Polish Up Your Best Practices Around Alerts and Remediation: Remote Monitoring Management
This is the first in a three-part blog series that will provide tactical approaches for setting up alerts and remediation to solve specific problems your team may face through remote monitoring and management.
One of the big challenges for companies of all sizes is how to maintain a secure network. While a mobile device management solution may make automated remediation seem like a quick fix for security issues as they crop up, that doesn’t mean it’s the right approach for every security concern.
Alerts should be reserved for issues that urgently need your attention, automation should be applied to necessary changes, and all monitoring efforts should help you collect data on items that may need reflection and attention in the future.
Like any system, your alerts and remediations need to be created, maintained, and adapted to keep up with Apple updates and your business’ needs. Here are four steps to get you started on managing Apple device security in your environment.
Step One: When an Issue Comes Up, Evaluate How Much It Matters
Say you’re noodling around with setting up an automated response to an issue that regularly crops up in your environment. Begin by asking yourself three simple questions:
- Is this issue important?
- Does this require a timely response or can it wait?
- How severe is this? Does this impact one device or the security of the whole network?
If the result is not that serious or lacks urgency, ask if the response to the device fact is a “true or false” or “yes or no.” This information is key to helping you structure your response.
If an issue is severe and requires your immediate attention, you may want to monitor the device fact moving forward and create an alert.
For example: MacOS has built-in functionality that allows administrators to remotely sign-in. It’s possible, if the end user is fiddling around in their settings, to turn this function on or off by accident (or on purpose).
For most Apple device users in your system, you’ll likely want to keep this function turned on, but some groups may need to have this turned off. Perhaps the payroll group, C-suite, and HR users need more protection given the nature of the data on their devices.
Say, you notice that an HR coordinator’s device has this function turned on (when it should be turned off). As an IT administrator, you have the ability to turn remote login permissions off, but before you act, the first step is to categorize the level of risk, importance, and urgency within your system. Because security is important, this may be easy to flag as high-risk, urgent, and important.
Step Two: If There Is an Issue, Decide What Action Is Necessary
Once you know what matters to you, decide what’s necessary. Apple device security is famously excellent, as they have engineered great built-in security features that help monitor downloads and application security. With Apple’s baseline technology on new operating systems, devices on your network are well protected against malware. But that may not be what your system requires.
It’s important to determine what your network requirements are and that all devices check every box on that list. Perhaps all Apple devices on your network must have the firewall and encryption turned on. Your list of requirements will vary depending on your organization’s security needs.
To return to the remote monitoring management example, to mitigate this risk, you may set up an alert within your Apple device management solution to send you an email if this status changes within devices housed in specific groups (like HR).
Step Three: For Urgent Updates, Create an Alert
Alerts are helpful ways to catch issues with device facts when a device is newly added and to catch if an existing system has fallen out of compliance.
If it’s something you don’t want to remediate yourself, you may want to send yourself a reminder to reach out to the end user to let them know that their computer is not in compliance with network requirements and ask them to take a corrective action.
To make sure you see your alerts, choose the communications channel that’s best for you. If you’re into inbox zero, that may be the best place for you to receive these notifications. If you prefer to use a ticketing system or CRM, this is a great alternative.
Step Four: If Concrete Action Is Required, Set Up An Automated Remediation
In the event that automating a remediation makes sense and you need help scripting that action, there are two excellent sources of information available to you:
- The public monitoring area. Both public and custom scripts are available here.
- In the Addigy slack channel and online forums, you’ll find plenty of custom scripts from other IT admins who have faced similar challenges.
To return to the security example, in the event that remote monitoring is turned on for a device in a group for which this may pose a security risk, you should do three things in addition to turning that capability off:
- Send a message to the end user informing them that you’ve turned off remote monitoring to ensure their device’s security.
- Ask if they turned the program on.
- Create a record of the action so that if this continues to be an issue or if this is occurring on other Apple devices in your network, you’ll have the information you need to do a deeper investigation of a possible underlying issue in your system.
This solution may be some combination of alerts and a remediation, but the important thing to do here is to communicate to the end user that you’ve taken an action and why it was imperative that you make the correction.
Communication Is Key in Alerts and Remediation
Whatever the best solution for your network’s security needs, communication is key. Whether you choose to reach out to an end user to ask them to take an action or if you need to intervene remotely, it’s important to get in touch and clearly communicate what needs to happen and why.
While automated remediation may be necessary in critical situations, we recommend that there always be a human element to review what’s going on. Assessing and reassessing the level of urgency and risk will help your team prioritize network security issues correctly and give you the opportunity to identify additional risks along the way.
The point of remote monitoring management is to help your organization’s IT department secure Apple devices at scale, and that means making sure each touchpoint with end users is backed up with clear communication that lets them know your team has their back.