Struggling with endpoint security? how to do it right

Endpoints over-configured with too many agents and uncontrolled endpoint proliferation make organizations more vulnerable to cyberattacks, creating new attack vectors rather than shutting them down.

Proper endpoint security starts with preventing malware, ransomware, and file-based and fileless exploits from infiltrating a network. It also needs to go beyond laptops, desktops and mobile devices, which is one of the reasons Extended Detection and Response (XDR) is becoming more and more important today.

A report sponsored by Adaptiva and conducted by the Ponemon Institute, entitled Managing Risks and Costs at the Edge [subscription required] was released today and illustrates how difficult it is to get endpoint security right. The study found that organizations are struggling to maintain visibility and control over their endpoints, leading to increased security breaches and a reduced ability to defend against outside attacks.

What CISOs want when it comes to endpoint security

Controlling which agents, scripts, and software are updated by an endpoint security platform is critical today. Therefore, organizations are looking for a platform to detect and prevent threats while reducing the number of false positives and alerts. CISOs and CIOs want to consolidate security applications, often starting with endpoints because they account for a large percentage of budgeted spend. The goal is to consolidate applications and get a single, real-time view of all endpoints across the enterprise.

The most advanced endpoint security solutions can capture and report on an endpoint’s configuration, inventory, patch history, and policies in real time. You can also scan endpoints on and off the network to determine which ones need patches and apply them automatically without impacting device or network performance. Most importantly, the most advanced endpoint solutions have the ability to heal and regenerate themselves after an attack.

Why securing endpoints is becoming increasingly difficult

IT and IT security teams struggle to get an accurate count of their endpoints at all times, making creating a baseline to measure their progress a challenge. The Ponemon Institute survey found that a typical organization manages approximately 135,000 endpoints. And while the average annual budget that organizations spend on endpoint protection is approximately $4.2 million, 48% of endpoint devices, or 64,800 endpoints, are undetectable on their networks.

Organizations pay a high price for minimal endpoint visibility and control. For example, 54% had an average of five attacks on their organizations in the past year at an average annual cost of $1.8 million. Additionally, the majority of enterprise security executives surveyed (63%) say a lack of endpoint visibility is the number one obstacle to their organizations achieving a stronger security posture.

Key findings from the Ponemon Endpoint Security Survey include:

Ransomware remains the number one threat to endpoint security

The top concern of senior security officials today is ransomware attacks that use file-based and file exploits to infiltrate corporate networks. Ponemon’s survey found that 48% of senior security professionals say ransomware is the top threat, followed by zero-day attacks and DDoS attacks.

Their findings align with surveys conducted earlier this year showing how quickly ransomware attackers can exploit their vulnerabilities.

• The latest survey by endpoint security provider Sophos found that 66% of businesses worldwide fell victim to a ransomware attack in the past year, down 78% year-on-year.
• Ivantis Ransomware Index Report Q1 2022 discovered a 7.6 percent increase in the number of ransomware-related vulnerabilities in Q1 2022. The report uncovered 22 new ransomware-related vulnerabilities (310 in total), of which 19 were related to Conti stand, one of the most prolific ransomware groups of 2022.
• CrowdStrike’s 2022 Global Threat Report found that ransomware incidents increased by 82% in just one year. Additionally, scripting attacks aimed at compromising endpoints continue to grow rapidly, confirming why CISOs and CIOs are prioritizing endpoint security this year.
• The bottom line is that the future of ransomware detection and remediation is data-driven. Leading endpoint protection platforms with ransomware detection and response include Absolute Software, whose ransomware response builds on the company’s expertise in endpoint visibility, control, and resiliency. Other providers include CrowdStrike Falcon, Ivanti, Microsoft Defender 365, Sophos, Trend Micro, ESET and others.

Lack of staff, IT and IT security are struggling to keep configurations and patches up to date

Most IT and IT security leaders state that the number of distribution points supporting endpoints has increased significantly over the last year. 73% of IT operations believe that the most challenging task of endpoint configuration management is maintaining the most up-to-date OS and application versions on all endpoints. Patching and security updates are the most difficult aspect of endpoint security management for IT security teams.

Cybersecurity vendors are taking a variety of approaches to address this challenge.

IT operations are taking the lead in reducing the spread of distribution points

Ponemon asked IT and IT security leaders to rate their effectiveness on a 10-point scale across four edge and endpoint security domains.

• 38% of IT operations rate their effectiveness in reducing distribution point sprawl as very or very effective, versus 28% for IT security. As a result, IT security is more confident in their effectiveness in ensuring all software is up to date and configured in accordance with their security policy.
• In all four categories, the average level of trust in IT is 36%, while that in IT security is 35.5%. However, there is significant room for improvement for all, starting with better encryption of enterprise devices, more frequent device OS version updates, and more frequent patch updates. For example, absolute Software’s most recent survey, “The Value of Zero Trust in a WFA World,” found that 16% of enterprise devices are unencrypted, 2 out of 3 enterprise devices run OS versions that are two or more versions behind, and one average enterprise device this does 77 days out of date since the current patch.

Manage risk and costs of endpoint security

The Ponemon Institute survey highlights how endpoint distribution and proliferation can quickly spiral out of control, resulting in 48% of devices on an organization’s network being unidentifiable. With the rapid growth of machine identities, it’s no wonder CISOs and CIOs are exploring how to adopt Zero Trust as a framework to enforce least privilege access, improve identity access management, and better use credentials for privileged access to control. In addition to endpoint security, this also applies to the financial performance of any organization, as this is the largest threat vector and the most difficult to protect.

The bottom line is that investing in cybersecurity is a business decision, especially when it comes to enhancing endpoint security to reduce ransomware, malware, attempted attacks, social engineering attacks, and more.