We polled 270 IT security professionals to uncover their most pressing concerns about incident response, investigation, and remediation on endpoints. Here’s what we learned.
(Image: Dom Ide / Pixabay)
If you’ve recently remediated a breach in your organization, the last thing you want to contemplate is the possibility of the same breach happening again. Yet, this possibility is top-of-mind for the majority of respondents to our 2018 Endpoint Security Survey.
The survey, conducted by PwC on behalf of Tanium, polled 270 IT security professionals in North America to gauge their most pressing concerns about incident response, investigation, and remediation on endpoints. The threat of re-compromise – the likelihood of an attack succeeding more than once – is a concern for nearly two-thirds of respondents.
The cycle of re-compromise is exacerbated by the difficulties organizations face in identifying, scoping, and fully remediating security incidents. Incident response goes beyond responding to a single alert. Organizations need to fully scope the impact of an incident and resolve the root causes that contributed to it. Yet, most organizations lack in the ability to complete these tasks in a timely manner, making them susceptible to re-compromise.
(Source: Tanium 2018 Endpoint Security Survey)
The idea of a recurring attack succeeding more than once is particularly troubling when considered in the context of how long it takes the average organization to detect and remediate a breach. According to Ponemon Research, it takes an organization an average of 191 days to detect a breach, and an average of 66 days to remediate. Even more worrying, according to the Cisco 2017 Cybersecurity Report, organizations are only investigating an average of 56% of all security alerts they receive, and they’re only remediating 46% of the alerts deemed legitimate.
Indeed, the speed of response is a major area of concern in our 2018 Endpoint Security Survey.
The vast majority of respondents (75%) report being “somewhat” or “very” concerned about their ability to quickly perform crucial tasks such as incident remediation, detecting indicators of compromise on endpoints and identifying vulnerabilities on endpoints.
The three tasks respondents say they find most challenge to accomplish in a timely manner are:
- Finding vulnerabilities on endpoints;
- Detecting indicators of compromise; and
- Performing incident remediation.
(Source: Tanium 2018 Endpoint Security Survey)
So, how are survey respondents planning to alleviate these concerns? Through a combination of better technology, more threat intelligence, and improving the ways they collect and analyze data about their endpoints and their networks. In terms of technology improvements, the three areas cited as priorities by the greatest percentage of respondents were:
- Better technology for remediating endpoints (47%);
- More threat intelligence (40%); and
- The ability to collect and analyze more detailed endpoint data (39%).
We also asked respondents to tell us how they plan to use internal personnel and managed service providers for incident detection, response, and remediation (multiple responses to this question were allowed). Nearly half of respondents (49%) say they plan to increase their use of managed services for incident remediation in the next 12 months, and 47% plan to increase the use of such services for incident detection and response. When it comes to internal headcount, 45% are looking to add staffers focused on incident detection and response, while 41% plan to add headcount allocated to incident remediation. When you consider the average cost-per-hire of onboarding a new employee is $4,129, and it takes an average of 42 days to fill an open position, this option gets pretty expensive pretty quickly.
For these reasons, we believe productivity increases in endpoint incident response and remediation will be welcomed by organizations looking to limit their need for additional investment or looking to do more with fixed resources.
“Having real-time visibility at scale at the endpoint and network is a key enabler for the rapid detection and remediation of cyber threats,” says Sean Joyce, PwC’s U.S. Cybersecurity and Privacy Leader, in the report based on our survey. “Businesses that lack these capabilities should be concerned, given the increasing sophistication of emerging risks to data security and privacy.”
Want to learn more? Download the full 2018 Endpoint Security Survey.
About the Author: Jennifer Ellard leads Tanium’s security product marketing and go-to-market efforts. Jennifer joined Tanium in 2016 and her focus is on developing content, driving pipeline, working with security partners and enabling sales teams. Previously, Ms. Ellard was at Hewlett-Packard and Symantec leading product marketing and partner marketing teams. Jennifer’s education includes a Bachelor’s degree in Marketing from University of Alabama in Huntsville and Masters in Business Administration from Santa Clara University.