Endpoints Are Woefully Insecure, But There's No Budget to Fix It

74% of respondents put endpoints such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network – but only 30% have a dedicated endpoint security budget
74% of respondents put endpoints such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network – but only 30% have a dedicated endpoint security budget

Despite a majority of vice president and C-level IT leaders indicating a heightened fear of a security breach in the coming year (86%), a new survey has found that IT security professionals believe that their endpoint security solutions don’t provide protections or detections adequate for today’s rapidly shifting security environment.

The findings, from Promisec, indicate that 74% of respondents put endpoints such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network – but only 30% have a dedicated endpoint security budget.

Patching is a chronic issue: only 32% say they are ‘well prepared’ for a cyber-attack, and 56% of respondents said that patching, remediation, and compliance are the biggest challenges relative to endpoint security. Only 32% of companies saying that they were able to complete Microsoft patch updates in less than a week even though these updates play key role eliminating known vulnerabilities. Moreover, 34% said it took up to a month, 19% said it look over a month and 14% “never” achieved full rollout of updates. Concerningly, 76% say the number of endpoints is rising, which can only add to the overhead in the patch cycles.

The survey also found that about a third (33%) of executive IT leaders surveyed said they have advanced endpoint protections in place, but 75% indicated they have a need for deeper endpoint analytics to assist in threat detection. Specifically, more than half of respondents said there is a bigger need for SIEM and/or advanced threat detection and correlation systems, categorizing it as ‘very important’ as endpoints are a common attack point and monitoring these points of entry are vital to identifying an attack and taking steps toward remediation.

An overwhelming majority of vice president and C-level IT Leaders (83%) said anti-virus solutions are not part of their future. In fact, 58% of respondents said traditional antivirus defenses no longer address advanced targeted threats and only 19% believe they will play a vital role going forward.

“The security landscape continues to evolve in response to a new breed of more complex and sophisticated threats, where traditional blocking and prevention mechanisms, such as firewall, antivirus and anti-malware software, are simply no longer enough to keep our networks safe,” said Dan Ross, CEO of Promisec, in a statement. “Our survey indicates that companies have begun to embrace endpoint security as a critical part of their total security portfolio, but have yet to adopt a robust endpoint monitoring and remediation infrastructure to address today’s most severe threats.”

Companies are struggling in particular to keep up with advanced and emerging threats using traditional measures. A full 58% said employees are reasonably compliant and use caution, but believe they could do a better job establishing and enforcing basic protocols. However, about 55% of respondents say they are “not confident” that the security measures they have in place will protect against all scenarios. And 45% of respondents said there has been only a ‘modest increase’ in their companies stepping up focus on security in response to threats, noting that there are still possible gaps in security.

Also worrying, given the continued penetration of employee-owned mobile devices into enterprise environments, 40% of respondents said that they are only ‘modestly’ keeping up with BYOD and mobility trends as the number of endpoints increase on their network.

What’s Hot on Infosecurity Magazine?