Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics

Most IT and security teams would agree that ensuring endpoint security and network access security applications are running in compliance with security policies on managed PCs should be a basic task. Even more basic would be ensuring these applications are present on devices.

And yet, many organisations still fail to meet these requirements. A new report from Absolute Security, based on anonymised telemetry from millions of mobile and hybrid PCs that run its firmware-embedded solution, found a lot of the market is falling well short of best practice.

For instance, the 2024 Cyber Resilience Risk Index report found that, if not supported by automated remediation technologies, top endpoint protection platforms and network access security applications are failing to maintain compliance with security policies 24% of the time across its sample of managed PCs.

When combined with data showing significant delays in patching applications, Absolute Security argued organisations may be ill-equipped to make the landmark shift to AI PCs, which would require significant resourcing and direct attention away from these foundations of cyber security.

Findings detail basic security tool and patching problems

Absolute Security’s report looked at data from more than 5 million PCs from global organisations with 500 or more active devices running Windows 10 and Windows 11. It uncovered findings that should concern IT and cyber security teams.

Essential endpoint security tools failing to measure up to security policies

Absolute Security looked at how organisations deployed endpoint security platforms like CrowdStrike, Microsoft Defender Antivirus, Microsoft Defender for Endpoint, Palo Alto Networks’ Cortex XDR, Trend Micro’s Apex One, SentinelOne’s Singularity and Sophos’ Intercept X.

SEE: The top 8 advanced threat protection tools and software available in 2024

It also looked at the use of leading zero trust network security applications, including Citrix’s Secure Private Access, Cisco’s AnyConnect, Palo Alto Networks’ GlobalProtect, Zscaler’s Internet Access offering and Netskope’s ZTNA Next.

As well as finding 24% of these apps failed to maintain basic security policy compliance, it found endpoint security tools were not even installed on almost 14% of PCs that were supposed to be under the protection of an EPP. Absolute Security called this “especially noteworthy,” given EPPs are considered the first line of defence for the mobile and hybrid network edge.

Organisations are still falling far behind of their patching ambitions

Organisations are falling weeks or even months behind in critical patching, opening “excessive risk gaps.” While the overall average number of days to patch software vulnerabilities continues to drop — to 74 days for Windows 10 and 45 for Windows 11 —- most industries continue to run well behind their own patching policies. Australia’s Essential Eight changed the requirement in 2023 for patching vulnerabilities in high-risk software from one month to two weeks.

Absolute Security found patching times varied by sector. Education providers and governments have the worst patching records, taking 119 and 82 days respectively, to patch Windows 10 software in 2024, though this is a vast improvement on the 188 and 216 days it required these sectors to patch vulnerabilities in 2023. For Windows 11, education and government were again the two longest patchers, though they were only taking 61 and 57 days, respectively.

The time to patch Windows 10 vulnerabilities by sector.
The time to patch Windows 10 vulnerabilities by sector. Image: Absolute Security

The implications for coming AI PC investments and rollouts

Absolute Security acknowledged a massive “AI replacement wave” could be coming to the enterprise PC market. It revealed only 92% of enterprise PCs have sufficient RAM capacity for AI at present, which it said has been established as being 32GB of RAM. “It is no wonder why IDC forecasts that demand for PCs supporting new innovations in AI will surge from 50 million units to 167 million by 2027, a 60 per cent increase,” the report elaborated.

The problems organisations face with endpoints have implications for how they adopt AI PCs. “Massive deployments are complex and resource intensive. Huge investments in AI-capable endpoint fleets have the potential to divert budget and human resources away from critical IT and security priorities that can leave gaps in security and risk policies. Devices loaded with new software not only add to complexity but also impact performance and security,” it said.

Realising AI PC advantages will depend on executing on security

Absolute Security said the ability for a new breed of AI PCs to handle large data sets and language model processing locally would allow more data to be kept locally on enterprise-owned assets rather than with third-party cloud hosts. “With more localised control over data, organisations can reduce overall risk of data theft and leaks,” the report said.

However, the firm said this would depend on properly functioning security and risk controls on the endpoint devices. The report recommended that enterprises investing in AI-capable PC rollouts take steps to ensure maximum efficiency across IT, security and risk procedures.

Absolute Security warns against over reliance on existing tools

Absolute Security’s telemetry data revealed that organisations are currently using a complex mix of “upwards of a dozen” endpoint security tools and network access security applications per device. They were all essentially governing them by four basic security policies:

  • Ensuring the application is present on the device.
  • Ensuring the device version is correct.
  • Verifying an application is running as expected.
  • Verifying that an application is property signed and has not been tampered with.

Endpoint protection and vulnerability management tools are not foolproof

Absolute Security recommended CISOs and IT deploy solutions that monitor, report and help repair endpoint and network access security applications in as near real-time as possible.

“Fail safes that come standard with applications may not suffice, as malfunctioning or compromised software will not be able to self-mitigate back to an effective state,” it said in the report. “Underpin endpoint and network access security controls with technologies that automate the repair and restoration to an effective state following cyberattacks, technical malfunctions, or deliberate tampering attempts,” it suggested.

When it came to patching systems, Absolute Security warned standard vulnerability management platforms may not verify if assets are in compliance with security policies or performing as expected, even if fully patched. “To avoid errors these solutions do not track, add a layer that expands visibility over software and hardware assets to ensure they are operating as needed,” it said.

Maximise efficiency to minimise impact of AI PC fleet transition

As AI PCs are invested in and rolled out in greater numbers, Absolute Security suggested enterprises take steps to ensure maximum efficiency across IT, security and risk procedures, including repair and restoration of security applications as well as rollout and management processes. Efficiency gains will ensure that IT and security teams are able to focus on providing the maximum defense against threats.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *