Endpoint security spending is at an all-time high.
Spending on endpoint security tools grew by 8.1% in 2020 alone and is expected to continue growing at a CAGR of 8.1% between 2021-2028. But is all that spending helping organizations reduce risk?
Right now, the answer appears to be a resounding “No.” Then again, what does?
A recent study by Ponemon Institute found that 68% of organizations suffered a breach of data assets or IT infrastructure during 2020 caused by an endpoint attack. The same study found that more than two-thirds of organizations had experienced a higher frequency of endpoint attacks than the previous year.
Worse still, the same study found the cost of successful endpoint attacks has risen year on year from $5.01 million in 2017 to $8.94 million in 2020.
So what’s going wrong?
4 Endpoint Security Challenges
Today, several challenges stand in the way of effective endpoint security:
Challenge #1: A rapidly growing number of endpoints
Digital transformation and the compulsory move to remote working have caused corporate networks to grow at an unprecedented rate. Gartner predicts the number of devices in use globally will rise to 6.4 billion in 2022, an increase of almost 400 million since the start of the COVID-19 pandemic—and remote work is the top cause.
Since every endpoint connected to a corporate network is a potential infiltration point for an attacker, this poses a substantial security threat.
Challenge #2: Lack of visibility
The surge in endpoints intensifies a related challenge—not all endpoints are known to IT and security teams. This is partly due to so-called shadow IT. However, there’s a deeper issue.
Legitimate endpoints typically have multiple agents installed on them for functions such as IPS, AV, patch management, and more. However, most organizations don’t have a central repository or monitoring solution that keeps track of those agents or the endpoints they are installed on. This results in a chronic lack of visibility across the entire attack surface, creating a further security risk.
Challenge #3: Lack of human resources
The cybersecurity skills gap is well-publicized, and it poses a considerable challenge for endpoint security. EDR tools do an excellent job of detecting possible issues, but they create a lot of noise in the form of false positives. With so many alerts and so few skilled analysts to process them, it’s inevitable security teams will miss some genuine incidents.
Cyber Threat Intelligence (CTI) has been proposed as the solution to these challenges. However, analysts seldom have unfettered access to the intelligence they need when and where they need it. As a result, many security teams chronically underuse the CTI they collect and pay for and continue to struggle with false positives and lack of endpoint threat context.
Challenge #4: Complexity
With many clients installed on each endpoint and analysts using several discrete tools to identify, investigate, and resolve endpoint security issues, complexity has become a huge challenge.
Complexity has become such a widespread issue that 50% of organizations are actively reducing the number of tools they use for endpoint security because it hinders effectiveness. At present, teams lack access to effective orchestration and automation capabilities, forcing analysts to interact manually with each tool. This is cumbersome and time-consuming, extending critical metrics such as MTTI/MTTR and putting the organization at risk.
How Do We Overcome These Hurdles?
Nothing we’ve said here should be surprising.
As time goes on, corporate networks inevitably become more complex. Numbers of endpoints (not to mention services, applications, etc.) rise, and naturally, it becomes increasingly difficult to keep track of IT operations.
Simply, as complexity rises, visibility falls—and effective cybersecurity becomes more difficult.
And the issue of lacking human resources? Well, the security skills gap has been covered to death.
Honestly, everybody has known about these issues for a long time. They hinder endpoint security in precisely the same way they hinder every other area of cybersecurity. So what can we do about it?
Watch our on-demand webinar, Cyber Fusion for Endpoint Security, where two of our top SME's in threat intelligence and SOAR respectively, answered this question and more with this thesis: Endpoint security needs Cyber Fusion to significantly enhance endpoint threat detection, investigation, and response with some core capabilities to demo across specific use cases.
During the webinar, they discuss:
- The five main barriers to effective endpoint security (and how to overcome them)
- Why endpoint security tools don't address these barriers (when used in isolation)
- Four critical capabilities you need to reliably detect and remediate endpoint threats
- What cyber fusion is, why it's different to SOAR, and how it fits into endpoint security
- Six cyber fusion use cases that will drastically improve your endpoint security outcomes
Thomas Bain is the Vice President, Marketing at Cyware, a high-growth cybersecurity organization. Bain leads all Marketing and Inside Sales efforts at Cyware. He was most recently with RiskRecon, a Mastercard company, where he held the position of Senior Vice President of Marketing. He also holds board advisory positions with SafeGuard Cyber and Measured Risk.