VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

Endpoints over-configured with too many agents and unchecked endpoint sprawl are leaving organizations more vulnerable to cyberattacks, creating new attack surfaces rather than closing them. 

Getting endpoint security right starts with preventing malware, ransomware, and file-based and fileless exploits from infiltrating a network. It also needs to extend beyond laptops, desktops and mobile devices, which is one reason why extended detection and response (XDR) is growing today. 

A report sponsored by Adaptiva and conducted by Ponemon Institute titled Managing Risks and Costs at the Edge [subscription required] was published today, highlighting how hard it is to get endpoint security right. The study found that enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks. 

What CISOs want in endpoint security 

Controlling which agents, scripts and software are updated by an endpoint security platform are table stakes today. As a result, organizations are looking for a platform to detect and prevent threats while reducing the number of false positives and alerts. CISOs and CIOs want to consolidate security applications, often starting with endpoints as they’re a large percentage of budgeted spending. The goal is to consolidate applications and have a single real-time view of all endpoints across an organization.   


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

The most advanced endpoint security solutions can collect and report the configuration, inventory, patch history and policies in place for an endpoint in real time. They can also scan endpoints on and off the network to determine which ones need patches and automatically apply them without impacting device or network performance. Most importantly, the most advanced endpoint solutions can self-heal and regenerate themselves after an attack

Why securing endpoints is getting harder to do 

IT and IT security teams struggle to get an exact count of their endpoints at any given time, making creating a baseline to measure their progress a challenge. The Ponemon Institute’s survey found that the typical enterprise manages approximately 135,000 endpoint devices. And while the average annual budget spent on endpoint protection by enterprises is approximately $4.2 million, 48% of endpoint devices, or 64,800 endpoints, aren’t detectable on their networks. 

Enterprises are paying a high price for minimal endpoint visibility and control. For example, 54% had an average of five attacks on their organizations last year, at an average annual cost of $1.8 million. In addition, the majority of enterprise security leaders interviewed, 63%, say that the lack of endpoint visibility is the most significant barrier to their organizations achieving a stronger security posture. 

Key insights from Ponemon’s survey on endpoint security include:

Ransomware continues to be endpoint security’s greatest threat 

Senior security leaders’ greatest concern today is ransomware attacks that use file-based and file exploits to infiltrate enterprise networks. Ponemon’s survey found that 48% of senior security executives say ransomware is the greatest threat, followed by zero-day attacks and DDoS attacks. 

Their findings are consistent with surveys done earlier this year that reflect how ransomware attackers are accelerating how fast they can weaponize vulnerabilities

Ransomware is the greatest threat to endpoints today, according to senior IT and IT security leaders interviewed by Ponemon for their latest survey published today.

Short on staff, IT and IT security struggle to keep configurations and patches current 

Most IT and IT security leaders say that the number of distribution points supporting endpoints has increased significantly over the last year. Seventy-three percent of IT operations believe the most difficult endpoint configuration management task is maintaining all endpoints’ most current OS and application versions. Patches and security updates are the most difficult aspect of endpoint security management for IT security teams.

Cybersecurity vendors are taking a variety of approaches to solving this challenge.

Keeping endpoints current on OS, application versions, patches, and security updates defy simple solutions that include manually updating the many devices in an inventory database. Automating how updates and patches are distributed and applied is helping reduce the risk of breaches, credential theft, and DDoS attacks.

IT operations is taking the lead in reducing distribution point sprawl 

Ponemon asked IT and IT security leaders to rate their effectiveness on a 10-point scale of four edge and endpoint security areas. 

  • Thirty-eight percent of IT operations rate their effectiveness at reducing distribution point sprawl as very or highly effective versus 28% for IT security. As a result, IT security is more confident in its effectiveness in ensuring all software is up-to-date and the configuration complies with its security policy. 
  • Across all four categories, IT’s average confidence level is 36% while IT security’s is 35.5%. However, there’s significant upside potential for each to improve, starting with better encryption of enterprise devices, more frequent updates of device OS versions, and more frequent patch updates. For example, absolute Software’s recent survey, the Value of Zero Trust in a WFA World, found that 16% of enterprise devices are unencrypted, 2 out of 3 enterprise devices are running OS versions two or more versions behind, and an average enterprise device is 77 days out of date from current patching. 
IT operations and IT security are overwhelmed with work right now, which is why they need more automated applications, tools and workflows to manage and secure endpoints across their networks.

Managing risks and costs of endpoint security 

Ponemon Institute’s survey highlights how distribution and endpoint sprawl can quickly get out of hand, leading to 48% of devices not being identifiable on an organization’s network. Given how quickly machine identities are increasing, it is no wonder CISOs and CIOs are looking at how they can adopt zero trust as a framework to enforce least-privileged access, improve identity access management and better control the use of privileged access credentials. As endpoint security goes, so goes the financial performance of any business because it is the largest and most challenging threat vector to protect. 

The bottom line is that investing in cybersecurity is a business decision, especially when it comes to improving endpoint security to reduce ransomware, malware, breach attempts, socially engineered attacks and more.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.