Endpoint
6/13/2017
01:04 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Businesses Spend 1,156 Hours Per Week on Endpoint Security

Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.

Insecure endpoints are an expensive risk and difficult to address. Businesses spend millions of dollars, and hundreds of hours, on detecting and containing endpoint alerts but can't come close to catching them all.

A new study entitled "The Cost of Insecure Endpoints," commissioned by Absolute and conducted by the Ponemon Institute, polled 556 IT and IT security practitioners responsible for detecting, evaluating, and/or containing insecure endpoints within their organizations.

The businesses in this study manage an average of approximately 27,364 endpoints, nearly half (55%) of which contain sensitive or confidential information. These endpoints generate nearly 615 alerts in a typical week, nearly 60% of which involve malware infections.

An average of 1,156 hours is spent each week on detecting and containing insecure endpoints. Less than half (45%) of the 615 alerts are considered reliable, and only 115 are actually investigated.

"That's a lot of time for your security staff to be analyzing whether an alert is reliable or not," says Richard Henderson, global security strategist for Absolute. "You need a big team to investigate that many unique alerts per week."

Organizations spend an average of $3.4 million in resources to figure out the amount of hours spent each week on detection and containment of insecure endpoints. They can spend up to $6 million each year on the time it takes to find and lock insecure endpoints, hours wasted on erroneous alerts, and unplanned downtime and business interruption for employees.

Many alerts can be investigated in five to 10 minutes; the problem, he says, is this time quickly adds up and many alerts go unaddressed. The average cost of each failed endpoint is $612.45.

The struggle to properly secure endpoints is leaving businesses vulnerable to threats like ransomware, which has "changed the landscape" for endpoint security in the last couple of years, he explains.

"Ransomware is not going to go away any time soon because companies continue to pay," he says. The problem would not be as severe if data was properly secured, employees practiced good data hygiene, and patches were implemented upon release.

Most people neglect to patch their systems, researchers found. Three-quarters of respondents said the most commonly found security gap on their endpoint is out-of-date or unpatched software.

"You might as well just leave the bank vault open and leave the money for the robber," Henderson says of unpatched systems.

Endpoint security will continue to be a problem as new employees bring their own devices into the workplace. Businesses will look to automation to offset the cost and challenges of finding and hiring security talent.

"The future is going to be semi-automated or fully automated for most security technologies," Henderson notes. Organizations will need to farm out traffic monitoring across endpoints, and trust their systems to assess what's important and weed out unnecessary info. Researchers found only 40% of businesses use automated tools to evaluate threats.

The problem is, most security teams don't have the budget to afford new automated systems, either. More than half (51%) say cost stops them from buying these tools; 44% cite complexity as an issue and 30% claim lack of confidence in the products.

Henderson acknowledges the high cost of tech can be a burden in security. It's tough to justify the price of expensive tools when a sign of their effectiveness is a lack of alerts or other activity.

"Security teams don't get whatever they need," he says, debunking a popular misconception among business workers. "Companies have finite budgets, and they need to scrape for every inch or every cent they get in infosec."

Related Content:

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/13/2017 | 5:49:44 PM
Business Model for InfoSec Contract Firms
These stats are a good example of how the business model for contract firms handling only endpoint security has great potential to be successful in the long term.  Looking at the current ecosystem of the industry, with high-end automation tools often intimidating smaller business, contracting out to firms who do custom coding or leverage free and open source (FOSS) security solutions may make sense from an economic standpoint.  I'm not sure how many of these organizations who are hurting are actually already using firms like this, but I suspect most were trying to use their own in-house IT talent to chase down the holes.  There are lots of excellent tactical security teams out there who do more than just investigate specific exploits but also strategize ways to best leverage smaller automation tools mixed with "intuition" based on years and variety of experience to aid these same businesses achieve higher levels of security without wasting their own IT resources.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.