VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More
Endpoints over-configured with too many agents and unchecked endpoint sprawl are leaving organizations more vulnerable to cyberattacks, creating new attack surfaces rather than closing them.
Getting endpoint security right starts with preventing malware, ransomware, and file-based and fileless exploits from infiltrating a network. It also needs to extend beyond laptops, desktops and mobile devices, which is one reason why extended detection and response (XDR) is growing today.
A report sponsored by Adaptiva and conducted by Ponemon Institute titled Managing Risks and Costs at the Edge [subscription required] was published today, highlighting how hard it is to get endpoint security right. The study found that enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks.
What CISOs want in endpoint security
Controlling which agents, scripts and software are updated by an endpoint security platform are table stakes today. As a result, organizations are looking for a platform to detect and prevent threats while reducing the number of false positives and alerts. CISOs and CIOs want to consolidate security applications, often starting with endpoints as they’re a large percentage of budgeted spending. The goal is to consolidate applications and have a single real-time view of all endpoints across an organization.
An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.
The most advanced endpoint security solutions can collect and report the configuration, inventory, patch history and policies in place for an endpoint in real time. They can also scan endpoints on and off the network to determine which ones need patches and automatically apply them without impacting device or network performance. Most importantly, the most advanced endpoint solutions can self-heal and regenerate themselves after an attack.
Why securing endpoints is getting harder to do
IT and IT security teams struggle to get an exact count of their endpoints at any given time, making creating a baseline to measure their progress a challenge. The Ponemon Institute’s survey found that the typical enterprise manages approximately 135,000 endpoint devices. And while the average annual budget spent on endpoint protection by enterprises is approximately $4.2 million, 48% of endpoint devices, or 64,800 endpoints, aren’t detectable on their networks.
Enterprises are paying a high price for minimal endpoint visibility and control. For example, 54% had an average of five attacks on their organizations last year, at an average annual cost of $1.8 million. In addition, the majority of enterprise security leaders interviewed, 63%, say that the lack of endpoint visibility is the most significant barrier to their organizations achieving a stronger security posture.
Key insights from Ponemon’s survey on endpoint security include:
Ransomware continues to be endpoint security’s greatest threat
Senior security leaders’ greatest concern today is ransomware attacks that use file-based and file exploits to infiltrate enterprise networks. Ponemon’s survey found that 48% of senior security executives say ransomware is the greatest threat, followed by zero-day attacks and DDoS attacks.
Their findings are consistent with surveys done earlier this year that reflect how ransomware attackers are accelerating how fast they can weaponize vulnerabilities.
- Endpoint security provider Sophos’ recent survey found that 66% of organizations globally were the victims of a ransomware attack last year, dropping 78% from the year before.
- Ivanti’s Ransomware Index Report Q1 2022 discovered a 7.6% jump in the number of vulnerabilities associated with ransomware in Q1 2022. The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310), with 19 being connected to Conti, one of the most prolific ransomware groups of 2022.
- CrowdStrike’s 2022 Global Threat Report found ransomware incidents jumped 82% in just a year. Additionally, scripting attacks aimed at compromising endpoints continue to accelerate rapidly, reinforcing why CISOs and CIOs prioritize endpoint security this year.
- The bottom line is that the future of ransomware detection and eradication is data-driven. Leading vendors’ endpoint protection platforms with ransomware detection and response include Absolute Software, whose Ransomware Response builds on the company’s expertise in endpoint visibility, control and resilience. Additional vendors include CrowdStrike Falcon, Ivanti, Microsoft Defender 365, Sophos, Trend Micro, ESET and others.
Short on staff, IT and IT security struggle to keep configurations and patches current
Most IT and IT security leaders say that the number of distribution points supporting endpoints has increased significantly over the last year. Seventy-three percent of IT operations believe the most difficult endpoint configuration management task is maintaining all endpoints’ most current OS and application versions. Patches and security updates are the most difficult aspect of endpoint security management for IT security teams.
Cybersecurity vendors are taking a variety of approaches to solving this challenge.
- Absolute’s Resilience platform provides real-time visibility and control of any device on a network or not, along with detailed asset management data. They have collaborated with 28 device manufacturers who have embedded Absolute firmware in their devices to enable an undeletable digital tether to every device to help ensure the highest levels of resiliency.
- Acronis offers endpoint protection management that includes patch management.
- Ivanti Neurons for Risk-Based Patch Management takes a bot-based approach to track and identify which endpoints need OS, application, and critical patch updates.
- Microsoft’s Defender Vulnerability Management Preview is now available to the public, providing advanced assessment tools for discovering unmanaged and managed devices.
IT operations is taking the lead in reducing distribution point sprawl
Ponemon asked IT and IT security leaders to rate their effectiveness on a 10-point scale of four edge and endpoint security areas.
- Thirty-eight percent of IT operations rate their effectiveness at reducing distribution point sprawl as very or highly effective versus 28% for IT security. As a result, IT security is more confident in its effectiveness in ensuring all software is up-to-date and the configuration complies with its security policy.
- Across all four categories, IT’s average confidence level is 36% while IT security’s is 35.5%. However, there’s significant upside potential for each to improve, starting with better encryption of enterprise devices, more frequent updates of device OS versions, and more frequent patch updates. For example, absolute Software’s recent survey, the Value of Zero Trust in a WFA World, found that 16% of enterprise devices are unencrypted, 2 out of 3 enterprise devices are running OS versions two or more versions behind, and an average enterprise device is 77 days out of date from current patching.
Managing risks and costs of endpoint security
Ponemon Institute’s survey highlights how distribution and endpoint sprawl can quickly get out of hand, leading to 48% of devices not being identifiable on an organization’s network. Given how quickly machine identities are increasing, it is no wonder CISOs and CIOs are looking at how they can adopt zero trust as a framework to enforce least-privileged access, improve identity access management and better control the use of privileged access credentials. As endpoint security goes, so goes the financial performance of any business because it is the largest and most challenging threat vector to protect.
The bottom line is that investing in cybersecurity is a business decision, especially when it comes to improving endpoint security to reduce ransomware, malware, breach attempts, socially engineered attacks and more.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.