It’s become a vicious cycle. Budgets grow, tools are purchased, and IT workloads expand. But in the end, IT teams are still forced to scramble and mega data breaches continue. What is going on?
Security teams evolve and improve, but so do the cybercriminals who are equally as determined to pilfer your data. In the forever game of cat-and-mouse, the answer for many organizations has come in the form of increased security budgets and more tools on devices.
Is this fear propelled InfoSec budget explosion working? The evidence – overwhelmingly – says no. In fact, increased security spending actually creates enterprise risk.
Despite growing budgets and a heightened awareness of cybercrime, the majority of IT security teams remain unsatisfied with their results. Absolute is releasing a new report that represents more than six million endpoints studied over a one year period. In it, nearly three-fourths of respondents say they have little or no confidence in their ability to prevent and mitigate risks. The data also shows more than half of ‘high-security spenders’ have suffered a data breach.
There are many reasons behind the high no-confidence vote and the report offers an interesting deeper dive into that topic. One obvious driver though is the strong correlation between endpoint complexity and increased risk.
Regardless of the security tools you use, all of them degrade over time – no tool is immune. Patches fail. Encryption breaks. Antivirus falls out of date. Not only are these failures inevitable, but they also happen faster than you think too. The more security tools you use and devices you manage, the more rampant the problem. No matter how many new solutions you layer on top. Rather, the data says, because of the new solutions layered on top.
The research found that devices can have 10 or more endpoint security agents installed — including encryption, AV/AM, and client/patch management options. With all of these tools, there are virtually unlimited combinations on devices and there is no way to know which ones don’t play nicely together. Until they break.
How do you know if this is a problem for your organization? Better yet, how do you address it?
First, because you can’t secure what you can’t see, examine your asset management program. It should go beyond a quick asset inventory to include a comprehensive look at asset intelligence. This approach is an evolution from a simple catalog of your machines and include an identification of the business function for every resource.
Then, take stock of your device fleet’s Endpoint Hygiene (Health) Coefficient. I’ve described this idea in more detail in an earlier post (Read: NIST Cybersecurity Framework: Second, Build A Moat Part 2) but simply put, it’s a way to score your device fleet at a single point in time against your organization’s definition of endpoint hygiene on a scale from 0 to 1.
When your endpoint population is reckoned at “0” this indicates that no single device has any controls or configurations aligning with my policy or security intent. A hygiene coefficient of “1” signals that every device has every control, configuration, and policy-granting behavior in place. Both extremes are rare of course – you’ll typically fall somewhere in the middle.
Finally, you need to know when agents break and have the ability to repair it immediately. Our data shows that 100 percent of endpoint security controls fail eventually and 28 percent of devices are unprotected at any point in a year. And no one knows. These blind spots keep IT and security leaders from being able to protect organizations and leave them increasingly vulnerable over time.
There is no one sure-fire way to keep hackers out of your data. However, it is possible to prevent security incidents by knowing what you have on your endpoints, removing unnecessary agents to reduce complexity, and ensuring that the basic protection tools are working as intended. Endpoint resilience is possible when you have visibility and control.
We talked in greater detail about the state of our industry, security tool degradation and what to do about it in a webinar with Forrester Principal Analyst, Renee Murphy titled The State of Endpoint Security in 2019. Listen in on the results of our new study and hear how endpoint security can flourish by persisting the controls, apps, and agents you already own.