A recent research report from security organization Absolute and the Ponemon Institute said that over the past year, malware infections increased 53%, malware severity increased 46%, and more than half of endpoints contain sensitive information and are vulnerable to attack.
The survey also found that massive amounts of time and money are wasted on ineffective endpoint security solutions and lack of endpoint visibility and control is a major issue. Ineffective overall endpoint security protection costs an average of $6 million in detection, response, and wasted time. Only 27% of survey respondents have confidence that their company can identify the endpoint devices which pose the greatest risk in a highly effective fashion. Worse, 20% reported having no endpoint security strategy at all.
On average, according to the report, companies spend over 1150 hours on a weekly basis attempting to detect and contain insecure endpoints, which represents a cost of $6 million spent detecting and containing insecure endpoints or suffering unplanned downtime. Nearly half of those hours are spent chasing false positives, which equates to $1.37 million of annual wasted expenditures. Overall, the average annual cost for detecting and containing insecure endpoints is approximately $3.4 million, based on an average wage of $62.10.
Some other intriguing statistics from the report:
- 75% of respondents stated they are not keeping up with security patches.
- 59% believed there is at least a 10% chance of a data breach putting at risk 1,000 or more records containing sensitive or confidential information in the next year.
- 70% rated themselves as below average in detecting insecure or offline endpoint devices.
- 63% cannot monitor offline endpoint devices.
- 56% aren’t able to, or aren’t sure if they can determine endpoints compliance with company protocols.
The report illustrates the difficulties with managing endpoint devices as well as mitigating risks and responding to threats — even with the technology currently available and in use. As someone who manages endpoints, I believe the solution to these problems can be found in the concepts of planning, appropriate technology and automation.
The report shows that many organizations don’t have a solid endpoint risk management plan in place to protect the business, no endpoint risk management process, or otherwise employ an “ad hoc” formula for handling these threats. That’s a recipe for disaster in the making. It’s important to establish a centralized strategy for managing and securing your entire environment, from in-house systems to mobile devices.
If you haven’t already, consider implementing policies on the following:
- Mobile Device Computing
- Information Security
- Network Security
- Information Security Incident Reporting
Templates for all of these are available on TechRepublic’s sister site, Tech Pro Research. Implementing policies will help build and enforce standards, such as encrypting storage on mobile devices, mandating security controls such as complex passwords and responding to potential or executed threats.
Be particularly careful with BYOD (bring your own device). Employee-owned devices represent an especially high risk when used to process and store business data, since these are often not subjected to security controls, frequently used by non-employees, and can retain company data when an employee departs the organization. Customize the above policies (or your existing ones if necessary) to ensure BYOD is factored in.
Also make sure you have a plan for handling risks and addressing security incidents, document this strategy then ensure all responsible employees are familiar with it. Educate IT and/or Security staff as needed to ensure they possess the skills required on an ongoing basis for endpoint management.
Test and update all policies as needed to ensure the appropriate steps are being followed and remain relevant.
As the report indicates, technology to protect endpoints hasn’t been entirely sufficient when implemented. Look for areas of inefficiency and focus on shoring up these processes:
The report stated that the most frequent method used to defend against malware is manual analysis and inspection. Individual stand-alone anti-malware products aren’t sufficient; a centralized anti-malware solution should be in place to protect workstations and devices, automatically deploy signature updates, and provide a dashboard view of the health of the endpoint environment.
Mobile device management
The ability to control mobile devices and establish standard security controls to apply to both company and employee-owned devices is essential. As the survey demonstrated, mobile device management solutions which function when the device is offline or not connected to the company network is a key element to endpoint protection.
Workstations should be locked down via a set of security policies intended to protect systems and company data. Take advantage of elements such as Active Directory’s Group Policy features to help standardize the environment, such as by requiring periodic password changes, limiting access to unauthorized systems and disabling the use of flash drives.
Out-of-date or unpatched software was described in the report as the most common gap in endpoint security. Simply letting the generic Windows Update process run on its own will leave organizations with no real way to track client compliance status. As with anti-malware protection, a centralized patch distribution strategy is the key to ensuring devices remain up-to-date.
Alerting and reporting capabilities focusing on system status are critical for users and administrators alike. Many anti-malware products will notify the user if signatures are out of data, for instance, but this means little if no action is taken. Consider pairing alerting mechanisms with security scanners (such as Qualys) to identify potential vulnerabilities among endpoints and provide remediation advice.
Alerts have to be valid to be meaningful. The report states that on average, an organization can receive an average of nearly 615 endpoint alerts in a typical week, but less than a fourth of those are investigated and less than half of the same number are considered reliable. Sixty-one percent of these alerts are malware-related.
Manual processes are often the root cause of endpoint security woes. Simply put, human effort isn’t consistent or reliable enough to ensure the security of the entire environment. Other issues crop up, interruptions are rampant, and schedules become overloaded.
According to the report, the majority of malware containment can be handled by automated tools. However, only 40% of respondent companies are using automated tools that can intelligently assess malware threats. Thirty-nine percent stated they have automated tools that can detect and contain insecure endpoints, and 38% utilize automated tools which can to monitor sensitive or confidential data stored on client endpoints. Just 28% of respondents stated their organizations determine compliance via automated analysis and inspection.
Cost isn’t so much as factor for these relatively low figures as headcount; insufficient staffing resources were reported as the top impediment to implementing automation controls. However, it’s important to point out that automation can save money by improving endpoint security; companies utilizing these controls reported savings of up to 56% of their time, freeing staff up for other endeavors. The report found that companies could save $2.1 million annually by automating security. It’s obvious that automation is the key to tying together planning and appropriate technology to ensure success in endpoint protection.