76% of enterprises increased their use of endpoint devices since the beginning of the COVID-19 pandemic, supporting their remote, work-from-home (WFH) and hybrid workforces globally.
66% of enterprises believe securing their networks and infrastructure requires a more focused, proactive approach to endpoint resilience that doesn’t leave endpoint security to chance.
Cybersecurity leader’s top challenges today are maintaining compliance, enforcing security standards, and understanding the health of security controls on each endpoint.
Just 38% of IT leaders can track the ROI of their cybersecurity investments, accentuating the need for more resilient, persistent endpoints that provide greater visibility and control.
These and many other fascinating insights are from Forrester Consulting’s latest study on endpoint security, Take Proactive Approach To Endpoint Security, completed in collaboration with Absolute Software. The study is noteworthy for its impartial, accurate view of the current state of endpoint security and the challenges IT teams face in creating greater endpoint resilience. The study’s methodology is based on 157 interviews with IT and security professionals located in the U.S. and Canada who are decision-makers in endpoint protection, with interviews completed in November and December 2020.
Key insights from the study include the following:
Security leaders are reprioritizing endpoint automation efforts with a strong focus on sensitive or at-risk data. In 2021 automation efforts will focus on sensitive or at-risk data (60%), geolocation (52%), security control health (48%), web-based application usage (36%), patch management (35%), and hardware inventory (32%). Each of these technologies is integral to supporting remote workers. There’s also a significant shift from how automation strategies were prioritized before the pandemic, as the graphic from the study below illustrates:
Maintaining compliance, enforcing security standards, understanding security controls’ health, and measuring security investments are the top challenges to managing endpoint security today. The majority of enterprises, 59%, cannot maintain or prove compliance of endpoints at any given time. Lack of compliance drags down the efficiency of endpoint security efforts, making an entire network more vulnerable. Just over half of enterprises can’t enforce security standards across endpoints or don’t know today’s health. The most surprising finding of the study: 62% of enterprises cannot measure the ROI of their security investments – with half (31%) – strongly disagreeing with how measurable security ROI spend is.
Enterprises see four key areas where endpoint management could improve today. Forrester asked enterprise IT and security leaders which capabilities need to be added to endpoint management systems to make them more effective. The executives first focused on securing sensitive and at-risk data, a sure sign enterprises are moving to a more data-centric cybersecurity model in the future. That’s good news as cyber attackers want to penetrate software supply chains and take control of systems managing data assets. Managing devices remotely at scale is second, which is also a frequent challenge IT and security teams encounter when attempting to patch endpoints. Having an unbreakable digital tether to devices is solving the scale issue while also providing greater endpoint resiliency, visibility, and control.
The pandemic forced every business to become more innovative in supporting work-from-home and hybrid work environments, improving endpoint security an immediate priority. What’s needed is an unbreakable digital tether to all devices, capable of delivering complete visibility and control, enabling real-time insights into the state of those devices, and allowing them to repair security controls and productivity tools autonomously. Of the many solutions available for securing endpoints today, the ones that take a firmware-embedded approach to secure endpoints are proving the most reliable. The more integrated an endpoint is to firmware, the more likely self-healing agents will be reliable while also providing complete visibility across every device on or off the network. Absolute’s firmware-embedded approach is noteworthy in its track record of securing endpoints during the pandemic.
Bottom Line: Today’s largely-distributed enterprises need to make sure they are putting endpoint security first in 2021– which includes closely managing every stage of the device lifecycle, from deployment to decommission, and ensuring all sensitive data remains protected.
There’s a looming paradox facing nearly every organization today of how they’ll secure thousands of remote endpoints without having physical access to devices, and without disrupting worker productivity. Whether there’s the need to retire hardware as part of down-sizing or cost-cutting measures, or the need to equip virtual teams with newer equipment more suitable for long term work-from-home scenarios, this is one of the most pressing issues facing CISOs and CIOs today.
Wanting to learn more about how their customers are tackling their endpoint security challenges and how their companies are helping to solve it, I sat down (virtually) with Absolute Software’s President and CEO Christy Wyatt and Matthew Zielinski, President of North America Intelligent Devices Group at Lenovo. The following is my interview with both of them:
Louis Columbus:Christy and Matt, thanks so much for your time today. To get started, I would like each of you to share what you’re hearing from your customers regarding their plans to refresh laptops and other endpoint devices in 2021.
Christy Wyatt: We’re seeing a strong desire from organizations to ensure that every individual is digitally enabled, and has access to a screen. In some cases, that means refreshing the hardware they already have in the field, and in other cases, that means buying or adding devices. From the endpoint security standpoint, there’s been a shift in focus around which tools matter the most. When laptops were primarily being used on campus, there was a certain set of solutions to monitor those devices and ensure they remained secure. Now that 90% of devices are out of the building, an entirely different set of capabilities is required – and delivering those has been our focus.
Matt Zielinski: We are seeing historic levels of demand from consumers, as many are transitioning from having maybe one or two devices per household to at least one device per person. We’re also seeing the same levels of demand on both the education and enterprise side. The new dynamic of work-from-anywhere, learn-from-anywhere, collaborate-from-anywhere underscores that the device hardware and software need to be current in order to support both the productivity and security needs of hugely distributed workforces. That’s our highest priority.
Louis: Where are CISOs in their understanding, evaluation, and adoption of endpoint security technologies?
Christy: The journey has been different for the education market than for the enterprise market. Most enterprise organizations were already on the digital path, with some percentage of their population already working remotely. And because of this, they typically have a more complex security stack to manage; our data shows that the total number of unique applications and versions installed on enterprise devices is nearly 1.5 million. What they’ve seen is a trifecta of vulnerabilities: employees taking data home with them, accessing it on unsecured connections, and not being aware of how their devices are protected beyond the WiFi connection and the network traffic.
In the education space, the challenges – and the amount of complexity – are completely different; they’re managing just a small fraction of that total number of apps and versions. That said, as the pandemic unfolded, education was hit harder because they were not yet at a point where every individual was digitally connected. There was a lot of reliance on being on campus, or being in a classroom. So, schools had to tackle digital and mobile transformation at the same time – and to their credit, they made multiple years of progress in a matter of weeks or months. This rapid rate of change will have a profound effect on how schools approach technology deployments going forward.
Matt: Whether in enterprise or education, our customers are looking to protect three things: their assets, their data, and their users’ productivity. It’s a daunting mission. But, the simplest way to accomplish it is to recognize the main control point has changed. It’s no longer the server sitting behind the firewall of your company’s or school’s IT environment. The vulnerability of the endpoint is that the network is now in the user’s hands; the edge is now the primary attack surface. I think CISOs realize this, and they are asking the right questions… I just don’t know if everyone understands the magnitude or the scale of the challenge. Because the problem is so critical, though, people are taking the time to make the right decisions and identify all the various components needed to be successful.
Louis: It seems like completing a laptop refresh during the conditions of a pandemic could be especially challenging, given how entire IT teams are remote. What do you anticipate will be the most challenging aspects of completing a hardware refresh this year (2021)?
Matt: The PC has always been a critical device for productivity. But now, without access to that technology, you are completely paralyzed; you can’t collaborate, you can’t engage, you can’t connect. Lenovo has always been focused on pushing intelligent transformation as far as possible to get the best devices into the hands of our customers. Beyond designing and building the device, we have the ability to distribute asset tags and to provide a 24/7 help desk for our customers whether you’re a consumer, a school, or a large institution. We can also decommission those devices at the end, so we’re able to support the entire journey or lifecycle.
