Endpoint Health Case Study:Fortune 500 Retailer

Introduction

The Adaptiva Endpoint Health product is trusted by leading organizationsthroughout the world to improve IT efficiency by automaticallychecking a device’s health, diagnosing any problems, and fixing issuesin seconds. It delivers IT professionals the automation necessary tokeep up with the pace of troubleshooting and resolving issues onthousands of devices in hundreds of locations.

Endpoint Health is used by a variety of Fortune 500 companies around the globe. One international banking customer currently uses Endpoint Health to run over 8 million health checks each day to maintain the health and security of more than 250,000 endpoints worldwide. This case study examines how a large Fortune 500 retailer used Endpoint Health to identify thousands of security and endpoint health vulnerabilities and fix them instantly, saving over $1,000,000 for the organization.

Challenge

A Fortune 500 retailer was struggling to maintain the health andsecurity of over 100,000 endpoints they were managing with MicrosoftSystem Center Configuration Manager (ConfigMgr). The Windowssystems were distributed at locations throughout the world, some withvery poor and low-speed connectivity to the corporate WAN. Thoughthe company was facing many problems keeping these clients healthyand secure, a few pressing needs stood out.

First, they had no easy way to identify which systems weremisconfigured, partially failing, or completely failing—jeopardizingsecurity, compliance, and productivity. They could not say whatpercent were operational, compliant, or secure.

Second, when problems with endpoints were identified, administratorshad to diagnose and remediate them manually or use a hodgepodgeof one-off scripts. This meant they were not able to address all of theproblems found, only a prioritized subset. It also drained resources bytaking up significant IT staff time and expertise.

Third, when content distribution was required to repair systems,deployment was slow. This includes, for example, Windows patches orupdates to third party security solutions. The company was limited byConfigMgr’s manual processes and delays when delivering to so manymachines at disparate locations. This was troubling because in the caseof a security vulnerability, the power to apply custom and third-partyfixes rapidly is critical to preventing infestations.

The company also had limited knowledge of the overall state ofendpoint health. Their most immediate need was to make sure allendpoints were operational and communicating effectively, and thatthe global ConfigMgr hierarchy itself was functioning efficiently end-to-end.

Industry

Fortune 500 retailer

Revenues

Over $100 billion annually

Key Challenge

Maintaining the health and security of over 100,000 endpoints they were managing with Microsoft ConfigMgr.

Solution

After a thorough evaluation of the solutions available in marketplace, the retailer decided to deploy Adaptiva Endpoint HealthTM on roughly 10% of their production systems. The company had eliminated nearly all ConfigMgr server infrastructure and radically accelerated software deployment speeds by using Adaptiva OneSite. They were familiar with Adaptiva’s industry-leading engineering, advanced automation, and demonstrable return on investment.

Significant factors favoring Adaptiva Endpoint Health over competing products included its ability to automatically and rapidly:

  • Identify and detect anomalies such as security and compliance violations
  • Remediate and validate issues by fixing problems then rerunning tests so success is recorded
  • Run new health and security policies to accommodate custom needs and third-party technologies
Adaptiva Smart Scaling Peer-to-peer Technology

Client Health comes prepackaged with 75 automated checks that identify and automatically fix issues across 16 endpoint management categories including:

  • Security health checks to detect violations to security policies and automatically enforce best practices.
  • Operating system health checks to keep operating systems, like Windows 10, current and correctly configured with checks for managing remote desktop settings, analyzing licensing compliance and verifying local group security.
  • System resource and performance checks to ensure systems are performing at their best and able to answer quickly to security threats.
  • Networking and connectivity security checks to ensure end users access only authorized systems and services when connecting.

Endpoint Health proactively identifies and automatically repairs endpoint issues

Over 75 Prepackaged Health Checks

Endpoint Health also includes the industry’s most powerful drag-and- drop WorkFlow Designer which the retailer could use to create custom health checks in seconds without writing code. Its self-managing capabilities dramatically reduce the time and effort it takes enterprises to gain visibility and control over endpoint health and security.

Workflow Designer includes over 160 activities as well as the ability to incorporate PowerShell into workflows. When a health check fix involves distribution of content such as a Windows patch or third- party security software update, workflows can leverage the full power of ConfigMgr with Adaptiva OneSite. This allows custom health checks to instantly deploy urgent remediations to hundreds of thousands of endpoints when needed.

