Endpoint security automation a top priority for IT professionals
Source: Procre8 for SANS Institute , Author: Posted by BI-ME staff
Posted: Wed July 4, 2018 12:25 pm

UAE.  Global cyber security training company, the SANS Institute, today released its 2018 SANS Endpoint Security Survey report, which found that automating endpoint detection and response processes is the top priority for IT professionals trying to put actionable controls around their endpoints.

The survey questioned IT professionals globally on how they approach endpoint security within their organisations, with endpoints referring to devices connecting to networks such as desktop computers, employer-owned laptops, network devices, cloud-based systems and IoT devices.

“The diversity and quantity of endpoints in the modern enterprise are driving the need for more automation and predictive capabilities,” says survey author and SANS Analyst Lee Neely. “While organisations are purchasing solutions to keep ahead of the emerging cyber threats, they appear to fall short on implementing the key purchased capabilities needed to protect and monitor the endpoint,” Neely continues.

Forty-two percent of the IT professionals surveyed said their endpoints had been breached; 82% of that group said their breaches involved desktops, while 69% cited corporate laptops and 42% claimed involvement of employee-owned laptops (42%), which are generally not well-covered in security programmes. The top threat vectors for these exploited endpoints were web drive-by (63%), social engineering/phishing (53%) and ransomware (50%).

However, while respondents are relying on the security capabilities they currently have to protect these endpoints, often those technologies are not fully implemented.
For example, 50% have acquired next-gen antivirus but 37% have not implemented the capabilities.

Additionally, 49% have malware-less attack detection capabilities, but 38% of these have not implemented them. In some cases, it appears that, while respondent organisations were able to procure these types of newer technologies, they lacked the resources to implement them.

This gap in implementation indicates issues such as incomplete strategies, a leadership shortfall or a failure in project management related tools and processes. With 84% of endpoint breaches including more than one endpoint, respondents have a vested interest in improving visibility, detection and response through more automated, integrated endpoint protection, detection and response technologies.

Automating and integrating workload across the detection and response cycle is critical as endpoints of every type are under constant attack. Neely concludes that more automation enables the security operations centre (SOC) to stay abreast of endpoint-related threats, while addressing a major issue cited by respondents, that of a lack of staffing and resources to manage and monitor their many endpoint-related toolsets.

To view the full results of the survey, which was sponsored by Carbon Black, CrowdStrike, Endgame, ForeScout, Malwarebytes, McAfee and OpenText, click on this link.

Photo Captions:
1. (above)  Lee Neely, Analyst at SANS
2. (inset)    For illustration purpose only (File photo)

About the report
The Endpoint Protection and Response Report shares the findings of a survey conducted between March and April 2018 by SANS Institute.

277 IT professionals responded to the survey, comprising security analysts and administrators, IT security and operations managers and executives. These professionals represent companies primarily headquartered in the United States, but with endpoints around the globe and in multiple locations, with the top three locations being the US, Europe and Asia.

A variety of industry segments were represented in the survey, including banking and finance, technology, government, healthcare, manufacturing and telecoms agencies.

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide.

Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner’s qualifications via over 30 hands-on, technical certifications in cyber security.

The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center.

At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

For more information, please visit www.SANS.org.



date:Posted: July 20, 2018
UAE. Burglars can't steal your property if they can't break into your house. Here are some extra precautions you should take before leaving for your holidays.
date:Posted: July 19, 2018
UAE. The technologies most valuable to national defence are those that maximise the nation's freedom to develop and use its military capability as it sees fit.
date:Posted: July 18, 2018
UAE. Predictive deep learning technology looks for suspicious attributes of malicious code and learns as it goes to provide constantly evolving protection for servers - even if systems are unpatched.