We recently surveyed 600 security professionals to hear their view on the state of endpoint security in 2018. Here’s what we learned.
The industry is abuzz with endpoint security solutions. From the traditional, signature-based antivirus approaches to endpoint protection platforms that incorporate machine-learning, heuristic and behavioral techniques for malware detection. Each claim close to 100% coverage and gloats almost perfect lab reviews. Yet, a key finding in our recent survey on The State of Endpoint Security in Addressing Malware and Other Modern Cyber Threats revealed that of the 600 security professionals who responded, 70% deemed their endpoint controls unable to prevent a significant malware attack.
In short, defenders are still not getting ahead despite the continued innovation in endpoint security. As captured in the following chart, the majority of survey respondents considered their antivirus or EPP solutions to be far less effective than the third-party tests and vendors’ claims would lead them to believe.
One of the reasons for the relatively low perception of the efficacy of AV and EPP solutions at preventing threats is the continued evolution of attack techniques. Modern malware employs evasive techniques that successfully bypass such defenses to remain undetected by existing solutions.
But security coverage alone, although a prime factor when assessing security solutions, should not be the sole factor.
In a recent webinar we ran, How to Evaluate Endpoint Security Products, we shared several tips for assessing endpoint security solutions, covering both the efficacy of a solution but no less importantly, operational aspects of the solution. After all, a product may stop all attacks, but it’s not valuable if it makes the endpoint unusable.
Since IT environments are complex and change quickly, operational aspects of the solution are especially crucial in environments where resources are already stretched and strained with multiple tasks. This is a point reinforced by the conversations we have with CISOs, where we hear all too often that the “soft costs” of managing security tools are too often overlooked.
Organizations need to evaluate a variety of operational aspects when selecting the right solution for safeguarding endpoints. This includes assessing how it plays with other solutions, the managerial burden on the team, as well as the impact on business and user productivity.
Another critical consideration for an endpoint security solution is its support for not only modern, but also older systems. When asking respondents which of the following operational aspects do they find most important, the survey revealed that more than 40% of respondents prioritized a solution that could operate on endpoints that are low on resources.
Enterprises are mindful of the need to protect legacy systems, despite the challenges in doing so, alongside safeguarding newer systems. Endpoint security solutions need to support this diversity in a manageable way and allow teams to protect older or low resource systems without affecting business productivity.
All too often enterprises see breaches occurring as a result of systems not being protected because the solution couldn’t fully support older or low-resource systems. Sometimes a single agent cannot handle a heterogeneous environment and the managerial overhead becomes a game of balancing risk. Organizations should not have to choose efficacy over operational efficiencies, but find a solution that is built with these considerations in mind.
To learn more about key endpoint security concerns of information security professionals, read the full report.