Without the proper intelligence and control, high-maintenance endpoint security agents fail us more often than we know.
Not all endpoint agents are created equal. With some, you can take a set-it-and-forget-it approach. With others, like endpoint security, you need a more thoughtful maintenance strategy to ensure your devices are protected and not creating data security risks for your organization.
Recent research has demonstrated that fundamental endpoint security tools — encryption, client management tools, antivirus, antimalware, and so on — are more high-maintenance than they appear. Without the proper controls and maintenance in place, these agents degrade over time — and fail us often.
High-Maintenance Endpoint Agents
- 42% of a device population has encryption failure at any point given time.
- 20% of devices require at least one client/patch management repair monthly.
- 28% of devices have missing or outdated AV/AM tools.
Endpoint security agents require continuous monitoring
Absolute’s 2019 Endpoint Security Trends Report documents how three of our most conventional and widely-trusted security tools — encryption, client management tools (CMT), and anti-virus/anti-malware (AV/AM) are also the most high-maintenance agents on the endpoint. The research studied more than six million devices over a one-year period and examined one billion change events to see how security solutions performed.
Here’s what we discovered:
1. Encryption gives us a false sense of security
Encryption is often considered to be the most important security solution on the endpoint. We put so much trust in it to protect intellectual property, protected health information, and other sensitive data stored on the endpoint.
Absolute’s study found that encryption tools are regularly broken, disabled, misconfigured, or missing entirely from the endpoint. At any given point in time, over 42 percent of endpoints had an encryption failure and 100 percent of devices experienced encryption failure within one year.
Encryption recovery times are equally as concerning — the average window of vulnerability for unencrypted devices was 12 days, but 30 percent of devices remained unencrypted for more than two months.
The bottom line is that while encryption is important and necessary, it is also a high-maintenance agent that requires persistent controls and continuous monitoring to ensure it is operating effectively at all times. It only takes one failure on the wrong endpoint at the wrong time to cause a data breach.
2. Client and patch management tools are as vulnerable as the clients and agents they patch
The 20 most common client applications published over 5,000 vulnerabilities in 2018. If a device had just half of these applications, it would experience up to 55 vulnerabilities. Thankfully client and patch management tools exist to ensure vulnerabilities are addressed as they arise, right? Wrong. Like encryption, client management and patching tools such as Tanium, Ivanti, SCCM, and AirWatch also break reliably and predictably.
In fact, almost 20 percent of endpoints required at least one client/patch management repair monthly. Of those patching agents requiring repair, 75 percent reported at least two repair events and fifty percent reported three or more repair events.
Client patch management agents are even more high-maintenance than encryption, failing at double the rate encryption agents do.
3. Anti-virus/anti-malware are complex and leave almost one third of devices unprotected at any time
Anti-virus/anti-malware is a must-have security solution on any endpoint. Absolute’s research revealed that, at any point in time, 21 percent of AV/AM tools are outdated and 7 percent are missing altogether. In other words, 28 percent of all endpoints are unprotected on any given day.
The research also found that, on average, there is 1.2 AV/AM agents present on any device. This increases the risk of these agents colliding with or overriding one another. These unsafe interactions among components create dangerous blind spots which make endpoint infrastructures increasingly vulnerable over time.
Enhanced endpoint intelligence leads to more resilient devices
The high-maintenance nature of our most important endpoint security agents is concerning, especially since in the last 12 months, two-thirds of companies have been compromised by attacks that originated on their endpoints.
If basic visibility, control, and resilience measures are not in place, investment in encryption, CMT, AV/AM, or any other security solution is a waste of time and money. Absolute estimated that as much as 40% of all endpoint security spend is squandered on agents that fail often.
Organizations must address the root of this failure by ensuring that existing security controls remain in place and functioning correctly at all times. That’s where Absolute can help. Absolute’s technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. Because it’s the only embedded security solution, it is the only cloud-based platform that maintains a constant, persistent connection to devices, regardless of user behavior or device performance.
This always-on connection ensures high-maintenance endpoint agents always performing as they should.
Interested in taking a deeper dive into the current state of endpoint security? Read the full report: 2019 Endpoint Security Trends Report.