Endpoint device management

- [Narrator] Endpoint device management is a process that we use to detect, provision, update, troubleshoot, and protect devices on our network. We've looked at Cisco AMP in a previous section, which is one solution for this. Here we want to talk more generally about the value of endpoint device management. We consider an endpoint simply as any device that's communicating on our network. This can include desktops, laptops, phones, and tablets. Our endpoints are the largest attack surface for our organization and one of the key ways that many attacks occur. Attackers can execute code against these endpoints in order to exploit the systems and potentially gain access to our important enterprise assets. Studies have shown that endpoints are responsible for over 70% of successful breaches, so you can see why this is an important consideration for our security. When we talk about endpoint management, we're simply referring to an approach that requires a policy-based solution in order to force endpoints to comply with specific criteria. This is typically a client-server based model where we have a centrally managed server controlling the end points, and each endpoint would have a client software installed that would allow it to be monitored. A few good reasons to use endpoint device management include having an end-to-end view of everything happening in the network. This is not always easy to accomplish in an environment where we have devices that move around such as laptops. Using a management system will allow us to see every application that the end users are interacting with and also to control allowed and disallowed applications. This is also good for bandwidth management. These systems can give us an in-depth look at how much bandwidth an individual user is consuming, allowing us to identify applications or users that are consuming lots of our network bandwidth. When we're able to easily identify these problematic issues, then we can remediate that by controlling access to the bandwidth intensive usage or applications. We also have support for deployments. This is a way that we can deploy a new device for a newly hired employee, as an example, in a way that's less administratively demanding. We can deploy technology and security settings directly from our management console. Security and compliance is something else made easier by endpoint device management. These tools allow us to constantly track what's happening in our network in order to make sure that we comply with any regulations related to our sector of business. So for example, if you need to enforce PCI, DSS, or HIPAA compliance, that's an easy way that we can do that. It's also a way to make sure our endpoints are properly patched and updated. Also, the removal of dangerous files or applications is possible, even with remote machines. Examples of endpoint management advantages from a security perspective include things like a centralized managed antivirus software, web filtering, VPN software, data and email encryption, and patch management among other things. As we've mentioned, there are many solutions out there for this type of centralized control, including some solutions we've already looked at such as Cisco AMP for endpoints. The takeaway from all of this is that, with our ever-changing landscape, particularly with the growing amount of users working from home and using the cloud, endpoint device management is a critical tool for us to ensure the security of our endpoints, and that therefore increases our overall network security posture.