the shifting state of endpoint risk: key strategies to implement in 2012
TRANSCRIPT
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
Today’s Agenda
Trends in the Threat Landscape
State of Endpoint Risk:Latest Survey Results
Summary and Recommendations
Q&A
Today’s Panelists
3
Dr. Larry PonemonChairman & FounderPonemon Institute
Paul ZimskiVice President, Solution MarketingLumension
4
2012 Threat Trends
1. State-sponsored cyber crime will become a regular occurrence
2. Social media goes deeper – increasing threats
3. Security will finally arrive for virtualization
4. Anonymous will not go away
5. Mobile devices will come under greater attack
6. VoIP will be used as a covert channel in data breaches
7. Medicare fraud via ID theft will see explosive growth
State of Endpoint RiskLatest Survey Results
Ponemon Institute LLC
• The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.
• In our 10th year, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.
• Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations. Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.
• The Institute has assembled more than 60+ leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.
6
Project Summary
The purpose of this study is to determine
how effective organizations are in the
protection of their endpoints and what
they perceive are the biggest obstacles to
reducing risk.
Our study involves 688 respondents
located in the United States who are
deeply involved in their organization’s IT
function.
All results were collected during August or
September 2011.
Survey response Freq. Pct%
Total sampling frame 18,986 100.0%
Total Returns 911 4.8%
Rejected surveys 80 .4%
Final sample 831 4.4%
Final sample after screening 688 3.6%
7
What organizational level best describes your current position
8
1% 1%
22%
23%
18%
20%
10%
4% 1%
Senior Executive
Vice President
Director
Manager
Supervisor
Technician
Staff
Contractor
Other
Forty-seven percent of responders are managers or hold higher level positions within their organizations.
Industry distribution of the 688 respondents
9
18%
12%
10%
9%8%
8%
6%
5%
4%
4%
4%
3%3%
3% 2% 1% Financial Services
Public Sector
Health & pharmaceuticals
Services
Technology & software
Retailing
Education & research
Communications
Industrial
Hospitality
Entertainment & media
Transportation
Energy
Defense
Consumer products
Agriculture
The largest sectors include financial services, public sector and healthcare organizations.
What is the worldwide headcount of your organization?
10
Less than 500 people
500 to 1,000 people
1,001 to 5,000 people
5,001 to 25,000 people
25,001 to 75,000 people
More than 75,000 people
0%
5%
10%
15%
20%
25%
30%
35%
5%
16%
22%
31%
21%
5%
The majority of the respondents are from organizations with a worldwide headcount greater than 5,000 people.
Attributions About Endpoint Security
11
Laptops and other mobile data-bearing devices are secure and do not present a significant security risk.
We have ample resources to minimize IT endpoint risk.
Business executives are supportive of our organization’s endpoint security operations.
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
11%
15%
18%
15%
20%
23%
Strongly agree Agree
Forty-one percent of business executives support endpoint security operations. Only 35 percent of respondents have ample resources to minimize risk.
What best describes how IT operations and IT security work together?
12
Colla
bora
tion
is ad
equa
te, b
ut ca
n be
impr
oved
Colla
bora
tion
is po
or o
r non
-exis
tent
Colla
bora
tion
is ex
celle
nt0%
10%
20%
30%
40%
50%
60%48%
40%
12%
Only 12 percent of those surveyed indicate their IT operations and IT security work well together.
Is your IT network more secure now than it was a year ago?
The study finds that the majority of respondents believe their organizations’ endpoints are vulnerable to attacks. Compared to last year, 66 percent of respondents say their organizations’ IT networks are not more secure or are unsure (41 percent + 25 percent).
13
Yes No Unsure0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
34%
41%
25%
36% 36%
28%
FY 2011 FY 2010
How many malware attempts or incidents does your IT organization deal with monthly?
14
Less than 5 5 to 10 11 to 25 26 to 50 More than 500%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
3%
9%
13%
32%
43%
6%
11%
21%
35%
27%
FY 2011 FY 2010
More than 75 percent of respondents experienced 26 to 50+ malware incidents per month.
Have your malware incidents increased over the past year?
Thirty-one percent of respondents say there has been a major increase in malware attacks and 22 percent say there has been a slight increase over the past year. Only 8 percent of respondents believe malware attacks have decreased over the past year.
15
Not sure No, they have decreased
No, they stayed the same
Yes, but only slight increase
Yes, major increase
0%
5%
10%
15%
20%
25%
30%
35%
14%
8%
25%
22%
31%
17%
9%
25%
21%
28%
FY 2011 FY 2010
Where is the greatest rise of potential IT risk? (Top 5 choices)
Compared to last year, 39 percent more respondents identify mobile devices as having the greatest potential for IT security risks.
16
Virtual computing environments (servers, endpoints)
Across 3rd party applications (vulnerabilities)
Cloud computing infrastructure and providers
Removable media (USB sticks) and/or media (CDs, DVDs)
Mobile devices such as smart phones (Blackberry, iPhone, IPad, Android)
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
8%
11%
25%
32%
39%
Which one incident represents your biggest headache?
The top three incidents that present the most difficult challenges for respondents are zero day attacks (23 percent) targeted attacks (22 percent) and SQL injection (21 percent).
17
Exploit of software vulnerability greater than 3 months old
Exploit of software vulnerability less than 3 months old
SQL injection Targeted attacks* Zero day attacks0%
5%
10%
15%
20%
25%
30%
35%
40%
10% 11%
21% 22% 23%
16%
11%
23%
35%
FY 2011 FY 2010
*FY 2010 survey did not contain this choice
Which are the greatest IT security risks next year? (Top 3 concerns)
The below chart lists in descending order what respondents perceive as the five most serious security risks their organizations will face in the near future. Respondents predict the top three IT security risks in the next 12 months will be:
18
Negligent insider risk
Growing volume of malware
Use of insecure cloud computing resources
Insufficient budget resources
Increased use of mobile platforms (smart phones, iPads)
0% 5% 10% 15% 20% 25% 30% 35% 40%
28%
29%
31%
32%
36%
Use of the following technologies will increase over the next 12 months.
