Endpoint security lags in spite of vulnerabilities

Endpoint security solutions today continue to lag, failing to provide adequate protection or detection against today’s security threats, according to Promisec. Survey results point to increased security gaps and vulnerabilities in spite of widespread fear of security breaches.

Fewer companies today (32%) said they have advanced endpoint security protections in place, which is down from 39% last year, even though an increasing number of respondents (73% this year vs 58% last year) consider endpoints to be “most vulnerable” to a cyber-attack.

Although more respondents recognize that endpoints are vulnerable to a cyber-attack, fewer companies today said they have endpoint protection in place compared with last year. In addition, 67% of respondents said the number of endpoints is rising, down from 76% last year.

An increased number of respondents (74%) said traditional anti-virus defenses no longer address advanced targeted threats and only 26% believe they will play a vital role in the future. This compares to 58% and 19% respectively, in last year’s survey, which illustrates a continued trend away from traditional anti-virus defenses.

The survey found that 82% of IT professionals are either ‘highly’ or ‘moderately’ concerned about a potential security breach in the next year but only 31% say they are ‘well prepared’ for a cyber-attack. 73% of respondents consider endpoints, such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network. In spite of significant concern of a potential data breach and the value of endpoint security, most companies have inadequate defenses in place.

Case in point, only 31% of companies said they were able to complete Microsoft patch updates in less than a week even though these updates play key role eliminating known vulnerabilities. Moreover, 40% said it took up to a month (compared to 34% last year), 13% said it look over a month (compared with 19% last year), and 16% “never” achieved full rollout of updates, up slightly from 14% last year). In spite of these endpoint security challenges, only 25% have a dedicated endpoint security budget, down from 30% last year.

These findings indicate little change from last year, implying there is stronger reason to believe that the hackers would have susceptible environments with which to breach. Security awareness may be up, but actions are unchanged.

Approximately half of respondents continue to agree that there is a bigger need for SIEM and/or advanced threat detection and correlation systems to have deeper endpoint analytics. The respondents categorized it as ‘very important’ as endpoints are a common attack point and monitoring these points of entry are vital to identifying an attack and taking steps toward remediation.

A majority of VP and C-Level IT leaders surveyed indicated a heightened fear of a security breach in the coming year and acknowledged a rapidly shifting security landscape, which now includes endpoint security.

• 29% of VP and C-Level IT leaders surveyed said they have advanced endpoint protections in place, compared with 33% last year, but 82% indicated they have a need for deeper endpoint analytics to assist in threat detection, up from 75% last year. In spite of growing demand for endpoint security, fewer companies this year have endpoint security systems in place.
• Nearly 71% of VP and C-Level IT leaders put endpoints at the top of their most vulnerable list, virtually unchanged from last year.
• An Overwhelming majority of VP and C-Level IT Leaders (81%) say antivirus solutions are not part of their future for protecting against advanced threats, vs 83% last year.
• An alarming 89% of VP and C-Level IT Leaders have a heightened fear of a breach over the next year, which indicates steady growth over 86% last year.

Companies struggle to keep pace with advanced targeted threats:

• 70% of respondents say they are “not confident” that the security measures they have in place will protect against all scenarios, up significantly from 55% last year. This indicates growing fear of a security breach in a more complex and sophisticated threat environment.
• 43% of respondents said that they are only ‘modestly’ keeping up with BYOD and mobility trends as the number of endpoints increase on their network, up from 40% last year.
• 46% of respondents said there has been only a ‘modest increase’ in their companies stepping up its focus on security in response to threats but there are still possible gaps in security, virtually unchanged from last year.
• 63% said employees are reasonably compliant and use caution but believe they could do a better job establishing and enforcing basic protocols, up slightly from 58% last year.
• 54% of respondents said that patching, remediation, and compliance are the biggest challenges relative to endpoint security, virtually unchanged from last year.