA’s NIST (National Institute of Standards and Technology) vulnerability database or through the software vendors own security notification mechanisms, you can use Tachyon to ask every endpoint in real time whether they have that version of Software installed. You can then ascertain your exposure and use Tachyon or your policy based client management tools to update these systems.
If the vulnerability already has a known active exploit, there is most likely information in the public domain as to the attack vector and the data wake left by the exploit. This information is what the industry calls an indicator of compromise (IOC). Again, with Tachyon, you can ask questions of all the devices to see if they have these IOCs exist. If so, you can use Tachyon to make changes to immediately stop the exploit. This might involve actions like adding local firewall rules, killing processes, changing registry values, or deleting files. The list is truly endless.
The investigation and remediation as described above are just as applicable to situations where changes have been introduced intentionally by someone internal to the organization. In fact, with Tachyon, you can record events and behaviors over time to provide a historical perspective of what has happened on the endpoint over time. This ability to provide forensic data about key events on an endpoint can really help to speed up an investigation. Imagine being able to ask, every endpoint when they first became infected by a malicious executable.
Thanks for taking the time to read this post. Hopefully, it gives you some valuable insights about the capabilities of Tachyon and highlights why you should seriously consider using Tachyon to reduce the time it takes you to manage those activities related to change.