Is This the End for Your Endpoint Security Tool?

A new report from Absolute Software came to one very dismal conclusion: All endpoint security tools will eventually fail.

The 2019 Global Endpoint Security Trends Report concluded that 100% of devices will experience an encryption failure within one year.

“If we define failure as ‘unable to detect an ongoing attack,’ then the attacker may be able to steal local data from that endpoint and set an initial foothold in the organization. It will be up to the rest of the security architecture to detect it, which is more difficult but certainly not impossible,” said Fernando Montenegro, a senior analyst at 451 Research. “If we define failure as ‘interruption of service,’ then a failed endpoint may lead to loss of productivity, as an example.”

According to the report, one of the reasons for this failure is that most organizations have too much complexity at their endpoints, with 10 or more endpoint security agents installed. Too many tools make the environment difficult to test and protect properly. The report found that 28% of endpoints have missing or outdated endpoint protection tools. All of this complexity increases the odds that agents will conflict and decay, the report concluded.

The report also found that endpoint controls degrade over time, due to issues like malfunctions, misconfiguration or somehow becoming disabled. The report found that more than 42% of endpoints experience encryption failures at any point in time, rendering endpoints unprotected. It also found that 2% of encryption agents fail every week, with an 8% failure every 30 days and 100% within one year.

On average, the median time-to-failure for encryption across all devices is just 12 days, the report said, but can happen in as little as six hours. It also found encryption recovery times to be too lengthy, leading to an average window of vulnerability for unencrypted devices of 12 days. Thirty percent of devices remain unencrypted for more than 60 days, the report concluded.

Finally, the report found that client management and patching tools break often. According to the report, 19% of endpoints must be patched or repaired monthly. And, of patching agents that need repair, 50 percent must be repaired at least three times.

One of the best ways organizations can keep their endpoint security tools from failing is by implementing robust practices for managing those endpoints, Montenegro says. “Much like a car or a house will deteriorate if there is no adequate maintenance, the same happens with endpoints,” he said.

Even with the best maintenance, however, everything, including endpoint security tools, will eventually need to be replaced. The best way to determine whether it’s time, he said, is to measure the effectiveness of the components. If there is a spike in incidents, for example, does the root cause analysis point to a common component as responsible?

When analyzing products to replace existing tools, organizations should look at both functional and non-functional aspects, such as how the tool fits within the operational practices, ease of maintenance and, of course, performance, given the organization’s threat model.