The question has really become, how do you deliver secure devices to the masses? And, we’re fully equipped to do that. For example, every Lenovo X1 Carbon laptop comes out of the box with Lenovo Security Assurance, which is actually powered by Absolute; it is in our hardware. Our customers can open a Lenovo PC, and know that it is completely secure, right out of the box. Every one of our laptops is fortified with Absolute’s Persistence technology and self-healing capabilities that live in the BIOS. It’s that unbreakable, secure connection that makes it possible for us to serve our customers throughout the entire lifecycle of device ownership.
Louis:Why are the legacy approaches to decommissioning assets falling short / failing today? How would you redesign IT asset-decommissioning approaches to make them more automated, less dependent on centralized IT teams?
Christy: There have been a few very visible cases over the past year of highly regulated organizations, experiencing vulnerabilities because of how they decommissioned – or did not properly decommission – their assets. But, I don’t want anyone to believe that that this is a problem that is unique to regulated industries, like financial services. The move to the cloud has given many organizations a false sense of security, and it seems that the more data running in the cloud, the more pronounced this false sense of security becomes. It’s a mistaken assumption to think that when hardware goes missing, the security problem is solved by shutting down password access and that all the data is protected because it is stored in the cloud. That’s just not true. When devices aren’t calling in anymore, it’s a major vulnerability – and the longer the device sits without being properly wiped or decommissioned, the greater the opportunity for bad actors to take advantage of those assets.
The other piece that should be top of mind is that once a device is decommissioned, it’s often sold. We want to ensure that nothing on that device gets passed on to the next owner, especially if it’s going to a service or leasing program. So, we’ve concentrated on making asset decommissioning as precise as possible and something that can be done at scale, anytime and anywhere.
Matt: Historically, reclaiming and decommissioning devices has required physical interaction. The pandemic has limited face-to-face encounters, so , we’re leveraging many different software solutions to give our customers the ability to wipe the device clean if they aren’t able to get the asset back in their possession, so that at least they know it is secure. Since we’re all now distributed, we’re looking at several different solutions that will help with decommissioning, several of which are promising and scale well given today’s constraints. Our goal is to provide our enterprise customers with decommissioning flexibility, from ten units to several thousand.
Louis:Paradoxically, having everyone remote has made the business case for improving endpoint security more compelling too. What do you hear from enterprises about accelerating digital transformation initiatives that include the latest-generation endpoint devices?
Christy: The same acceleration that I spoke about on the education side, we absolutely see on the enterprise side as well, and with rapid transformation comes increased complexity. There has been a lot of conversation about moving to Zero Trust, moving more services to the cloud and putting more controls on the endpoint – and not having these sort of layers in between. Our data tells us that the average enterprise device today has 96 unique applications, and at least 10 of them are security applications. That is a massive amount of complexity to manage. So, we don’t believe that adding more controls to the endpoint is the answer; we believe that what’s most important is knowing the security controls you have are actually working. And we need to help devices and applications become more intelligent, self-aware, and capable of fixing themselves. This concept of resiliency is the cornerstone of effective endpoint security, and a critical part of the shift to a more modern security architecture.
Matt: I think there are two major forcing functions: connection and security. Because we are all now remote, there’s a huge desire to feel connected to one another even though we aren’t sitting in the same room together. We’re modifying our products in real-time with the goal of removing shared pain points and optimizing for the new reality in which we’re all living and working. Things like microphone noise suppression and multiple far field microphones, so that if the dog barks or kids run into a room, the system will mute before you’ve even pressed the mute button. We’re improving camera technology from a processing standpoint to make things look better. Ultimately, our goal is to provide an immersive and connected experience.
Security, however, transcends specific features that deliver customer experiences – security is the experience. The features that make hardware more secure are those that lie beneath the operating system, in the firmware. That is why we have such a deep network of partners, including Absolute. Because you need to have a full ecosystem, and a program that takes advantage of all the best capabilities, in order to deliver the best security solution possible.
Louis:How is Absolute helping enterprise customers ensure greater endpoint security and resiliency in 2021 and beyond?
Christy: We spend a lot of time sitting with customers to understand their needs and how and where we can extend our endpoint security solutions to fit. We believe in taking a layered approach – which is the framework for defense in-depth, and an effective endpoint security strategy. The foundational piece, which we are able to deliver, is a permanent digital tether to every device; this is the lifeline. Not having an undeletable connection to every endpoint means you have a very large security gap, which must be closed fast. A layered, persistence-driven approach ensures our customers know their security controls are actually working and delivering business value. It enables our customers to pinpoint where a vulnerability is and take quick action to mitigate it.
Lenovo’s unique, high value-add approach to integrated security has both helped drive innovation at Absolute, while also providing Lenovo customers the strongest endpoint security possible. Their multilayer approach to their endpoint strategy capitalizes on Absolute’s many BIOS-level strengths to help their customers secure every endpoint they have. As our companies work together, we are both benefitting from a collaboration that seeks to strengthen and enrich all layers of endpoint security. Best of all, our shared customers are the benefactors of this collaboration and the results we are driving at the forefront of endpoint security.
Louis:How has the heightened focus on enterprise cybersecurity in general, and endpoint security specifically, influenced Lenovo’s product strategy in 2021 and beyond?
Matt: We have always been focused on our unique cybersecurity strengths from the device side and making sure we have all of the control points in manufacturing to ensure we build a secure platform. So, we’ve had to be open-minded about endpoint security, and diligent in envisioning how potential vulnerabilities and attack strategies can be thwarted before they impact our customers. Because of this mindset, we’re fortunate to have a very active partner community. We’re always scouring the earth for the next hot cybersecurity technology and potential partner with unique capabilities and the ability to scale with our model. This is a key reason we’ve standardized on Absolute for endpoint security, as it can accommodate a wide breadth of deployment scenarios. It’s a constant and very iterative process with a team of very smart people constantly looking at how we can excel at cybersecurity. It is this strategy that is driving us to fortify our Lenovo Security Assurance architecture over the long-term, while also seeking new ways of providing insights from existing and potentially new security applications.
Louis:What advice are you giving CISOs to strengthen endpoint security in 2021 and beyond?
Christy: One of our advisors is the former Global Head of Information Security at Citi Group, and former CISO of JP Morgan and Deutsche Bank. He talks a lot about his shared experiences of enabling business operations, while defending organizations from ever-evolving threats, and the question that more IT and security leaders need to be asking – which is, “Is it working?” Included in his expert opinion is that cybersecurity needs to be integral to business strategy – and endpoint security is essential for creating a broader secure ecosystem that can adapt as a company’s needs change.
I believe there needs to be more boardroom-level conversations around how compliance frameworks can be best used to achieve a balance between cybersecurity and business operations. A big part of that is identifying resiliency as a critical KPI for measuring the strength of endpoint controls.
Removing any doubt endpoints are resilient, self-healing and secure is what matters most to cybersecurity leaders today. It has become the highest priority across education, enterprise, financial services and government organizations in 2020 and beyond. At the same time, CIOs and CISOs are recognizing that endpoint complexity itself is a vulnerability. Absolute’s 2020 State of Endpoint Resilience Report finds there are now 10.2 agents per endpoint installed, up from 9.8. Add to this how quickly software agents degrade across thousands of remote devices and the size of the challenge becomes clear.
