Struggling with endpoint security? How to do it right?

Endpoints that are overconfigured with too many agents and uncontrolled endpoint sprawl make organizations more vulnerable to cyberattacks, creating new attack surfaces rather than shutting them down.

Good endpoint security starts with preventing malware, ransomware, and file-based and fileless exploits from entering a network. It also needs to go beyond laptops, desktops and mobile devices, and that’s one reason why extended detection and response (XDR) growing today.

A report sponsored by Custom and performed by Pony Institute titled Managing risk and costs at the edge [subscription required] was published today highlighting how difficult it is to get endpoint security right. The research found that companies struggle to maintain visibility and control over their endpoint devices, leading to increased security breaches and a decreased ability to fend off attacks from the outside.

What CISOs Want in Endpoint Security

Determining which agents, scripts, and software are updated by an endpoint security platform is a key focus today. As a result, organizations are looking for a platform to detect and prevent threats while reducing false positives and alerts. CISOs and CIOs want to consolidate security applications, often starting with endpoints, as they account for a large percentage of budgeted spend. The goal is to consolidate applications and have a single real-time view of all endpoints in an organization.

The most advanced endpoint security solutions can collect and report the configuration, inventory, patch history, and existing policies for an endpoint in real time. They can also scan endpoints on and off the network to determine which patches need them and apply them automatically without impacting device or network performance. Most importantly, the most advanced endpoint solutions can heal and regenerate itself after an attack†

Why securing endpoints is getting harder

IT and IT security teams struggle to get an exact count of their endpoints at any given time, making creating a baseline to measure their progress a challenge. The Ponemon Institute research found that the average enterprise manages approximately 135,000 endpoint devices. And while the average annual budget companies spend on endpoint security is about $4.2 million, 48% of endpoint devices, or 64,800 endpoints, are undetectable on their networks.

Businesses pay a high price for minimal endpoint visibility and control. For example, 54% had an average of five attacks on their organizations last year, at an average annual cost of $1.8 million. In addition, the majority of business security leaders surveyed, 63%, say the lack of endpoint visibility is the number one barrier for their organizations to achieve a stronger security posture.

Key insights from Ponemon’s research on endpoint security include:

Ransomware remains the biggest threat to endpoint security

The number one concern of senior security leaders is ransomware attacks that use file-based and file exploits to infiltrate corporate networks. Ponemon’s survey found that 48% of senior security executives say ransomware is the biggest threat, followed by zero-day attacks and DDoS attacks.

Their findings are consistent with studies done earlier this year showing how ransomware attackers accelerate as quickly as possible weaponizing vulnerabilities†

• A recent survey by endpoint security provider Sophos found that 66% of organizations worldwide were victims of a ransomware attack last year. 78% of the year before†
• Ivanti’s Ransomware Index Report Q1 2022 discovered a 7.6% increase in vulnerabilities related to ransomware in Q1 2022† The report revealed 22 new vulnerabilities related to ransomware (bringing the total to 310), 19 of which are linked to Conti, one of the most prolific ransomware groups of 2022.
• CrowdStrike’s Global Threat Report 2022 found ransomware incidents increased by 82% in just one year. In addition, script attacks that aim to compromise endpoints continue to: accelerate quicklyfurther underlining why CISOs and CIOs are prioritizing endpoint security this year.
• The bottom line is that the future of ransomware detection and eradication is: data driven† Leading vendors’ endpoint security platforms with ransomware detection and response include: Absolute Softwarewhose Response to ransomware builds on the company’s expertise in endpoint visibility, control, and resiliency. Additional suppliers include: CrowdStrike Falcon† Ivantic† Microsoft Defender 365† Sophos† Trend Micro† ESET and others.

Staff shortages, IT and IT security struggle to keep configurations and patches current

Most IT and IT security leaders say the number of distribution points supporting endpoints has grown significantly over the past year. Seventy-three percent of IT operations believe that maintaining the latest OS and application versions of all endpoints is the most difficult task to manage endpoint configuration management. Patches and security updates are the most difficult aspect of endpoint security management for IT security teams.

Cybersecurity vendors are using different approaches to solve this challenge.

IT operations lead the way in reducing distribution point sprawl

Ponemon asked IT and IT security leaders to rate their effectiveness on a 10-point scale of four edge and endpoint security areas.

• Thirty-eight percent of IT operations rate their effectiveness in reducing distribution point sprawl as very or very effective, versus 28% for IT security. As a result, IT security is more confident in its effectiveness to ensure that all software is up to date and that its configuration complies with security policies.
• Across all four categories, the average confidence level of IT is 36%, while that of IT security is 35.5%. However, there is significant upside for each to improve, starting with better enterprise device encryption, more frequent device OS version updates, and more frequent patch updates. For example, the recent research of absolute Software, the value of zero trust in a WFA worldfound that 16% of business devices are unencrypted, 2 out of 3 business devices have OS versions with two or more versions behind, and an average business device is 77 days out of date from current patching.

Endpoint security risk and cost management

The Ponemon Institute research shows how distribution and proliferation of endpoints can quickly spiral out of control, leaving 48% of devices unidentifiable on an organization’s network. Given how quickly machine identities are growing, it’s no wonder CISOs and CIOs are looking at how to use zero trust as a framework to enforce least-privileged access, improve identity access management, and better control the use of privileged access credentials. Just like endpoint security, so is the financial performance of any business, as it is the largest and most challenging threat vector to protect.

The bottom line is that investing in cybersecurity is a business decision, especially when it comes to improving endpoint security to mitigate ransomware, malware, intrusion attempts, social engineered attacks, and more.