Endpoint management has moved to a new phase. Driven by rising cybersecurity threats and growing quantities and types of endpoints, agencies are turning to automation for the multitude of tasks that make up endpoint management.
Tanium’s Melissa Bischoping termed the contemporary strategy, autonomous security and, in the broader sense, autonomous endpoint management.
“The only way we have a fighting chance at getting ahead of any of this is by implementing autonomous security technology,” Bischoping, senior director of security and product design research at Tanium, said during Federal News Network’s Industry Exchange Cyber 2025.
Human analysts will remain actively in security and management processes though.
“There’s going to be a balance in finding autonomous security that works with the analyst, the engineer, the incident responder,” Bischoping said.
Autonomous technology won’t be something “they’re just going to blindly trust, but one that they’re going to use as a ride-along, as a as a colleague, as a thing they’re able to interact with and use to help tip off their Spidey senses or validate a finding,” she said
Autonomous endpoint management can even help keep employees themselves on an even keel.
Bischoping cited a U.K. study linking cardiovascular illness to the stress security teams undergo following ransomware attacks.
“Every organization needs to be looking at ways they can implement autonomous security to preserve not just their organization’s security, but also their workforce’s health,” Bischoping said.
Autonomous security explained
What exactly constitutes autonomous security? Essentially, it’s a technology stack that aggregates data, provides observances and guidance, and performs operations in accordance with procedures or playbooks established by the cybersecurity and IT staffs.
From a product standpoint, it takes the form of intelligent agents. Bischoping said Tanium, which offers an agent-based product, is “investing in autonomous endpoint management because we believe we provide such a vast amount of data that we can use that telemetry to help bubble up those insights and make good decisions with you.”
The data includes aggregated, anonymized information from Tanium’s customer base, which means everyone gets more comprehensive and accurate information to battle not only cyberthreats but vulnerabilities introduced by widely used applications, updates and patches, she said.
“Real-time data is at the core of what we do,” Bischoping said. For comprehensive endpoint control, a government agency also needs to ensure no assets are hidden.
“The good foundations are still things like visibility,” she said. “You’ve got to have asset visibility, and that includes not just your hardware but also your software.”
She added, “What has changed is the scale that we’re working with and the time we have to solve these problems.”
Cybersecurity powered by expanded visibility, data
It’s no longer adequate to do periodic inventories or any sort of manual counts of assets. Instead, organizations need continuously updated visibility if they’re to have continuous and autonomous endpoint management.
“If you don’t have that foundation of visibility of your entire asset management process, any decision you make further up … how do you know that you’ve eradicated a threat actor when you’re not actually sure how many devices that threat actor touched?” she said.
Visibility need to track all updates and patches, incident responses and policy compliance changes, Bischoping said. It also should extend to the operation of the autonomous agents, she added. Such transparency gives better insight into how and why things happened, not merely that they did.
“We try and provide as many metrics as possible to show you this is actually what we were looking at on the endpoint,” she said. “That these are the values that we were assessing to determine whether this endpoint is vulnerable or mitigated.”
Moreover, the idea of what is an endpoint also must expand to include cloud assets and software as a service subscriptions, Bischoping said. These often get updates without prior notice of the organization. Also, often overlooked are Internet of Things devices like cameras and smart doorbells that may access networks.
“All of those things have to be considered from a risk management perspective. We have to broaden our definition of what is an endpoint.”
Discover more articles and videos now on Federal News Network’s Industry Exchange Cyber 2025 event page.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