Absolute’s approach to delivering unified endpoint security using their Endpoint Resilience platform that creates a permanent digital tether to every endpoint in the enterprise is getting noticed by CIOs and CISOs. IT leaders say Absolute’s ability to provide greater visibility and control is what they need. Interested in learning more about how Absolute is helping customers taking on the many challenges of protecting the proliferating number of endpoints today and how the company sees the future, I recently spoke with Christy Wyatt, CEO. (You can see my discussion with her last year here.)
Under her leadership, Absolute’s revenues, customer retention and Net Income continue to grow. Total revenue in Q4-FY2020 was $27.2M, representing a year-over-year increase of 7%. Annual revenue in FY2020 was $104.7M, representing an increase of 6% over F2019. Absolute also attained a 14% year-over-year increase in Enterprise and Government revenue making this segment 68% of Total ARR on June 30, 2020.
Christy is one of the most brilliant, insightful leaders in cybersecurity today and her perspective on the future of endpoint security makes for a fascinating discussion. The following is my interview with her:
Louis: When you look back over the last eight months, which decisions and strategies do you see as being pivotal to Absolute’s growth and the fact that you accomplished so much, so quickly?
Christy: That’s a great question and the first thing that jumps to mind is our decision that Endpoint Resilience needs to be its own category. This was kind of a new thing. Many people talk about finding bad guys and the need for identity and access management.. there is a lot of use of the fear factor. And as an industry, we kept thinking of different ways devices could be compromised and we kept adding more security controls to solve those problems.
The thesis we arrived at, here at Absolute, is, “Listen, more isn’t always better. Making sure that things are actually working in there when you need them, that’s what is more important.” Because when you spend a lot of money on solutions, or when you tell your board or your CEO that you have a particular control and are now safe from a specific kind of risk… you need to go to sleep at night knowing that that’s in fact true. There needs to be a foundational belief that there is something solid to stand on when bad things happen.
And so, much of what we did this past year was really focused on quantifying that rate of decay because we believe that it is a painful problem organizations are having. I think that we are making traction and the insights we continue to publish on the state of Endpoint Resilience is really helping with that.
Louis: On your last earnings call, you talked about undeletable endpoint security and how it caught on in the education market. Did you change your go-to-market strategy this quarter to show you could scale an enterprise-wide deployment with teachers and administrators?
Christy: What’s important to remember is that we’ve been in business 20 years and that we started in education – as the one-to-one laptop initiatives for school kids were just getting underway. Those devices were very expensive and so that is the first problem we worked to solve. If somebody got their hands on a student’s device, how do you build a security platform that can survive anything that happens to that device? That was the original design premise all those years ago. And so, we have deep experience in things like scalability and solving problems for the education market.
What we’ve been seeing n the education market over the last couple of years has really been that, while technology has been an enabler for students, they weren’t necessarily thinking about teachers and administrators. So the challenge that they’ve grappled with over the last few months, notably with the accelerated shift to remote learning, is figuring out how to be both a digital and remote organization all at once. A lot of their processes were not yet online and not every single individual was connected.
Because we have a long-standing relationship with this community, we have a lot of expertise in the providing the scale and stability that they need. It was relatively intuitive for us to step and say, “Listen, these are things we can help you with. Here’s the bigger picture of things we could be helping you with, as you’re still figuring out distance learning and how to mobilize students.” Because we’ve also while serving education, we’ve also been serving banks and governments – and our enterprise business has been growing quite nicely over the years as well.
And I think we’re going to see that continue, because even as schools are contemplating sending children back to school, nobody knows whether this is a long-term or short-term. The new term I’ve started using is operational agility… and I think it applies to enterprise as well as it goes to education. I don’t think we ever again get to take for granted location and physical proximity to employees or students or devices. It has become a critical KPI for most organizations going forward.
Louis: Excellent point. And with regard to enterprise and government sectors growing 14% annually, what did you see in the eight months of this year that led to the double-digit growth in those markets?
Christy: Very few organizations had ever really contemplated the question, “What would happen if everybody had to be remote at a moment’s notice?” While our enterprise business has been experiencing double-digit growth for quite a while now, the onset of the pandemic really accelerated that growth. There has been a shift in thinking, that working remotely is not just for a smaller population of road warriors and sales reps and executives. I’ve spoken with many organizations that would say having a permanent digital connection to a device is really important for the people who are on airplanes and in a taxi cabs. But, I have a large percentage of my population that has a device that really they only use at work. Maybe it’s a laptop, maybe it’s a desktop – but either way, 99% of the time they are here. Or the times that they’re not here, they can VPN in. And I think that’s really become the challenge, that we can’t make that assumption anymore.
A lot of customers are rethinking all of that right now, as they’re seeing that being a remote, digitally-led organization can actually fit within their business model. If they give employees the flexibility to do what they love, where they want to do it, they’ll have an edge. While this is something that’s been forced on us, as with many things, the more you practice, the better you get… and then at some point, it becomes a part of the company’s DNA. And you learn to trust that you’re going to be safe and secure, your data and your employees are going to be just fine, because you don’t lose connection with them just because you can’t see them.
Louis: I think trust is an accelerator and Absolute’s success with endpoint security shows how to enable it at scale across organizations. Now with 13,000 customers, Absolute’s approach to building trust is working well.
On the earnings call you gave guidance of $112M to $118M with between 7% to 13% growth defined by how accounting transactions are handled. Underneath those figures, what’s the customer segment or what’s the geographic segment that you believe will be the primary catalyst for that revenue growth?
Christy: Perhaps a bit unusually for company our size, a large percentage of our revenue is actually North America-based. Our international markets have been some of the fastest growing segments for us. Our ecosystem of partners that we support – notably, the large PC and device manufacturers and their indirect channels – most of those are global entities and would like to support their customers in the same way internationally that they support them in North America. So one big focus for us is doing more selling and marketing globally, to meet this need.
I think the other big catalyst is going to be this shift to Resilience. We have a lot of customers who still rely on us for making sure they’re always connected to their devices and able to take preventative action – such as selectively wiping images or freezing a device, or geo-fencing a device from specific locations. While that’s certainly a critical set of capabilities, because we’re sitting in the hardware and sort of looking up at the software, we can help with this concept of self-healing. We can make sure that the critical controls you care about are truly working and protecting your employees.
A lot of the conversations we’re having, especially with new customers, are really focused on these capabilities. It’s not just, “How do I make sure I always know where my things are and that I can take action on them no matter where they are?” Instead, it’s “how do I use automated workflows to remediate risk? How do I have devices fix themselves so that my IT people don’t have to drown and help those calls?”
This concept of persistence and true self-healing that’s rooted in the hardware, I think is really, really powerful.. and the value of that really starts to become apparent when we’re in a world that looks like this. So I think those are some big focus areas for us as we go in the next year.
Louis: I like that one point you made on the earnings call about intelligence efforts, providing more data in a more interactive way for customers. I thought that that was really insightful and I think relevant to what you’ve been saying throughout our discussion. How do you help customers see themselves in a new way with new metrics, more interactively, more intuitively with greater insight?
