We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!
Endpoints that are overconfigured with too many agents and uncontrolled endpoint sprawl make organizations more vulnerable to cyberattacks, creating new attack surfaces rather than shutting them down.
Good endpoint security starts with preventing malware, ransomware, and file-based and fileless exploits from entering a network. It must also extend beyond laptops, desktops, and mobile devices, which is one of the reasons expanded detection and response (XDR) is growing today.
A report sponsored by adaptive and performed by Ponemon Institute titled Managing risk and costs at the edge [subscription required] was published today highlighting how difficult it is to get endpoint security right. The research found that companies struggle to maintain visibility and control over their endpoint devices, leading to increased security breaches and a decreased ability to fend off attacks from the outside.
What CISOs Want in Endpoint Security
Determining which agents, scripts, and software are updated by an endpoint security platform is a key focus today. As a result, organizations are looking for a platform to detect and prevent threats while reducing false positives and alerts. CISOs and CIOs want to consolidate security applications, often starting with endpoints, as they account for a large percentage of budgeted spend. The goal is to consolidate applications and have a single real-time view of all endpoints in an organization.
The most advanced endpoint security solutions can collect and report the configuration, inventory, patch history, and existing policies for an endpoint in real time. They can also scan endpoints on and off the network to determine which patches need them and apply them automatically without impacting device or network performance. Most importantly, the most advanced endpoint solutions can self-heal and regenerate themselves after an attack.
Why securing endpoints is getting harder
IT and IT security teams struggle to get an exact count of their endpoints at any given time, making creating a baseline to measure their progress a challenge. The Ponemon Institute research found that the average enterprise manages approximately 135,000 endpoint devices. And while the average annual budget companies spend on endpoint security is about $4.2 million, 48% of endpoint devices, or 64,800 endpoints, are undetectable on their networks.
Businesses pay a high price for minimal endpoint visibility and control. For example, last year 54% had an average of five attacks on their organizations, at an average annual cost of $1.8 million. In addition, the majority of business security leaders surveyed, 63%, say the lack of endpoint visibility is the number one barrier for their organizations to achieve a stronger security posture.
Key insights from Ponemon’s research on endpoint security include:
Ransomware remains the biggest threat to endpoint security
The number one concern of senior security leaders is ransomware attacks that use file-based and file exploits to infiltrate corporate networks. The Ponemon survey found that 48% of senior security executives say ransomware is the biggest threat, followed by zero-day attacks and DDoS attacks.
Their findings are consistent with studies done earlier this year showing how ransomware attackers are increasingly able to use vulnerabilities as weapons.
- A recent survey by endpoint security provider Sophos found that 66% of organizations worldwide suffered a ransomware attack last year, down 78% from the previous year.
- Ivanti’s Ransomware Index Report Q1 2022 discovered a 7.6% increase in vulnerabilities related to ransomware in Q1 2022† The report revealed 22 new vulnerabilities related to ransomware (bringing the total to 310), 19 of which are linked to Conti, one of the most prolific ransomware groups of 2022.
- CrowdStrike’s Global Threat Report 2022 found ransomware incidents increased by 82% in just one year. In addition, script attacks that aim to compromise endpoints continue to: accelerate quicklyfurther underlining why CISOs and CIOs are prioritizing endpoint security this year.
- The bottom line is that the future of ransomware detection and eradication is data-driven. Leading vendors’ endpoint security platforms with ransomware detection and response include: Absolute Softwarewhose Response to ransomware builds on the company’s expertise in endpoint visibility, control, and resiliency. Additional suppliers include: CrowdStrike Falcon† Ivantic† Microsoft Defender 365† Sophos† Trend Micro† ESET and others.
Staff shortages, IT and IT security struggle to keep configurations and patches current
Most IT and IT security leaders say the number of distribution points supporting endpoints has grown significantly over the past year. Seventy-three percent of IT operations believe that maintaining the latest OS and application versions of all endpoints is the most difficult task to manage endpoint configuration management. Patches and security updates are the most difficult aspect of endpoint security management for IT security teams.
Cybersecurity vendors are using different approaches to solve this challenge.
IT operations lead the way in reducing distribution point sprawl
Ponemon asked IT and IT security leaders to rate their effectiveness on a 10-point scale of four edge and endpoint security areas.
- Thirty-eight percent of IT operations rate their effectiveness in reducing distribution point sprawl as very or very effective, versus 28% for IT security. As a result, IT security is more confident in its effectiveness to ensure that all software is up to date and that its configuration complies with security policies.
- Across all four categories, the average confidence level of IT is 36%, while that of IT security is 35.5%. However, there is significant upside for each to improve, starting with better encryption of business devices, more frequent device OS version updates, and more frequent patch updates. For example, the recent research of absolute Software, the value of zero trust in a WFA worldfound that 16% of business devices are unencrypted, 2 out of 3 business devices have OS versions with two or more versions behind, and an average business device is 77 days out of date from current patching.
Endpoint security risk and cost management
The Ponemon Institute research shows how distribution and proliferation of endpoints can quickly spiral out of control, leaving 48% of devices unidentifiable on an organization’s network. Given how quickly machine identities are growing, it’s no wonder CISOs and CIOs are looking at how to use zero trust as a framework to enforce least-privileged access, improve identity access management, and better control the use of privileged access credentials. Just like endpoint security, so is the financial performance of any business, as it is the largest and most challenging threat vector to protect.
The bottom line is that investing in cybersecurity is a business decision, especially when it comes to improving endpoint security to mitigate ransomware, malware, intrusion attempts, social engineered attacks, and more.
The mission of VentureBeat is a digital city square for technical decision-makers to gain knowledge about transformative business technology and transactions. Learn more about membership.