Results

The retailer ran Endpoint Health on just over 11,000 live production computers. Because they were already using OneSite, no installation was needed—just a license key to unlock it. The initial suite of workflows encompassed:

  • Traditional health checks/remediations at a client level (i.e., ConfigMgr client agent working correctly, client communications configured correctly, necessary services running, etc.)
  • Systemic health checks reporting on end-to-end functionality of the global content delivery architecture

For this they used 27 pre-built health checks that were delivered with Adaptiva Endpoint Health, and created three custom ones to meet their own specific needs. When they ran the suite of 30 checks/ remediations in production, the results stunned everyone involved in the project.

The most dramatic impact was that 89% of the health checks thatfailed were automatically remediated successfully using Endpoint Health. This means that of the 12,237 health checks that failed, 10,913 were automatically resolved without the need for manual intervention.For all resolved issues, the health check was rerun, and the resulting success status verified and recorded.

Create your own health checks in seconds

Failure Remediation Status

Failure Remediation Status

The company was surprised to discover that some of the systems with health checks that were not remediated automatically were running Windows XP, a full 3.7% of their machines.

All these client results were easy to see in a real-time reporting dashboard. In addition to big-picture reporting, it provides drill-down capability into each specific health check to see:

  • Health check statistics
  • Execution history
  • Individual machines that the health check has executed on
  • Health check status results

The system health checks also provided unexpected insight on a broader level. With Adaptiva Endpoint Health, the systemic health checks factor in round-trip operational functionality: inventory, delivery, policy, etc., are verified operationally through tiny test cases deployed and validated. For example, this daily global system audit identified a problem with a ConfigMgr Management Point (MP). By resolving it, the company was able to dramatically improve the speed of operations system-wide.

From minor endpoint problems, to global systems management architecture, this initial production implementation provided stellar results

Savings

Using an extremely conservative model, Endpoint Health proved immediate savings of over $1,000,000 for this retailer.

The savings were calculated by extrapolating the results from the implementation on 11,094 devices to the retailer’s full environment of 329,000 systems. Applying the 55% system failure rate (systems that had one or more failure), leaves 180,950 systems in production that would require remediation. After factoring in the 89% percent success rate in automatically remediating problems, the numbers show:

Endpoint Health Reports and Dashboards

161,046 production systems could be automatically repaired without manual efforts due to Endpoint Health

Estimating 15 minutes of time to identify and remediate issues on each system, and a conservative IT engineering staff rate of $25/hr, the immediate savings are as follows:

Immediate Savings with Endpoint Health
Count of Companywide Endpoint Systems 329,000
Percent of Systems Requiring Remediation 55%
Count of Systems Requiring Remediation 180,950
Success Rate of Client Health Remediations 89%
Count of Systems Client Health Can Remediate 161,046
IT Engineer Time to Repair Single System 15 minutes
Hourly IT Engineer Labor Rate $25.00/hour
Total Instant Cost savings by Using Client Health $1,006,538

The retailer would see an immediate return on investment even at these conservative estimates. In a full implementation running across all health check categories, the savings are likely several times that, when factoring in that the retailer:.

  • Only applied a fraction of the pre-built health checks
  • Did not include any custom checks (for health, security, compliance, etc.), which are Client Health’s greatest strength
  • Only factored in the immediate savings of running checks and remediations on a one-time basis (checks will be run regularly in production)
  • The savings model did not include productivity gains from improved uptime, resulting from preemptively finding and fixing problems
  • The savings model did not account for the possible prevention of ransomware attacks, virus outbreaks, or database security breaches

Create your own health checks in seconds

Summary

Using Endpoint Health in a limited production implementation, the company resolved thousands of endpoint health and security problems in a very short time, automatically. They gained valuable insight not only into the health of the endpoints, but also into the content distribution system supporting them. Nearly nine out of 10 problems found were fixed automatically.

Running the same checks they did in the initial implementation across all their Windows endpoints, the company estimates savings of over $1,000,000—and likely several times that. The company is now in the planning process for creating and deploying a much larger suite of checks and remediations. This will include corporate regulatory compliance policy, security hygiene and best practices, and much more. Endpoint Health exceeded all expectations, and it did so in a very short time frame.

Contact Us

Request a Endpoint Health demo from Adaptiva today to learn how your organization can reduce the time, costs, and complexity of managing endpoints and maintaining security throughout your enterprise.

Visit www.adaptiva.com/products/endpoint-health to learn more.

Nearly 9 out of every 10 endpoint health and security problems were fixed automatically with Endpoint Health.