Christy: It’s a different view for us and it’s something I’m very excited about. When it comes to a new product, I focus on, “What’s the question the customer’s going to be asking? What’s the problem they’re trying to solve?” And from there, “How do I package that up neatly so that they click on a button and get a report and it solves all of their problems?” But that’s not the world we live in today, especially when you have so many moving parts and things are continuously changing.
So it’s a different design philosophy when we say to the team, “You actually have no idea what question the customer is going to ask. Your job is to create tools that allow them to ask any question they have and then help them define the answer, either using our tool or using our data in some other tool.” At the end of the day, that’s how they get closer to the truth about what’s going on within their organization… and how they gain the ability to make better decisions.
Louis: Absolutely, that’s key to creating a culture that can continues to innovate and with Absolute’s focus on helping customers attain greater autonomous endpoint resiliency, it’s proving to be a strong catalyst for future growth too.
Details Of What’s New In Gartner’s Hype Cycle for Endpoint Security, 2020
Five technologies are on the Hype Cycle for the first time reflecting remote working’s rapid growth and the growing severity and sophistication of endpoint attacks. Unified Endpoint Security, Extended Detection and Response, Business E-Mail Compromise Protection, BYOPC Security and Secure Access Service Edge (SASE) are the five technologies added this year. Many organizations are grappling with how to equip their remote workforces with systems, devices and smartphones, with many reverting to have employees use their own. Bring your PC (BYOPC) has become so dominant so fast that Gartner replaced BYOD on this year’s Hype Cycle with the new term. Gartner sees BYOPC as one of the most vulnerable threat surfaces every business has today. Employees’ devices accessing valuable data and applications continues to accelerate without safeguards in place across many organizations.
Extended detection and response (XDR) are on the Hype Cycle for the first time, reflecting the trend of vendor consolidation across cybersecurity spending today. Gartner defines XDR as a vendor-specific, threat detection and incident response tool that unifies multiple security products into a security operations system. XDR and its potential to reduce the total cost and complexity of cybersecurity infrastructures is a dominant theme throughout this year’s Hype Cycle. XDR vendors are claiming that their integrated portfolios of detection and response applications deliver greater accuracy and prevention than stand-alone systems, driving down Total Cost of Ownership (TCO) and increasing productivity. Key vendors in XDR include Cisco, FireEye, Fortinet, McAfee, Microsoft, Palo Alto Networks, Sophos, Symantec and Trend Micro.
Business email compromise (BEC) protection is on the Hype Cycle for the first time this year. Phishing attacks cost businesses $1.8B in 2019, according to the FBI, underscoring the need for better security in the area of business email. Gartner defines business email compromise (BEC) protection as a series of solutions that detect and filter malicious emails that fraudulently impersonate business associates to misdirect funds or data. There have been many instances of business email compromise attacks focused on C-level executives, hoping that a fraudulent directive from them to subordinates leads to thousands of dollars being transferred to outside accounts or being sent in gift cards. Gartner found that fraudulent invoices accounted for 39% of such attacks in 2018, posing an internal risk to organizations and reputation risk.
Unified Endpoint Security (UES) is being driven by IT organizations’ demand for having a single security console for all security events. Gartner notes that successful vendors in UES will be those that can demonstrate significant productivity gains from the integration of security and operations and those that can rapidly process large amounts of data to detect previously unknown threats. CIOs and CISOs are looking for a way to integrate UES and Unified Endpoint Management (UEM), so their teams can have a single, comprehensive real-time console of all devices that provides alerts of any security events. The goal is to adjust security policies across all devices. Absolute’s approach to leveraging their unique persistence, resilience and intelligence capabilities are worth watching. Their approach delivers unified endpoint security by relying on their Endpoint Resilience platform that includes a permanent digital tether to every endpoint in the enterprise. By having an undeletable digital thread to every device, Absolute is enabling self-healing, greater visibility and control. Based on conversations with their customers in Education and Healthcare, Absolute’s unique approach gives IT complete visibility into where every device is at all times and what each device configuration looks like in real-time.
Unified Endpoint Management (UEM) is expanding rapidly beyond managing PCs and mobile devices to provide greater insights from endpoint analytics and deeper integration Identity and Access Management. Gartner notes interest in UEM remains strong and use-case-driven across their client base. UEM’s many benefits, including streamlining continuous OS updates across multiple mobile platforms, enabling device management regardless of the connection and having an architecture capable of supporting a wide range of devices and operating systems are why enterprises are looking to expand their adoption of UEM. Another major benefit enterprises mention is automating Internet-based patching, policy, configuration management. UEM leaders include MobileIron, whose platform reflects industry leadership with its advanced unified endpoint management (UEM) capabilities. MobileIron provides customers with additional security solutions integrated to their UEM platform, including passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD). MTD is noteworthy for its success at MobileIron customers who need to validate devices at scale, establish user context, verify network connections, then detect and remediate threats.
Gartner says ten technologies were either removed or replaced in the Hype Cycle because they’ve evolved into features of broader technologies or have developed into tools that address more than security. The ten technologies include protected browsers, DLP for mobile devices, managed detection and response, user and entity behavior analytics, IoT security, content collaboration platforms, mobile identity, user authentication, trusted environments and BYOD being replaced by BYOPC.
Enterprises who are increasing the average number of endpoint security agents from 9.8 last year to 10.2 today aren’t achieving the endpoint resilience they need because more software agents create more conflicts, leaving each endpoint exposed to a potential breach.
1 in 3 enterprise devices is being used with a non-compliant VPN, further increasing the risk of a breach.
60% of breaches can be linked to a vulnerability where a patch was available, but not applied. Windows 10 devices in enterprises are, on average, 95 days behind on patches.
CIOs, CISOs and cybersecurity teams say autonomous endpoint security is the most challenging area they need to strengthen in their cybersecurity strategy today. Software agents degrade faster than expected and conflict with each other, leaving endpoints exposed. Absolute’s 2020 State of Endpoint Resilience Report quantifies the current state of autonomous endpoint security, the scope of challenges CISOs face today and how elusive endpoint resiliency is to achieve with software agents. It’s an insightful read if you’re interested in autonomous endpoint security.
Endpoint Security Leads CISOs’ Priorities In 2020
With their entire companies working remotely, CIOs and CISOs I’ve spoken with say autonomous endpoint security is now among their top three priorities today. Cutting through the endpoint software clutter and turning autonomous endpoint security into a strength is the goal. CISOs are getting frustrated with spending millions of dollars among themselves only to find out their endpoints are unprotected due to software conflicts and degradation. Interested in learning more, I spoke with Steven Spadaccini, Vice President, Sales Engineering at Absolute Software and one of the most knowledgeable autonomous endpoint cybersecurity experts I’ve ever met. Our conversation delved into numerous cybersecurity challenges enterprise CIOs and CISOs are facing today. My interview with him is below:
The Seven Toughest Questions the C-Suite Is Asking About Endpoint Security
Louis: Thank you for your time today. I have seven questions from CIOs, CISOs and their teams regarding endpoint security. Let’s get started with their first one. What happens if an endpoint is compromised, how do you recover, encrypt, or delete its data?
