Content, Content

Endpoint Security Spending: Research Results

Endpoint security solutions routinely and resolutely fail, said Absolute, an endpoint resilience provider, in a new global study of six million devices and one billion change events.

With endpoint security expected to occupy one-quarter of the estimated $130 billion enterprises will spend on security next year, how can a solution relied on by so many enterprises end up so unreliable? asks Absolute.

There’s a good reason why nearly three-quarters of enterprise security breaches begin on the endpoint, according to Absolute. “With an average of 10 security agents on each device and over 5,000 common vulnerabilities and exposures found on the top 20 client applications in 2018 alone, the endpoint has never been more fragile,” the vendor wrote in its 2019 Endpoint Security Trends Report.

Defending against the plethora of new security threats emerging daily has forced enterprise security teams to layer on more endpoint controls, said Absolute. The corresponding complexity has eroded performance and left the endpoint exposed. It’s the tools and agents that “reliably and predictably” fail, the report said. “Every additional security tool only amplifies complexity and increases the probability of failure and decay, in turn, exposing the dangers of equating IT security spending with security and risk maturity,” Absolute said.

Here are the study’s primary findings:

  • 42 percent of all endpoints are unprotected at any given time.
  • Two percent of endpoint agents fail per week, meaning 100 percent of endpoint security tools eventually fail – no tool is immune.
  • 28 percent of all endpoints are unprotected by anti-malware with 21 percent of these endpoints unprotected due to outdated or broken agents and 7 percent due to missing agents.
  • 100 percent of devices will have failed encryption controls at least once within one year.
  • Almost 1 in 5 devices become unreachable due to client management tool failures.
  • Client patch management agents fail around 50 percent more often than encryption agents.

The data led Absolute to conclude that much of endpoint security spend is ultimately voided. The false sense of security endpoint solutions provide may be enterprises' biggest organizational risk, said Christy Wyatt, Absolute's chief executive. “This complexity of the landscape is making it increasingly difficult for IT and security to have visibility and control,” said Wyatt. “Our research shows the vulnerability that is introduced when critical security controls collide or decay over time. In other words, increased security spending does not increase safety,” she said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.