Help Net Security published an article at the end of January that highlighted several Ponemon Institute findings and the fact that “Organizations are not making progress in reducing their endpoint security risk, especially against new and unknown threats…” According to a Ponemon Institute study, 68% of IT security professionals surveyed admitted that their companies experienced one or more endpoint attacks that compromised data assets and/or IT infrastructure, increasing from 54% of those surveyed in 2017.
The big thing that was revealed in the study its that of the incidents that were successful, 80% of them were caused by new or previously unknown malware that either exploited undisclosed vulnerabilities or that used malware variants that signature-based solutions were unable to recognize.
To make things worse, these increased attacks also inflicted more business damage than before, with the Ponemon Institute findings showing that that the average cost for endpoint breaches increased by more than $2MM from 2018 numbers to sit at an average of $9MM in 2019.
According to Larry Ponemon, Chairman of the Ponemon Institute, “Over half of cybersecurity professionals say that their organizations are ineffective at thwarting major threats today because their endpoint security solutions are not effective at detecting advanced attacks.”
This is definitely not a good sign, especially as more and more businesses move their networks and digital assets to the cloud.
What could be a silver lining in this ongoing fight against malware is that as organizations continue the shift to Windows 10, with Windows Defender AV built into the operating system, enterprise security strategies are changing. Ponemon reports that 80% of organizations are using, or are planning to use, Defender AV for savings over their legacy anti-virus solutions. These savings are then being reallocated towards adding a layer of advanced threat protection in endpoint stacks along with an increase in IT resources.
Although Endpoint Detection and Remediation (EDR) adoption is increasing as a way to increase advanced threat protection for endpoints, the study showed that organizations are finding that costly customization and false-positive alerts are significant challenges in their EDR adoption. Those who have not adopted these solutions state that they have a lack of confidence in EDRs ability to prevent zero-day threats. Security staffing limitations are also a top reason why EDR solutions are not adopted.
At Wedge Networks, we’re gearing up to be part of the changing security strategies. Organizations can add that extra level of threat protection with the Wedge Advanced Malware Blocker (WedgeAMB), a product from Wedge’s Absolute Real-time Protection (WedgeARP) line. WedgeAMB combines: 1. Deep Content Inspection, so that it can see ALL content going through the network and improve on detection accuracy, 2. Orchestration of the industry’s best-of-breed security services, to cover all advanced threats, 3. Artificial Intelligence and Machine learning, to detect never-before-seen and zero-day malware, and 4. SubSonic and GreenStream – hyper streaming technologies, so that malware detection and blocking can occur in Real-time with no perceptible latency.
In addition, to help increase EDR adoption, when WedgeARP is added to the mix, it becomes the tool of choice for Managed Detection and Response (MDR) providers. With WedgeARP and a capable EDR system in place, organizations can access a potent solution that can Detect and Block malware in Real-time (instead of waiting for minutes and hours for results to come from a sandbox), while allowing MDR providers to offer Real-time remediation through the interactions with their EDR system. WedgeARP, combined with EDR, greatly reduces false-positive alerts, provides EDR solutions with the ability to prevent zero-day threats, and, with its built in analytics and alerts, greatly reduces the IT resources needed to manage the solution.
So, although the Ponemon Institute report continues to paint a bleak pictures of the state of endpoint protection, there are things that organizations can and SHOULD do in order to help themselves. If your organization is concerned about its endpoint protection capabilities, contact us at: info@wedgenetworks.com. Wedge offers its WedgeAMB for FREE on a 90 day trial. There is no time like the present to beef up your endpoint security!