Steven: It’s a challenge using software agents, both security and/or management, to do this as each agents’ tools and features often conflict with each other, making a comprised endpoints’ condition worse while making it virtually impossible to recover, encrypt, delete and replace data. The most proven approach working for enterprises today is to pursue an endpoint resilience strategy. At the center of this strategy is creating a root of trust in the hardware and re-establishes communication and control of a device through an unbreakable digital tether. I’m defining Endpoint Resilience as an autonomous endpoint security strategy that ensures connectivity, visibility and control are achieved and maintained no matter what is happening at the OS or application level. Taking this approach empowers devices to recover automatically from any state to a secure operational state without user intervention. Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning
Louis: Do endpoint software security solutions fail when you lose access to the endpoint, or is the device still protected at the local level?
Steven: When they’re only protected by software agents, they fail all the time. What’s important for CISOs to think about today is how they can lead their organizations to excel at automated endpoint hygiene. It’s about achieving a stronger endpoint security posture in the face of growing threats. Losing access to an endpoint doesn’t have to end badly; you can still have options to protect every device. It’s time for enterprises to start taking a more resilient-driven mindset and strategy to protecting every endpoint – focus on eliminating dark endpoints. One of the most proven ways to do that is to have endpoint security embedded to the BIOS level every day. That way, each device is still protected to the local level. Using geolocation, it’s possible to “see” a device when it comes online and promptly brick it if it’s been lost or stolen.
Louis: How can our cybersecurity team ensure compliance that all cybersecurity software is active and running on all endpoints?
Steven: Compliance is an area where having an undeletable tether pays off in a big way. Knowing what’s going on from a software configuration and endpoint security agent standpoint – basically the entire software build of a given endpoint – is the most proven way I’ve seen CISOs keep their inventory of devices in compliance. What CISOs and their teams need is the ability to see endpoints in near real-time and predict which ones are most likely to fail at compliance. Using a cloud-based or SaaS console to track compliance down to the BIOS level removes all uncertainty of compliance. Enterprises doing this today stay in compliance with HIPAA, GDPR, PCI, SOX and other compliance requirements at scale. It’s important also to consider how security automation and orchestration kicks on to instantly resolve violations by revising security controls and configurations, restoring anti-malware, or even freezing the device or isolating it from data access. Persistent visibility and control give organizations what they need to be audit-ready at every moment.
Having that level of visibility makes it easy to brick a device. Cybersecurity teams using Absolute’s Persistence platform can lead to humorous results for IT teams, who call the bricking option a “fun button as they watch hackers continually try to reload new images and right after they’re done, re-brick the device again. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and one had been resold on the black market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image rebuild “brick me.”
Louis: With everyone working remote today, how can we know, with confidence where a given endpoint device is at a moments’ notice?
Steven: That’s another use case where having an undeletable tether pays off in two powerful ways: enabling autonomous endpoint security and real-time asset management. You can know with 100% confidence where a given endpoint device is in real-time so long as the device is connected to a permanent digital tether . Even if the device isn’t reachable by your own corporate network it’s possible to locate it using the technologies and techniques mentioned earlier. CIOs sleep better at night knowing every device is accounted for and if one gets lost or stolen, their teams can brick it in seconds.
Louis: How can our IT and cybersecurity teams know all cybersecurity applications are active and protecting the endpoint?
Steven: By taking a more aggressive approach to endpoint hygiene, it’s possible to know every application, system configuration and attributes of user data on the device. It’s important not to grow complacent and assume the gold image IT uses to configure every new or recycled laptop is accurate. One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image is an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.
Louis: How can we restrict the geolocations of every endpoint?
Steven: This is an area that’s innovating quickly in response to the needs enterprises have to track and manage assets across countries and regions. IP tracking alone isn’t as effective as the newer techniques, including GPS tracking, Wi-Fi triangulation, with both integrated into the Google Maps API. Enterprises whose business relies on Personal Identifiable Information (PII) is especially interested in and adopting these technologies today. Apria Healthcare is currently using geofencing for endpoint security and asset management. They have laptops in use today across Indonesia, the Philippines and India. Given the confidential nature of the data on those devices and compliance with local government data protection laws, each laptop needs to stay in the country they’re assigned to. Geofencing gives Apria the power to freeze any device that gets outside of its region within seconds, averting costly fines and potential breaches.
Louis: How can our IT team immediately validate an endpoint for vulnerabilities in software and hardware?
Steven: The quickest way is to design in audit-ready compliance as a core part of any endpoint resilience initiative. Endpoint resilience to the BIOS level makes it possible to audit devices and find vulnerabilities in real-time, enabling self-healing of mission-critical security applications regardless of complexity. The goal of immediately validating endpoints for current security posture needs to be a core part of any automated endpoint hygiene strategy. It’s possible to do this across platforms while being OS-agnostic yet still accessible to over 500M endpoint devices, deployed across Microsoft Windows, macOS via a Mac Agent and Chrome platforms.
Knowing if their autonomous endpoint security and enterprise-wide cybersecurity strategies are working or not is what keeps CIOs up the most at night. One CISO confided to me that 70% of the attempted breaches to his organization are happening in areas he and his team already knew were vulnerable to attack. Bad actors are getting very good at finding the weakest links of an enterprises’ cyber defenses fast. They’re able to look at the configuration of endpoints, see which software agents are installed, research known conflicts and exploit them to gain access to corporate networks. All this is happening 24/7 to enterprises today. Needing greater resilient, persistent connections to every device, CISOs are looking at how they can achieve greater resilience on every endpoint. Capitalizing on an undeletable tether to track the location of the device, ensure the device and the apps on that device have self-healing capabilities and gain valuable asset management data – these are a few of the many benefits they’re after.
Bottom line: With many IT budgets under scrutiny, cybersecurity teams are expected to do more with less, prioritizing spending that delivers the greatest ROI while avoiding the top five mistakes that threaten their infrastructures.
In a rush to reduce budgets and spending, cybersecurity teams and the CISOs that lead them need to avoid the mistakes that can thwart cybersecurity strategies and impede infrastructure performance. Cutting budgets too deep and too fast can turn into an epic fail from a cybersecurity standpoint. What I’ve found is that CIOs are making decisions based on budget requirements, while CISOs are looking out for the security of the company.
Based on their ongoing interviews with CIOs, Gartner is predicting an 8% decline in worldwide IT spending this year. Cybersecurity projects that don’t deliver a solid ROI are already out of IT budgets. Prioritizing and trimming projects to achieve tighter cost optimization is how CIOs and their teams are reshaping their budgets today. CIOs say the goal is to keep the business running as secure as possible, not attain perfect cybersecurity.
Despite the unsettling, rapid rise of cyber-attacks, including a 667% increase in spear-fishing email attacks related to Covid-19 since February alone, CIOs often trim IT budgets starting with cybersecurity first. The current economic downturn is making it clear that cybersecurity is more of a business strategy than an IT one, as spending gets prioritized by the best-to-worst business case.
Five Mistakes No CISO Wants To Make
One of the hardest parts of a CISO’s job is deciding which projects will continue to be funded and who will be responsible for leading them, so they deliver value. It gets challenging fast when budgets are shrinking and competitors actively recruit the most talented team members. Those factors taken together create the perfect conditions for the five mistakes that threaten the infrastructure cybersecurity and resilience of any business.
The five mistakes no CISO wants to make include the following:
1. No accountability for the crown jewels for the company. Privileged access credentials continue to be the primary target for cyber-attackers. However, many companies just went through a challenging sprint to make sure all employees have secure remote access to enable Covid-19 work-from-home policies. Research by Centrify reveals that 41% of UK businesses aren’t treating outsourced IT and other third parties likely to have some form of privileged access as an equal security concern.
