Are endpoints the most vulnerable part of the network?
Posted on 18 July 2014.
Only 39% of companies have advanced endpoint security protections in place even though 74% consider endpoints to be “most vulnerable” to a cyber-attack, and 76% say the number of endpoints is rising.


In addition, 58% of respondents said traditional anti-virus defenses no longer address advanced targeted threats and only 19% believe they will play a vital role in the future.

A new Promisec survey found that 70% of IT professionals are either ‘highly’ or ‘moderately’ concerned about a potential security breach in the next year but only 32% say they are ‘well prepared’ for a cyber-attack.

74% of respondents consider endpoints, such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network. Case in point, only 32% of companies said they were able to complete Microsoft patch updates in less than a week even though these updates play a key role eliminating known vulnerabilities. Moreover, 34% said it took up to a month, 19% said it took over a month and 14% “never” achieved full rollout of updates. In spite of these endpoint security challenges, only 30% have a dedicated endpoint security budget.

More than half of respondents said there is a bigger need for SIEM and/or advanced threat detection and correlation systems to have deeper endpoint analytics. The respondents categorized it as ‘very important’ as endpoints are a common attack point and monitoring these points of entry are vital to identifying an attack and taking steps toward remediation.

A majority of VP and C-Level IT leaders surveyed indicated a heightened fear of a security breach in the coming year and acknowledged a rapidly shifting security landscape, which now includes endpoint security.
  • 33% of VP and C-Level IT leaders surveyed said they have advanced endpoint protections in place but 75% indicated they have a need for deeper endpoint analytics to assist in threat detection.
  • Nearly 70% of VP and C-Level IT leaders put endpoints at the top of their most vulnerable list.
  • An Overwhelming majority of VP and C-Level IT Leaders (83%) say antivirus solutions are not part of their future for protecting against advanced threats.
  • An alarming 86% of VP and C-Level IT Leaders have a heightened fear of a breach over the next year.
“The security landscape continues to evolve in response to a new breed of more complex and sophisticated threats, where traditional blocking and prevention mechanisms, such as firewall, anti-virus and anti-malware software, are simply no longer enough to keep our networks safe,” said Dan Ross, CEO of Promisec. “Our survey indicates that companies have begun to embrace endpoint security as a critical part of their total security portfolio, but have yet to adopt a robust endpoint monitoring and remediation infrastructure to address today’s most severe threats.”

Companies struggle to keep pace with advanced targeted threats:
  • 55% of respondents say they are “not confident” that the security measures they have in place will protect against all scenarios.
  • 40% of respondents said that they are only ‘modestly’ keeping up with BYOD and mobility trends as the number of endpoints increase on their network.
  • 45% of respondents said there has been only a ‘modest increase’ in their companies stepping up its focus on security in response to threats but there are still possible gaps in security.
  • 58% said employees are reasonably compliant and use caution but believe they could do a better job establishing and enforcing basic protocols.
  • 56% of respondents said that patching, remediation, and compliance are the biggest challenges relative to endpoint security.





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //