At the beginning of 2018, the security research team at Absolute began to examine a widely overlooked conundrum facing IT and security professionals around the world:
Spending on security products, in particular, endpoint security products, was expanding. However, IT and security teams reported little confidence in their ability to protect the enterprise.
And they had a point: despite the spending frenzy, endpoints are still the source of more frequent and more severe breaches.
It didn’t make sense. While the global spend on IT security is predicted to total a whopping $128 billion by 2020, our perception of security-resilience is in decline. And for good reason — over two-thirds of companies are still being compromised by attacks that originate on the endpoint.
We asked ourselves, “Why is the investment not paying off?” Indeed, Forrester and Gartner have been warning about the dangers of equating IT security spending with security and risk maturity for several years. Yet despite these warnings, IT and security buyers continue to throw money at the problem.
But, if the spending playbook would have worked, then the spending playbook would have work. It doesn’t, it never has. So, Absolute’s research team went on a mission to find the answer to a burning question:
What is happening on the endpoint that’s causing our expensive endpoint security solutions to fail us?
Our research team had access to anonymized data from over one billion control events on over six million devices from 12,000 organizations across North America and Europe. So we embarked on a year-long journey to answer this question that then went on to spark the 2019 Endpoint Security Trends Report that shook up the cybersecurity world.
The Endpoint Resilience Index
Our researchers built and applied an Endpoint Resilience Index to the data sample to establish a baseline. We then monitored the results over a 12-month period to see how security solutions performed during that timeframe.
The Endpoint Resilience Index applies the method used by the World Economic Forum’s Environmental Performance Index to track the overall direction of key variables of quality.
To provide further context to the quantitative data, we commissioned a third-party research organization to conduct in-depth, exploratory interviews with senior executives from Fortune 500 organizations. This year-long analysis led to three main discoveries:
- 40 percent of endpoint security spend is voided on solutions that don’t work (due to missing and broken agents or disabled controls)
- The effectiveness of endpoint security agents decays over time — reliably and predictably
- Security gaps created by control decay is IT leadership’s most severe vulnerability
If Endpoint Security Worked, then Endpoint Security Would Work
The biggest, scariest, most eye-watering discovery from the analysis was that the security solutions that we rely on to protect our devices — and the data that lives on them — fail often. It’s no wonder we don’t trust them.
- 100% of devices that experienced an encryption failure in one year
- 19% Failed agents requiring at least one repair every 30 days
- 28% Endpoints unprotected at any given time
No devices lasted a year without an encryption failure, one-third of the sample had no functioning endpoint protection at any given time, and one-fifth of them required at least one repair within 30 days. Not very comforting, right?
In our estimation, the biggest contributing factor to the frequent failure rate is endpoint complexity.
Endpoint Complexity Exacerbates the Issue
Our findings demonstrated that when it comes to endpoint security, less is more. We found that devices can have 10 or more endpoint security agents installed. Nine of those agents come from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
This means that multiple technologies exist on any given endpoint to perform the same task. The likelihood that these agents will conflict and collide with one another is high. This creates a poor user experience and — more importantly — creates blind spots for security teams and disrupts key security controls.
| “We should be testing this stuff before we put it out there. If we have 10 to 12 agents per device, we need to understand how they’re interacting with one another before they’re released into the wild. How do we know we’re not completely poisoning the well? Because that is an expensive well to unpoison.”
Re-establishing Confidence in Endpoint Security
Despite having a huge range of tools and technologies at our disposal — all endorsed by analyst quadrants, waves, and grids — we are failing to move the needle on endpoint security must be immense. The frustration is immense.
Endpoint security tools should not be allowed to take a day off and abandon their posts when they’re needed most. And if they do, IT and security professionals should at least know about it. We need to know when the tools we depend on are not dependable.
Thankfully, there’s one security watchdog that never sleeps — and it can ensure your other tools stay alert also. Absolute’s Persistence® technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. This persistent connection enables IT and security professionals to keep a close eye on existing agents and controls to ensure they’re always performing as they should. And then automatically self-heal when they break. It can even be extended to other endpoint security tools to ensure they self-heal if they’re missing or broken. So you can maximize the value of your existing investments.
Just over 18 months ago, our security research team took the initiative to face IT’s biggest quandary head on and address our most burning question: What is happening on the endpoint that’s causing our expensive endpoint security solutions to fail us?
Instead of accepting the conundrum and moving on, our tenacious team dug deep to shine a light on what’s happening on the endpoint.
The results speak for themselves. It’s now clear why IT and security professionals are still losing sleep about endpoint security — and spending more money in an attempt to quell their fears. Now that we better understand the problem, we’re in a position to address it. Talk to Absolute to see how you can gain greater persistence, intelligence, and resilience on your endpoints.
If you’re interested in taking a deeper dive into the state of endpoint security, you can read the full report: 2019 Endpoint Security Trends Report.