And while a password vault helps rotate credentials, it still relies on shared passwords and doesn’t provide any accountability to know who is doing what with them. That accountability can be introduced by moving to an identity-centric approach where privileged users log in as themselves and are authenticated using existing identity infrastructures (such as Microsoft Active Directory) to federate access with Centrify’s Privileged Access Service.
CISOs and their teams also continue to discount or underestimate the importance of privileged non-human identities that far outweigh human users as a cybersecurity risk in today’s business world. What’s needed is an enterprise-wide approach enabling machines to protect themselves across any network or infrastructure configuration.
2. Cybersecurity budgets aren’t revised for current threatscapes. Even though many organizations are still in the midst of extensive digital transformation, their budgets often reflect the threatscape from years ago. This gives hackers the green light to get past antiquated legacy security systems to access and leverage modern infrastructures, such as cloud and DevOps. IT security leaders make this even more challenging by not listening to the front-line cybersecurity teams and security analysts who can see the patterns of breach attempts in data they review every day. In dysfunctional organizations, the analyst teams are ignored and cybersecurity suffers.
3. Conflicts of interest when CISOs report to CIOs and the IT budget wins. This happens in organizations that get hacked because the cybersecurity teams aren’t getting the tools and support they need to do their jobs. With IT budgets facing the greatest scrutiny they’ve seen in a decade, CISOs need to have their budget to defend. Otherwise, too many cybersecurity projects will be cut without thinking of the business implications of each. The bottom line is CISOs need to report to the CEO and have the autonomy to plan, direct, evaluate and course-correct their strategies with their teams.
4. The mistake of thinking cloud platforms’ Identity and Access Management (IAM) tools can secure an enterprise on their own. Cloud providers offer a baseline level of IAM support that might be able to secure workloads in their clouds adequately but is insufficient to protect a multi-cloud, hybrid enterprise. IT leaders need to consider how they can better protect the complex areas of IAM and Privileged Access Management (PAM) with these significant expansions of the enterprise IT estate.
Native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud and other vendors provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. However, often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments. Please see the post, The Truth About Privileged Access Security On AWS and Other Public Clouds, for additional information.
5. Exposing their organizations to a greater risk of breach and privileged access credential abuse by staying with legacy password vaults too long. Given the severity, speed and scale of breach attempts, IT leaders need to re-think their vault strategy and make them more identity-centric. Just as organizations have spent the past 5 – 10 years modernizing their infrastructure, they must also consider how to modernize how they secure access to it. More modern solutions can enforce a least privilege approach based on Zero Trust principles that grant just enough, just-in-time access to reduce risk. Forward-thinking organizations will be more difficult to breach by reorienting PAM from being vault-centric to identity-centric.
Decisions about what stays or goes in cybersecurity budgets this year could easily make or break careers for CISOs and CIOs alike. Consider the five mistakes mentioned here and the leading cause of breaches – privileged access abuse. Prioritizing privileged access management for human and machine identities addresses the most vulnerable threat vector for any business. Taking a more modern approach that is aligned to digital transformation priorities can often allow organizations to leverage their existing solutions to reduce risk and costs at the same time.
86% of all breaches are financially motivated, where threat actors are after company financial data, intellectual property, health records, and customer identities that can be sold fast on the Dark Web.
70% of breaches are perpetrated by external actors, making endpoint security a high priority in any cybersecurity strategy.
55% of breaches originate from organized crime groups.
Attacks on Web apps accessed from endpoints were part of 43% of breaches, more than double the results from last year.
These and many other insights are from Verizon’s 2020 Data Breach Investigations Report (DBIR), downloadable here (PDF, 119 pp. free, opt-in). One of the most-read and referenced data breach reports in cybersecurity, Verizon’s DBIR, is considered the definitive source of annual cybercrime statistics. Verizon expanded the scope of the report to include 16 industries this year, also providing break-outs for Asia-Pacific (APAC); Europe, Middle East and Africa (EMEA); Latin America and the Caribbean (LAC); and North America, Canada, and Bermuda, which Verizon says is experiencing more breaches (NA).
The study’s methodology is based on an analysis of a record total of 157,525 incidents. Of those, 32,002 met Verizon’s quality standards, and 3,950 were confirmed data breaches. The report is based on an analysis of those findings. Please see Appendix A for the methodology.
Key insights include the following:
Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today. After reading the 2020 Verizon DBIR, it’s clear that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. Autonomous endpoints that can enforce compliance, control, automatically regenerating, and patching cybersecurity software while providing control and visibility is the cornerstone of cybersecurity’s future. For endpoint security to scale across every threat surface, the new hybrid remote workplace is creating an undeletable tether to every device as a must-have for achieving enterprise scale.
The lack of diligence around Asset Management is creating new threat surfaces as organizations often don’t know the current health, configurations, or locations of their systems and devices. Asset Management is a black hole in many organizations leading to partial at best efforts to protect every threat surface they have. What’s needed is more insightful data on the health of every device. There are several dashboards available, and one of the most insightful is from Absolute, called the Remote Work and Distance Learning Insights Center. An example of the dashboard shown below:
85% of victims and subjects were in the same country, 56% were in the same state, and 35% were even in the same city based on FBI Internet Crime Complaint Center (IC3) data. Cybercriminals are very opportunistic when it comes to attacking high-profile targets in their regions of the world. Concerted efforts of cybercriminals funded by organized crime look for the weakest threat surfaces to launch an attack on, and unprotected endpoints are their favorite target. What’s needed is more of a true endpoint resilience approach that is based on a real-time, unbreakable digital tether that ensures the security of every device and the apps and data it contains.
Cloud assets were involved in about 24% of breaches this year, while on-premises assets are still 70%. Ask any CISO what the most valuable lesson they learned from the pandemic has been so far, and chances are they’ll say they didn’t move to the cloud quickly enough. Cloud platforms enable CIOs and CISOs to provide a greater scale of applications for their workforces who are entirely remote and a higher security level. Digging deeper into this, cloud-based Security Information and Event Management (SIEM) provides invaluable real-time analysis, alerts, and deterrence of potential breaches. Today it’s the exceptional rather than the rule that CISOs prefer on-premise over cloud-based SIEM and endpoint security applications. Cloud-based endpoint platforms and the apps they support are the future of cybersecurity as all organizations now are either considering or adopting cloud-based cybersecurity strategies.
Over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. One of the most valuable insights from the Verizon DBIR is how high of a priority cybercriminals are placing on stealing personal and privileged access credentials. Shutting down potential breach attempts from stolen passwords involves keeping every endpoint completely up to date on software updates, monitoring aberrant activity, and knowing if anyone is attempting to change the configuration of a system as an administrator. By having an unbreakable digital tether to every device, greater control and real-time response to breach attempts are possible.
Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of cybersecurity, a point that can be inferred from Verizon’s DBIR this year. While CIOs are more budget-focused than ever, CISOs are focused on how to anticipate and protect their enterprises from new, emerging threats. Closing the asset management gaps while securing every endpoint is a must-have to secure any business today. There are several cybersecurity companies offering endpoint security today. Based on customer interviews I’ve done, one of the clear leaders in endpoint resilience is Absolute Software, whose persistent-firmware technology allows them to self-heal their own agent, as well as any endpoint security control and productivity tool on any protected device such as their Resilience suite of applications.
