Endpoint
6/13/2017
01:04 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Businesses Spend 1,156 Hours Per Week on Endpoint Security

Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.

Insecure endpoints are an expensive risk and difficult to address. Businesses spend millions of dollars, and hundreds of hours, on detecting and containing endpoint alerts but can't come close to catching them all.

A new study entitled "The Cost of Insecure Endpoints," commissioned by Absolute and conducted by the Ponemon Institute, polled 556 IT and IT security practitioners responsible for detecting, evaluating, and/or containing insecure endpoints within their organizations.

The businesses in this study manage an average of approximately 27,364 endpoints, nearly half (55%) of which contain sensitive or confidential information. These endpoints generate nearly 615 alerts in a typical week, nearly 60% of which involve malware infections.

An average of 1,156 hours is spent each week on detecting and containing insecure endpoints. Less than half (45%) of the 615 alerts are considered reliable, and only 115 are actually investigated.

"That's a lot of time for your security staff to be analyzing whether an alert is reliable or not," says Richard Henderson, global security strategist for Absolute. "You need a big team to investigate that many unique alerts per week."

Organizations spend an average of $3.4 million in resources to figure out the amount of hours spent each week on detection and containment of insecure endpoints. They can spend up to $6 million each year on the time it takes to find and lock insecure endpoints, hours wasted on erroneous alerts, and unplanned downtime and business interruption for employees.

Many alerts can be investigated in five to 10 minutes; the problem, he says, is this time quickly adds up and many alerts go unaddressed. The average cost of each failed endpoint is $612.45.

The struggle to properly secure endpoints is leaving businesses vulnerable to threats like ransomware, which has "changed the landscape" for endpoint security in the last couple of years, he explains.

"Ransomware is not going to go away any time soon because companies continue to pay," he says. The problem would not be as severe if data was properly secured, employees practiced good data hygiene, and patches were implemented upon release.

Most people neglect to patch their systems, researchers found. Three-quarters of respondents said the most commonly found security gap on their endpoint is out-of-date or unpatched software.

"You might as well just leave the bank vault open and leave the money for the robber," Henderson says of unpatched systems.

Endpoint security will continue to be a problem as new employees bring their own devices into the workplace. Businesses will look to automation to offset the cost and challenges of finding and hiring security talent.

"The future is going to be semi-automated or fully automated for most security technologies," Henderson notes. Organizations will need to farm out traffic monitoring across endpoints, and trust their systems to assess what's important and weed out unnecessary info. Researchers found only 40% of businesses use automated tools to evaluate threats.

The problem is, most security teams don't have the budget to afford new automated systems, either. More than half (51%) say cost stops them from buying these tools; 44% cite complexity as an issue and 30% claim lack of confidence in the products.

Henderson acknowledges the high cost of tech can be a burden in security. It's tough to justify the price of expensive tools when a sign of their effectiveness is a lack of alerts or other activity.

"Security teams don't get whatever they need," he says, debunking a popular misconception among business workers. "Companies have finite budgets, and they need to scrape for every inch or every cent they get in infosec."

Related Content:

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/13/2017 | 5:49:44 PM
Business Model for InfoSec Contract Firms
These stats are a good example of how the business model for contract firms handling only endpoint security has great potential to be successful in the long term.  Looking at the current ecosystem of the industry, with high-end automation tools often intimidating smaller business, contracting out to firms who do custom coding or leverage free and open source (FOSS) security solutions may make sense from an economic standpoint.  I'm not sure how many of these organizations who are hurting are actually already using firms like this, but I suspect most were trying to use their own in-house IT talent to chase down the holes.  There are lots of excellent tactical security teams out there who do more than just investigate specific exploits but also strategize ways to best leverage smaller automation tools mixed with "intuition" based on years and variety of experience to aid these same businesses achieve higher levels of security without wasting their own IT resources.
FTC Opens Probe into Equifax Data Breach
Jai Vijayan, Freelance writer,  9/14/2017
Equifax CIO, CSO Step Down
Dark Reading Staff 9/15/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.