It seems like a simple question. “Are any of our deployed user endpoint devices missing an endpoint detection and response agent?” For starters, answering yes to this question is at least a compliance violation and represents a critical gap in an enterprise’s security posture. Seems fairly straightforward, right? How many devices are out there? How many agents are reporting in? Compare the two numbers and you got your answer. If that answer is yes, how can you figure out which devices are at risk? Who is it assigned to? How often should we be checking?
We developed the Unified Device Matrix to help security teams quickly answer these types of questions using JupiterOne’s asset analysis capabilities. In a single view, Unified Device Matrix shows a normalized and comprehensive inventory of servers, laptops, workstations, mobile devices and other similar assets as reported by multiple sources, such as device management solutions, vulnerability scanners, endpoint security agents, identity providers or directory services. Correlating all this data together, JupiterOne builds the matrix view of all your devices, along with the presence (or absence) of agents and services you have integrated. Laptop is reported by Jamf but not by Crowdstrike? You can find that in two clicks in the Unified Device Matrix interactive dashboard.
Triangulation is key
I don’t have a lot of experience orienteering, but I’ve seen enough movies to know that when you’re looking for something, triangulation is the way to go. Counter-intuitively, this best practice is also what makes answering device questions really hard. A typical enterprise laptop can be reported by 5 different data sources: endpoint security, configuration management, directory services or identity provider, vulnerability scanner and an IT asset management or configuration management database (CMDB).
The truth of what devices you have and their current configuration lies in the correlation of all these different datasets and wouldn’t you know it, they don’t all play nicely together, putting all the work on the teams that manage these tools. And, as you’re probably aware, it’s not all the same team, adding another layer of complexity and coordination to the solution.
Unified Device Matrix does all the hard work of collecting, correlating and deduplicating the data from multiple data sources to provide that accurate, comprehensive view of our devices and their configurations. This view helps our security users primarily in their work to secure endpoint devices, but this consolidated view is also extremely useful for IT teams that have a similar struggle related to inventory management.
Using Unified Device Matrix to solve top device management challenges
With the wide array of data sources available to JupiterOne, users are able to solve a number of difficult device management challenges, notably related to configuration and security posture management:
- Identifying unmanaged devices or without configuration management
- Identifying devices missing endpoint agents
- Identifying devices that are not aligned to your company’s directory services
- The OS distribution of your devices across all of your device data sources
- Identifying devices that haven’t been online recently
- Reporting on a device’s encryption status
Users can configure the Unified Device Matrix dashboard to highlight the misconfigurations and coverage gaps that are top of mind for their current strategy. The matrix can be fully customized to include the critical data source combinations that require action, filtering on attributes, such as operating system, critical assets or last seen date, as well as heat map configurations that visually draw attention to devices that require attention.
Unlocking the answers hiding in your asset data
Unified Device Matrix is another milestone in our commitment to improving the overall experience for our users. We debuted our natural language search capabilities to simplify getting answers to tough questions about your asset data and this dashboard is another way to bring together asset data and analysis that all our users can benefit from.
If device visibility and management is a challenge you have today, contact us and schedule a demo to see it in action. If you want to learn more about our approach to asset analysis and how we fuel this dashboard with insights about our digital infrastructure, check out our approach to asset analysis.