More than 5,000 personal devices connect to enterprise networks every day with little or no endpoint security enabled in one of every three companies in the U.S., U.K., and Germany.
More than 1,000 shadow IoT devices connect to enterprise networks every day in 30% of the U.S., U.K., and German companies.
12% of U.K. organizations are seeing more than 10,000 shadow IoT devices connect to their enterprise networks every day.
Associates most often use shadow IT devices to access social media (39%), followed by downloading apps (24%), games (13%), and films (7%). Hackers, organized crime and state-sponsored cybercrime organizations rely on social engineering hacks, phishing, and malware injection across these four popular areas to gain access to enterprise networks and exfiltrate data.
Shadow personal IoT voice assistants, Amazon Kindles, smartphone, and tablet devices are proliferating across enterprise networks today, accelerated by last-minute shopping everyone is trying to get done before the end of December. 82% of organizations have introduced security policies governing the use of these devices but just 24% of employees are aware of them. Meanwhile, the majority of IT senior management, 88%, believe their policies are effective. These and many other fascinating insights are from a recent study completed by Infoblox titled, What is Lurking on Your Network, Exposing the threat of shadow devices (PDF, 7 pp., no opt-in).
Shadow IT’s Security Gaps Create New Opportunities For Hackers
Gaps in threat surface and endpoint security are what hackers, organized crime, and state-sponsored cybercrime organizations thrive on. The holidays create new opportunities for these organizations to capitalize on security gaps using social engineering hacks, phishing, malware injection and more. “With cybercriminals increasingly exploiting vulnerable devices, as well as targeting employees’ insecure usage of these devices, it is crucial for enterprise IT teams to discover what’s lurking on their networks and actively defend against the threats introduced,” Gary Cox, Technology Director, Western Europe for Infoblox said. Just a few of the many threats include the following:
A quick on-ramp for hackers to exfiltrate data from enterprise systems. Every personal device left unprotected on an enterprise network is an ideal threat surface for hackers and other malicious actors to infiltrate an enterprise network from. The most common technique is to use DNS tunneling, which enables cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. Project Sauron was one particularly advanced threat, which allegedly went undetected for five years at a number of organizations that used DNS tunneling for data exfiltration.
Distributed Denial of Service (DDoS) attacks are often launched from a series of hijacked connected devices that are often the least protected threat surface on corporate networks. It’s common for DDoS attacks to begin with malicious actors hijacking any vulnerable device they can to launch repeated and frequent queries that bombard the Domain Name Server (DNS) with the intent of slowing down its ability to process legitimate queries, often to the point that it can no longer function.
Creating and targeting Botnet armies using vulnerable IoT devices to attack organizations’ enterprise systems is increasing, according to Verizon’s latest 2019 Data Breach Investigations Report.“Botnets are truly a low-effort attack that knows no boundaries and brings attackers either direct revenue through financial account,” according to Verizon’s 2019 study. Botnets are also being used to steal privileged access credentials to an enterprises’ systems that are being accessed from the same personal devices employees are using for social media access and shopping. There have been over 40,000 breaches initiated using botnets this year so far, according to Verizon. The report notes that a variant of the Mirai IoT botnet began scanning for vulnerable Drupal servers in April of this year and was successful in finding the most vulnerable systems globally to install crypto mining software. The attack is known as Drupalgeddon2, and the scope of its vulnerabilities are still being discovered today.
Where To Start: Secure The Networks Shadow IT Relies On
Chief Information Security Officers (CISOs) have told me that the most challenging aspect of securing the proliferation of shadow IT devices is protecting the multitude of remote locations that together form their distributed networks. They’re saying that in 2020, enabling network security is the greatest challenge their enterprises will face. More enterprises are adopting cloud-based DDI platforms that enable enterprises to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Leaders in this area include Infoblox, a leader in SD-WAN and cloud-based DDI platforms for enterprises. Here are the most common strategies they’re relying on to secure their distributed networks based on the proliferation of personal devices:
Integrating threat intelligence data to evaluate if specific sites and applications are high risk or not. IT administrators need to deploy solutions that allow them to build safeguards that will prevent potential dangerous activity occurring on the network. Integrating threat intelligence data into DNS management enables security teams to monitor and prevent access to Newly Observed Domains. Many new domains will be set up ahead of phishing and/or spear-phishing campaign, so in preventing access to these sites, organizations can reduce the risk of employees accidentally introducing malware through clicking through to insecure links on personal devices connected to the enterprise network.
Set the goal of achieving full visibility across distributed networks by starting with a plan that considers cloud-based DDI platforms. CISOs and the IT teams working with them need to translate their policies into action by achieving more unified visibility by upgrading their core network services, including DNS, DHCP, and IP address management, on cloud-based DDI platforms to bring greater security scale and reliability across their enterprise networks.
Design in greater DNS security at the network level. Enterprise networks are heavily reliant on DNS, making them an area malicious actors attempt to disrupt in their broader efforts to exfiltrate valuable data from organizations. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats – leaving organizations vulnerable to highly aggressive, rapidly proliferating attacks. When secured, the DNS can act as an organization’s first line of defense. The DNS can provide essential context and visibility, so IT teams can be alerted of any network anomalies, report on what devices are joining and leaving the network, and resolve problems faster.
Bring Your Own Device (BYOD) initiatives’ benefits far outweigh the costs, making the business case for BYOD overwhelming positive, as seen in how financial services firms stay secure. Enterprises need to consider adopting a cloud-based DDI platform approach that enables them to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Many CISOs are beginning to realize the model of relying on centralized IT security isn’t scaling to support and protect the proliferation of user devices with internet access, leaving employees, branch offices, and corporate networks less secure than ever before. Every IT architect, IT Director, or CIO needs to consider how taking an SDWAN-based approach to network management reduces the risk of a breach and data exfiltration.
Cloud-based endpoint protection platforms (EPP) are proliferating across enterprises today as CIOs and CISOs prioritize greater resiliency in their endpoint security strategies going into 2020.
Gartner predicts that Global Information Security and Risk Management end-user spending is forecast to grow at a five-year CAGR of 9.2% to reach $174.5 billion in 2022, with approximately $50B spent on endpoint security.
Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.
There’s a surge of activity happening right now in enterprises that are prioritizing more resiliency in their endpoint security strategies going into 2020. The factors motivating CIOs, CISOs, IT, and Practice Directors to prioritize endpoint resiliency include more effective asset management based on real-time data while securing and ensuring every endpoint can heal itself using designed-in regenerative software at the BIOS level of every device. CIOs say the real-time monitoring helps reduce asset management operating expense, a big plus many of them appreciate give their tight budgets. Sean Maxwell, Chief Commercial Officer at Absolute, says, “Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning.”
The Endpoint Market Is Heating Up Going Into 2020
Over thirty vendors are competing in the endpoint security market right now. A few of the most interesting are Absolute Software, Microsoft,Palo Alto Networks, and others who are seeing a surge of activity from enterprises based on discussions with CIOs and CISOs. Absolute Software’s Persistence self-healing endpoint security technology is embedded in the firmware of more than 500 million devices and gives CIOs, CISOs and their team’s complete visibility and control over devices and data. Absolute is the leading visibility and control platform that provides enterprises with tamper-proof resilience and protection of all devices, data, and applications.
