As the workforce becomes increasingly mobile, a wide range of endpoints are being used to access the corporate IT environment from outside the firewall. This has created an ever-expanding attack surface for hackers to exploit, and traditional antivirus tools are unable to detect and block today’s sophisticated threats.
According to the 2018 State of Endpoint Security Risk report from the Ponemon Institute, endpoints are increasingly used as the entry point for cyberattack. Nearly two-thirds of companies were compromised by attacks originating on endpoints in the preceding 12 months, a 20 percent year-over-year increase.
The IT and security professionals surveyed said that zero-day and file-less malware attacks were the biggest threats to their organizations. More than three-fourths (76 percent) of successful attacks leveraged unknown and polymorphic malware, and these techniques were four times more likely to succeed than traditional attacks.
The costs of a successful attack increased 42 percent year-over-year. In 2018, endpoint attacks cost organizations $440 per endpoint on average. For small to midsize businesses the cost was $763 per endpoint.
Organizations are finding that traditional endpoint security strategies leave significant gaps in protection. Patching, while critical, has a natural delay that leaves endpoints vulnerable in the interim. That delay is increasing as patches and updates are issued more frequently, and must be thoroughly tested before rollout. The Ponemon survey found that it takes organizations 102 days on average to apply patches, and 43 percent of respondents admitted that patching is taking longer.
Antivirus software has traditionally been the go-to tool for endpoint security, but legacy solutions are unable to keep up with evolving threats. Seventy percent of organizations surveyed by Ponemon have replaced or plan to replace their antivirus solution in the next 12 months. The top reasons include high false positives, inadequate protection and management complexity.
To close these gaps, organizations are investing in endpoint detection and response (EDR), a term coined by Gartner analyst Anton Chuvakin in 2013. EDR refers to tools that continuously monitor endpoints and investigate suspicious activity. Information is captured and stored in a database where it can be analyzed to detect anomalies such as unexpected processes or unusual connections. This data also gives IT security pros the visibility they need to investigate incidents and proactively look for threats.
EDR operates on the principle that some threats will get past initial defenses. Best-in-class solutions are capable of identifying attacks that involve multiple threats, and blocking threats as soon as they are detected. These solutions also feature threat hunting and incident response capabilities that help prevent one compromised endpoint from becoming a major security breach.
According to the Ponemon study, preventing the spread of an attack post-compromise was one of the main drivers for EDR adoption. However, most companies investing in EDR solutions said that blocking attacks pre-compromises was their top challenge and priority. Because of this disconnect, organizations estimate that just 46 percent of EDR features are ever used.
The Technologent team can help you develop an effective endpoint security strategy, evaluate EDR solutions and feature sets, and fully leverage EDT capabilities. Let us help you beat the odds of a successful endpoint attack by continuously monitoring endpoints and responding to threats.
May 21, 2019