Are endpoints the most vulnerable part of the network?
Posted on 18 July 2014.
Only 39% of companies have advanced endpoint security protections in place even though 74% consider endpoints to be “most vulnerable” to a cyber-attack, and 76% say the number of endpoints is rising.

In addition, 58% of respondents said traditional anti-virus defenses no longer address advanced targeted threats and only 19% believe they will play a vital role in the future.

A new Promisec survey found that 70% of IT professionals are either ‘highly’ or ‘moderately’ concerned about a potential security breach in the next year but only 32% say they are ‘well prepared’ for a cyber-attack.

74% of respondents consider endpoints, such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network. Case in point, only 32% of companies said they were able to complete Microsoft patch updates in less than a week even though these updates play a key role eliminating known vulnerabilities. Moreover, 34% said it took up to a month, 19% said it took over a month and 14% “never” achieved full rollout of updates. In spite of these endpoint security challenges, only 30% have a dedicated endpoint security budget.

More than half of respondents said there is a bigger need for SIEM and/or advanced threat detection and correlation systems to have deeper endpoint analytics. The respondents categorized it as ‘very important’ as endpoints are a common attack point and monitoring these points of entry are vital to identifying an attack and taking steps toward remediation.

A majority of VP and C-Level IT leaders surveyed indicated a heightened fear of a security breach in the coming year and acknowledged a rapidly shifting security landscape, which now includes endpoint security.
  • 33% of VP and C-Level IT leaders surveyed said they have advanced endpoint protections in place but 75% indicated they have a need for deeper endpoint analytics to assist in threat detection.
  • Nearly 70% of VP and C-Level IT leaders put endpoints at the top of their most vulnerable list.
  • An Overwhelming majority of VP and C-Level IT Leaders (83%) say antivirus solutions are not part of their future for protecting against advanced threats.
  • An alarming 86% of VP and C-Level IT Leaders have a heightened fear of a breach over the next year.
“The security landscape continues to evolve in response to a new breed of more complex and sophisticated threats, where traditional blocking and prevention mechanisms, such as firewall, anti-virus and anti-malware software, are simply no longer enough to keep our networks safe,” said Dan Ross, CEO of Promisec. “Our survey indicates that companies have begun to embrace endpoint security as a critical part of their total security portfolio, but have yet to adopt a robust endpoint monitoring and remediation infrastructure to address today’s most severe threats.”

Companies struggle to keep pace with advanced targeted threats:
  • 55% of respondents say they are “not confident” that the security measures they have in place will protect against all scenarios.
  • 40% of respondents said that they are only ‘modestly’ keeping up with BYOD and mobility trends as the number of endpoints increase on their network.
  • 45% of respondents said there has been only a ‘modest increase’ in their companies stepping up its focus on security in response to threats but there are still possible gaps in security.
  • 58% said employees are reasonably compliant and use caution but believe they could do a better job establishing and enforcing basic protocols.
  • 56% of respondents said that patching, remediation, and compliance are the biggest challenges relative to endpoint security.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th