Like Absolute, Microsoft is unique in how they are the only vendor to provide built-in endpoint protection at the device level, with the core focus being on the OS. Windows 10 has Windows Defender Antivirus now integrated at the OS level, the same System Center Endpoint Protection delivers in Windows 7 and 8 OS. Microsoft Defender Advanced Threat Protection (ATP) incident response console aggregates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP, and Active Directory, in addition to Azure.
Further evidence of how enterprise customers are placing a high priority on endpoint security is the increase in valuations of key providers in this market, including Absolute Software(TSE: ABT) and others. Absolute’s stock price has jumped 13% in just a month, following their latest earnings announcement on November 12th with a transcript of their earnings call here. Absolute’s CEO Christy Wyatt commented during the company’s most recent earnings call that, “The ability to utilize near real-time data from the endpoint to… to deliver actionable insights to IT about where controls are failing and the ability to apply resilience to self-heal and reinforce those security controls will become a critical skill for every one of our customers. This is the essence of Absolute’s platform, which adds resiliency to our customer’s operations.” It’s evident from what CIOs and CISOs are saying that resiliency is transforming endpoint security today and will accelerate in 2020.
Key Takeaways From Conversations With Enterprise Cybersecurity Leaders
The conversations with CIOs, CISOs, and IT Directors provided valuable insights into why resiliency is becoming a high priority for endpoint security strategies today. The following are key takeaways from the conversations:
Known humorously as the “fun button” cybersecurity teams enjoy being able to brick any device any time while monitoring the activity happening on it in real-time. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA), and one had been resold on the back market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded, at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image re-build “brick me.”
IT budgets for 2020 are flat or slightly up, with many CIOs being given the goal of reducing asset management operating expenses, making resiliency ideal for better managing device costs. The more effectively assets are managed, the more secure an organization becomes. That’s another motivating factor motivating enterprises to adopt resiliency as a core part of the endpoint security strategies.
One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.
Endpoints enabled with Resiliency have proven their ability to autonomously self-heal themselves, earning the trust of CIOs and CISOs, who are adopting Absolute to alleviate costly network interruptions and potential breaches in the process. 19% of endpoints across a typical IT network require at least one client or patch management repair monthly, according to Absolute’s 2019 Endpoint Security Trends Report. The report also found that increasing security spending on protecting endpoints doesn’t increase an organizations’ safety – and in some instances, reduces it. Having a systematic, design-in solution to these challenges gives CIOs, CISO, and their teams greater peace of mind and reduces expensive interruptions and potential breaches that impede their organizations’ growth.
Bottom Line: Attacking endpoints with AI, bots, and machine learning is gaining momentum with cybercriminals today with no signs of slowing down into 2020, making endpoint security a must-have cybersecurity goal for next year.
Cyberattacks are growing more complex and difficult to prevent now and will accelerate in the future, making endpoint security a top goal in 2020. Cybercriminals are using structured and unstructured machine learning algorithms to hack organizations’ endpoints with increasing frequency. Endpoint attacks and their levels of complexity will accelerate as cybercriminals gain greater mastery of these techniques.
In response, endpoint protection providers are adopting machine learning-based detection and response technologies, providing more cloud-native solutions that can scale across a broader range of endpoints, and designing in greater persistence and resilience for each endpoint. The recent IDC survey published this month, Do You Think Your Endpoint Security Strategy Is Up to Scratch? completed in collaboration with HP recommends that “companies should seek to build resilience — on the assumption that breaches are inevitable — and look for “security by design” features that facilitate or automate detection and recovery.” IDC surveyed 500 senior security executives globally, finding major differences between leading organizations who realize endpoint security is essential for a unified cybersecurity strategy and followers, who don’t.
What Differentiates The Most Effective Endpoint Strategies?
IDC’s study found that leaders who integrate endpoint security into their cybersecurity plans are more effective at compliance reporting, endpoint hardening, and attack detection and response. Leaders capitalize on the data from their endpoint security strategies, creating contextual intelligence that helps protect their most vulnerable threat surfaces. The following are key insights from the IDC study showing why endpoint security needs to be an integral part of any corporate-wide cybersecurity strategy:
29.6% of all enterprises globally consider endpoint security to be a significant component of their overall cybersecurity strategy, with leaders 2X as likely to consider it a high priority. Close to half of all enterprises (49.4%) believe endpoint security can perform effectively as a secondary component. IDC found that the lesser the priority security leaders place on endpoint security, the more likely endpoints will fail. Instead of taking a strategic approach, organizations treat endpoint security as an isolated strategy, adding an average of 10 security agents per device according to Absolute’s2019 Endpoint Security Trends Report. You can get a copy of the report here. Cybersecurity leaders realize that having a unified endpoint security strategy designed for persistence and resilience is far more effective than relying on an isolated one. The following findings from the IDC report illustrate how leaders view endpoint as integral to their cybersecurity strategies.
When enterprises are complacent about endpoint security, procurement standards become mediocre over time and leave digital businesses at greater risk. Followers lack security focus for everything other than desktops during procurement, for example. Though most enterprises include security requirements in procurement requests, those requirements are not specified equally for all endpoint device types, resulting in uneven security coverage and compliance risk.
Automated operating system image recoverability, detect and recover firmware integrity breaches, and enabling software monitoring from the hardware level are the three most in-demand endpoint security features for enterprises today. Leader enterprises have relied on persistent connections to every endpoint in a network to achieve greater resilience across their global networks. Absolute is working to change this relationship, allowing remote, disconnected endpoints to remain resilient, which reflects what leaders are looking for in terms of greater control and visibility for every threat surface or endpoint. Senior security leaders, including CISOs, are taking a more integrated approach to endpoint security by designing in persistence to the device level that thwarts breach attempts in real-time. Absolute is working to change this relationship, allowing remote, disconnected endpoints to remain resilient.
Enterprises who are cybersecurity leaders most value a device’s built-in security features when evaluating PCs, laptops, and mobile devices while followers value this feature least. 33% of enterprises who are leaders prioritize devices that have built-in security capabilities that immediately provide persistent connections across the network, enabling greater resiliency. The study also makes the point that endpoint security needs to be tamper-proof at the operating system level, yet be flexible enough to provide IT and cybersecurity teams with device visibility and access to modify protections. One of the leaders in this area, Absolute, has invented endpoint security technology that begins at the BIOS level. There are currently 500M devices that have their endpoint code embedded in them. The Absolute Platform is comprised of three products: Persistence, Intelligence, and Resilience—each building on the capabilities of the other. The following graphic from the IDC study illustrates the stark contrast between enterprises who are cybersecurity leaders versus followers when it comes to adopting build-in security capabilities to harden endpoints across their networks.
When 70% of all breaches originate at endpoints, despite enterprise IT spending more than ever in cybersecurity, it’s a clear sign that endpoint security needs to be an integral part of any cybersecurity strategy. On average, every endpoint has ten security agents installed, often leading to software conflicts and frequent endpoint encryption failures. Absolute’s latest study found that over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach. They’re most commonly disabled by users, malfunction, or have error conditions or have never been installed correctly in the first place. Absolute also found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. 100% of all devices experiencing encryption failures within one year. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than avert them. These are just a few of the many factors that make improving endpoint security a top goal all enterprises need to achieve in 2020.