Content, Content, Security Program Controls/Technologies, Endpoint/Device Security

SANS Endpoint Protection Survey: Automation ‘Top Priority’ for IT Pros

Automation is the "top priority" for organizations that want to protect their endpoints against malware, ransomware and other cyber threats, according to a survey of IT professionals conducted by information security training firm SANS Institute.

Key findings from the SANS "2018 Survey on Endpoint Protection" included:

  • 17 percent of endpoint breaches involved 10 to 24 endpoints, 11 percent involved 100 to 249 endpoints and 9 percent involved 25 to 49 endpoints.
  • 58 percent of IT professionals indicated automated incident response and remediation workflows, artificial intelligence (AI) and machine learning are important. However, these professionals have not implemented automated incident response and remediation workflows, AI or machine learning as part of their cybersecurity efforts.
  • 63 percent reported remediation of a single endpoint takes an average of 24 hours or less.
  • 67 percent can remediate a security incident in under 7 days, yet only 45 percent use fully automated response processes as part of their remediation efforts.
  • 84 percent said their endpoint breaches included more than one endpoint.

The top threats to organizations include web-based malware, social engineering and ransomware attacks, all of which are focused on user endpoints, SANS indicated. However, endpoint security tools are available to help organizations address these threats early in the cybersecurity kill chain.

How to Protect Endpoints Against Cyberattacks

SANS offered the following recommendations to help organizations safeguard their endpoints against cyberattacks:

  • Identify your weaknesses. Understand problem areas and evaluate potential solutions. Also, use the MITRE ATT&CK matrix, an open source tool that provides insights into attacker techniques and technologies, or another security framework to develop and deploy a cybersecurity strategy.
  • Manage your devices. Configure and maintain devices operating in accordance with security policies and centralized regulation.
  • Leverage machine learning and analytics. Use machine learning and analytics to accelerate cyberattack remediation, restrict or block dangerous behaviors and orchestrate and update a response strategy.
  • Harden your endpoints. Identify, install and configure endpoint security solutions, as well as establish baseline readings.
  • Improve endpoint detection and response. Automatically feed endpoint threat intelligence into incident detection and response systems; this reduces the time to detect, respond to and remediate cyberattacks.

Endpoint protection tools help organizations shorten the mean time to address cyber threats, according to SANS. If organizations leverage endpoint security analysis and automation tools, they also can validate that a cyberattack has been remediated.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.