Enterprises are routinely buying next generation endpoint protection that they don't actually fully implement, according to the latest research from the SANS Institute.
The 2018 SANS 'Endpoint Protection and Response' report reveals that 42 percent of those surveyed admitting their endpoints had been breached, with the most popular threat vectors for these attacks being web drive-by (63 percent), social engineering/phishing (53 percent) and ransomware (50 percent).
Yet, while 50 percent of the organisations surveyed had acquired next generation antivirus, 37 percent of them had not implemented these next-gen capabilities. Similarly, some 49 percent had purchased security solutions with malware-less attack detection that 38 percent had failed to use.
The two sets of statistics are unlikely to be a coincidence when you consider that 84 percent of endpoint breaches involve multiple endpoints. You would imagine that organisations investing in next generation defences understand the interconnect between improved threat visibility, detection and response with a stronger security posture. So why is there actually an implementation disconnect here? Surely it can't be money, if there was budget to buy the solution in the first place?
Actually, it could be; at least in part. Report author and SANS analyst Lee Neely, in conversation with SC Media UK, says that "we found that while management provided the resources to procure the solutions and implement the core capabilities, the necessary support in terms of budget, direction and staff were not provided." Neely pointed to the fact that next-gen solutions tend to require more by way of education and demonstration at management level for them to "understand the potential ROI and support their implementation."
Rick McElroy, a security strategist with Carbon Black, isn't at all surprised. "Historically organisations have struggled to operationalise all kinds of technology" he explains, adding "this is not 'next-gen' related, but more due to the fact that any new technology becomes hard to adopt and operationalise."
So, what needs to change to prevent wasted expenditure on security resources that are not then fully implemented? "Better planning with appropriate timelines prevents solutions remaining unused" argues Zeki Turedi, a technology strategist at CrowdStrike. "The best next-generation tools should come with the automation, intelligence and designed with simplicity in mind" Turedi continues "to enable immediate deployment and allowing for a quicker ROI."
Of course, cyber-security professionals are always going to encourage the purchase of solutions providing the broadest support for both current and future threats. Equally, the challenge is always going to remain in implementing them successfully. "The implementation team needs support, resources, funding and direction to ensure that features are implemented" Lee Neely insists "that team also needs to include participation from those stake holders that identified the need for the features in the first place."
Not doing so leaves the enterprise with a weaker security posture than before the new protection was acquired. Why so? "Failing to properly deploy these security solutions not only gives a false sense of security, but also leaves the door open for threats" says
Wallace Sann, vice president of global systems engineering at. ForeScout. Sann told SC Media UK that as security tools are intended to be deployed completely in order to capitalise on their full capabilities and protect organisations from bad actors, and it just takes one opportunity for one of those bad actors to infiltrate a network without complete deployment it's just a matter of time until a breach occurs.
"Investing in cyber-security solutions, but not fully implementing them, is like buying a bike helmet but not properly fastening it when in use" Sann concludes "you might give the impression of taking your safety seriously but, at the end of the day, the helmet won't properly protect you in a critical situation."