Respondents indicate that their use of application control whitelisting and firewall will increase more than 50 percent.
19
Data loss/leak prevention (content filtering)
Network access control (NAC)
Security Event and Incident Management (SIEM)
Mobile device management
Endpoint management and security suite (integrated technologies like AV, patch, etc.)
Application control firewall (gateway) (NGFW)
Application control/whitelisting (endpoint)
0% 10% 20% 30% 40% 50% 60%
29%
30%
38%
45%
46%
55%
56%
What was the change in use in the following technologies?
20
Anti-virus
Application control firewall (gateway) (NGFW)
Whole disk encryption
Device control (removable media i.e., USB, CD/DVD)
Endpoint management and security suite (integrated technologies like AV, patch, etc.)
Application control/whitelisting (endpoint)
0% 1% 2% 3% 4% 5% 6% 7% 8%
2%
2%
4%
5%
7%
7%
How has the effectiveness of the following technologies changed?
21
Anti-virus & anti-malware
Endpoint firewall
Vulnerability assessment
Patch & remediation management
Device control (USB, removable media)
Network access control (NAC)
Application control firewall (gateway) (NGFW)
-18% -16% -14% -12% -10% -8% -6% -4% -2% 0%
-17%
-16%
-15%
-15%
-13%
-11%
-10%
Anti-virus and anti-malware had the largest decline in effectiveness. Respondents indicated a 17 percent decline in effectiveness.
How concerned are you about Mac malware infections?
22
Unsure Not at all concerned Increasingly concerned Very concerned0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
3%
12%
44%41%
Eighty-five percent of Mac users surveyed indicate that they are increasingly or very concerned about malware infections.
Is your IT organization’s operating cost increasing?
23
Yes No Unsure0%
10%
20%
30%
40%
50%
60%
43%46%
11%
41%
48%
11%
FY 2011 FY 2010
Forty-three percent of responders indicated their IT operating costs are increasing.
To what extent are malware incidents to blame?
24
Very significant Significant Some significance None0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
22%
41%
29%
8%
14%
40%
32%
14%
FY 2011 FY 2010
Sixty-three percent of survey responses indicate malware as significantly or very significantly contributing to the increase in IT expense.
How effective is your current anti-virus/anti-malware technology?
25
0%
5%
10%
15%
20%
25%
30%
35%
40%
11%
33%
30%
21%
5%
12%
34%
28%26%
FY 2011 FY 2010
*FY 2010 survey did not contain this choice
Only 44 percent of responders consider their anti-virus/anti-malware technology to be somewhat or very effective.
Does the virtualization platform require your organization to deploy additional security measures?
26
Yes 55%
No 45%
Who provides these additional security measures?
27
Other (please specify)
Unsure
A security technology vendor (virtualization security component)
The virtualization vendor
A combination of the virtualization and security technology vendors
0% 5% 10% 15% 20% 25% 30% 35% 40%
2%
5%
29%
30%
34%
Does your organization have a cloud strategy?
28
Yes 38%
No 41%
Unsure 21%
Sixty-two percent of responders do not have a cloud strategy.
In regards to mobile device management, what are the three most important to your organization’s needs?
29
Other (please specify)
Remote wipe capability
Anti-theft features
Asset tracking
Encryption and other data loss technologies
Virus and malware detection or prevention
Provisioning and access policy management
0% 10% 20% 30% 40% 50% 60% 70%
3%
41%
42%
47%
49%
55%
62%
Is your organization planning to expand its use of application control/whitelisting technologies within the next 12 months?
30
Yes, with certainty Yes, likely to do so No Unsure0%
5%
10%
15%
20%
25%
30%
35%32%
31%
25%
12%
Sixty-three percent of responders are planning to expand their use of application control/whitelisting technologies.
Does your organization have an integrated endpoint security suite?
31
Yes No, but expects to within the next 12-24 months
No 0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
33%
46%
21%
Almost half (46 percent) of those surveyed plan to invest in an integrated endpoint security suite.
How many software agents does your organization typically have installed to perform management, security and/or other operations?
32
1 to 2 3 to 5 6 to 10 More than 10 Cannot determine0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
18%
23%
39%
10% 10%
Forty-nine percent of responders have 6 or more software agents installed.
How many different software management consoles does your organization use?
33
1 to 2 3 to 5 6 to 10 More than 10 Cannot determine0%
5%
10%
15%
20%
25%
30%
35%
23%
29%30%
9% 9%
Summary of Findings
•Current approaches to endpoint security are ineffective and costly.
•Organizations do not feel more secure than they did last year. » This is mainly due to the use of ineffective technology solutions when better,
more effective/efficient technologies exist but are not heavily implemented.
• IT operating expenses are increasing and a main driver of those costs is tied directly to an increase in malware incidents. » Most respondents consider malware a significant factor in those cost drivers.
•Malware continues to be on the rise with attack vectors focused more on third-party and web-based applications.
34
More Information
• Data Privacy Day 2012» http://
www.lumension.com/2012-Data-Privacy-Day.aspx
• Quantify Your IT Risk with Free Scanners» http://www.lumension.com/special-offer/
premium-security-tools.aspx
• Lumension® Endpoint Management and Security Suite» Demo:
http://www.lumension.com/endpoint-management-security-suite/demo.aspx
» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
2012 State of the Endpoint Report
http://www.lumension.com/2012-state-of-the-endpoint.aspx
35
Q&A
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com