Most network endpoints are in the dark: Do you know how to find them?

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

Traditional manual endpoint security approaches are ineffective and resource-intensive, leading to neglect of basic maintenance such as patches and updates, according to Ponemon Institute research into the practices of more than 550 enterprise security and IT professionals.

endpoint security automation

Respondents pointed to automation as the answer to saving more than $3.4 million per year, strengthening their endpoint security posture and improving mean time to remediate incidents.

Endpoint security automation was found to be the key to maintaining visibility and control of endpoints in the face of sharp increases in dark endpoints — devices that are off the network, lost, stolen, rogue or operating without effective security in place. According to the survey, automation can better prepare organizations to establish and, more importantly, maintain a desired state of layered endpoint defenses, ensure continued endpoint application integrity and expedite remediation.

Automation was also found to be the primary tool needed to combat the rise in fruitless investigation efforts, which are wasting an average of 425 man-hours each week, as teams chase both false negatives and false positives.

“With the looming threat of ransomware attacks and embarrassing data breaches, there is a growing need to automate the security, care and maintenance of the endpoint,” said Christopher Bolin, chief strategy officer at Absolute. “This study underscores the new reality that automation and improved approaches to endpoint security can fill the widening visibility and control gaps across an enterprise’s endpoint population, as well as safeguard an endpoint throughout its life cycle, resulting in a stronger security posture and optimal business performance.”

Endpoint security automation

The survey also found that 61 percent of respondents want automation in their endpoint security arsenal to improve their endpoint security posture and to address:

Out-of-date or unpatched OS and software: A rise in ransomware attacks has called attention to the need for more frequent and effective patching. Seventy-five percent of respondents say they are not keeping up with software patching, and 55 percent say applications have been removed or corrupted. With automation, enterprises can increase efficiency and effectiveness of critical patch updates.

Brittle, easily compromised endpoint controls: A primary reason endpoints — and the data on them — are so vulnerable today is the ease with which endpoint controls are disabled or rendered ineffective, either intentionally or by accident. Manually maintaining these controls is a daunting challenge for organizations as they work to capture intelligence and evaluate the true threat posed by insecure endpoints.

Dangerous blind spots: Off-network devices, disabled tracking, broken endpoint controls and security alert noise cause blind spots that lead to dangerous vulnerabilities and a false sense of security. Only with firmware-level visibility and deep contextual insights across a range of telemetry can users see, understand and act on threats and vulnerabilities in near-real time.

Help desk distractions: Fragility of endpoint controls is a leading cause of calls to help desks, which receive nearly 615 endpoint alerts in a typical week, only 45 percent of which are considered reliable. Valuable time and resources are exhausted in manually completing time-consuming tasks such as resetting VPN clients and ensuring the integrity of the layered endpoint controls.

endpoint security automation

The study takes into account the security practices and budgets of more than 550 IT and security practitioners. While the results were staggering, the research did not take into account the liability associated with the increased risk of data breaches that are becoming all too commonplace as workers place data at risk on laptops, mobile phones and tablets.