Major Use Cases and Capabilities
Major Use Cases
Proactive Protection Against Attack Vectors
A preemptive approach to securing systems and networks by identifying, analyzing, and mitigating potential vulnerabilities before they are exploited. In the context of Attack Surface Management (ASM), it involves actively managing and reducing the attack surface—the sum of all potential attack vectors or entry points that malicious actors could use to compromise a system or network.
Attack Surface Risk Mitigation
Reducing or eliminating vulnerabilities within an organization's attack surface to lower the probability and impact of potential cyber attacks. It involves actively identifying, assessing, and mitigating risks associated with the attack surface—the sum of all potential entry points or attack vectors that could be exploited by threat actors.
Misconfiguration Discovery
Misconfiguration Discovery is vital within ASM as misconfigurations can often lead to security breaches or vulnerabilities that attackers exploit. By actively discovering and addressing misconfigurations, organizations can reduce their attack surface, strengthen their security posture, and mitigate the risks associated with improperly configured systems and applications.
Capabilities
Device Management
Management of various endpoint device types, which includes its life cycle management, such as onboarding, provisioning, decommissioning, operating system management, remote access for support, troubleshooting or wiping, and device inventory.
Application Management
This category focuses on the ability to control and apply policies to applications regarding endpoint devices and other application management features. It can include the capability to enroll devices and users via App Stores, software packaging and deployment, distribute applications to endpoints, whether bulk or otherwise, apply aspects of security such as white or blacklisting applications, isolate corporate from private user applications, etc.
Patch Management
This category focuses on the ability to distribute and apply endpoint device system patches (e.g., OS, application, etc.) from various vendors, whether the patch is deployed on a schedule or critical/emergency patches are distributed rapidly when necessary. Some other capabilities include reporting endpoint system status (e.g., patch level), missing patch discovery whether it is a security hotfix, application, or others, level of automation, etc.
Content Management
Endpoint content management refers to the ability to apply access rules and policies to documents or other content on the endpoint device. The rules and policies can be coarse or fine-grained enough to apply to an individual file. Capabilities can also include catalogs of enterprise documents, content security, as well as audit logging, etc.
Endpoint Visibility
The ability to provide a consolidated view and management of all endpoints regardless of where the solution is deployed. Endpoint visibility often features a single pane view via a dashboard and provides visibility to device inventory, state, threats, policy management, licenses, reporting, etc.
Intelligence & Automation
This category looks at the level and use of analytics and/or artificial intelligence to provide insight into different aspects of the UEM domain as well as the ability to automate, assist or take action to remediate endpoint-related issues, as well as other capabilities.
User Experience Support
The ability to support the collecting and monitoring of end-user devices, applications, and activity information for the purpose of improving the end-user experience. This can include benchmarking workforce experience against internal goals, correlating a user's experience with other data sources, providing automation and remediation capabilities to proactively reduce the friction of end-user issues with their device or application, reporting on end-user experience, or even the ability to integrate with other third-party or partner products that can provide this capability to the UEM product.
Admin & DevSecOps Support
The ability to provide support options for administrators of the UEM solution, IT security, and the operations team regarding their tools, automation, and continuous integrations.