Absolute Software Recognized by Gartner® for Enabling Automated Security Control Assessment (ASCA)

In the ever-changing endpoint security landscape, keeping pace with innovative technologies is paramount for organizations that want to stay ahead of advanced threats and stringent compliance regulations. The Gartner Hype Cycle for Endpoint Security 2023 "illustrates the most relevant innovations in the endpoint security space to assist security leaders in planning adoption and implementation of emerging technologies.” This critical, annual report frequently highlights important new categories that often redefine how businesses secure their digital businesses.

This year, Gartner has identified Automated Security Control Assessment (ASCA) as a new category on the Innovation Trigger. Categories earn spots on the cycles for numerous reasons. Gartner places them on the Innovation Trigger when a “A breakthrough, public demonstration, product launch or other event generates significant media and industry interest.” In the case of ASCA along with other technologies, Gartner refers to them as “cutting-edge.”

ASCA: What it Provides

ASCA focuses on the analysis and correction of misconfigurations in various security controls, such as endpoint protection, network firewalls, identity, and SIEM. In doing so, ASCA aims to enhance an organizations’ security posture and to make it more resilient against attacks and technical complexity failures.

According to Gartner, this matters for several reasons: 

Automated security control assessment (ASCA) technologies reduce an organization’s attack surface caused by security configuration drift, poor defaults, excessive tuning to reduce false positive rates, and high administration staff turnover. ASCA improves the security posture by verifying the proper, consistent configuration of security controls, rather than simply verifying the existence of controls.

ASCA: Business Impacts

According to Gartner, Organizations implementing ASCA processes and technologies enhance staff efficiency, minimize the impact of human errors and improve resilience in the face of organizational churn. ASCA reduces security control configuration gaps that unnecessarily expose the organization to otherwise preventable attacks.

Absolute telemetry shows that enterprises and government agencies deploy scores of endpoint applications across their device fleets, including an average of 12 security controls, which organizations invest billions of dollars into, annually. Among our customers, concerns are mounting about the level of efficacy provided by their security apps. For more data in detail, see the 2023 Absolute Resilience Index. 

These worries are justified by challenges remote and mobile workforces create and the frequency of security control failures. Over the course of one 90-day period, Absolute Application Resilience detected more than 1.6 million incidents across numerous endpoint security controls and remediated them. Considering all this, it is no wonder why ASCA has emerged.

The interest in ASCA is explained further when you consider the drivers behind it. As stated by Gartner:

• “The volume of misconfigurations in security controls continues to grow with the increased complexity of environments, emerging threat vectors, the proliferation of new security tools and the high turnover of administration staff, leading to a more exposed attack surface.
• Specific organizational use cases and objectives require the preservation of complex heterogeneous infrastructure and security architectures, instead of pursuing simplification through vendor consolidation.
• The optimization of configurations of enterprise security controls cannot rely exclusively on manual periodic configuration reviews; siloed, tool-centric approaches; or occasional penetration tests.
• Continuously assessing and remediating security controls configurations in accordance with the highest-risk exposures is an effective risk mitigation strategy, reducing the attack surface.”

ASCA: Absolute’s Role and Takeaways

Being identified in a Gartner report doesn’t imply an endorsement. The list of representative vendors Gartner names does however inform readers about various short-listed providers that can be considered as among those delivering the identified capabilities. We’re excited to have been named as one in this new ASCA category. We believe that our security control monitoring and self-healing capabilities show our commitment to cyber resilience and to helping our customers ensure their security works as intended.

To learn more about ASCA and how the technologies are used to protect endpoints, download the 2023 Gartner Hype Cycle for Endpoint Security.

Disclaimer

Gartner, Hype Cycle for Endpoint Security, 2023, 1 August 2023, Franz Hinner, et. Al.

GARTNER is a registered trademark and service mark, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.