Home Features CISO MAG study: 1 in 3 CISOs feel biggest challenge of endpoint...

CISO MAG study: 1 in 3 CISOs feel biggest challenge of endpoint solution is its complexity

1 in 3 CISOs feel biggest challenge of endpoint solution is its complexity

November 21, 2019: Today, the typical organization has hundreds if not thousands of endpoints: desktops, workstations, laptops, mobile phones, tablets, access points, printers, IP-cams, USB devices, credit card readers, POS devices, servers, cloud VMs, and virtual desktops. The addition of IoT devices will increase the number of endpoints even more. Traditional anti-malware, signature-based, and file-scanning solutions will not be able to keep up and manage all those endpoints. This raised concerns with organizations delving into endpoint security.

CISO MAG, an information security news website and publication from EC-Council conducted a multiple-choice survey, in the month of October 2019 to present new research on the usage of endpoint security solutions.

3 key takeaways

The three prominent findings that stand out in the survey are:

1. The best of both: Half of all companies (53.19%) that participated in this survey are using both EPP and EDR solutions.

2. Endpoint visibility: Almost half of the respondents (46.38%) want real-time endpoint and application visibility.

3. Managed services: Two-thirds (62.55%) said their endpoint solution included managed endpoint detection services.

Some vendors are sweetening their offerings by bundling endpoint monitoring and management services. These services offer in-depth or advanced threat hunting, forensics, and remediation services.

Another key trend is that endpoint protection is now moving to the cloud, with SaaS-based services for monitoring endpoints. The demand for endpoint security services has increased as cloud security has improved. Traditionally, endpoints were centrally managed from an on-premise server communicating with agents on the endpoints. This shifts the responsibility of managing endpoints out of the enterprise and into the hands of managed security services providers (MSSPs).

Here are some key findings of the survey, indicating that many organizations still need to complete their endpoint security deployments.

Key Findings

  • More than half the respondents (62.98%) have been using an endpoint security solution for some time.
  • It is surprising to note that 14.89% are not using any endpoint security solution.
  • The rest of the respondents (22.13%) are either in the process of evaluating a solution, implementing a solution, or conducting pilot trials.
  • Almost half the respondents (46.38%) agree that an endpoint security solution offers better or real-time endpoint and application visibility.
  • A quarter of the respondents (25.11%) said there was increased usage of mobile devices and endpoints in their organizations.
  • A fifth (20.85%) agreed there was increased volume and complexity of breaches.
  • More than half (53.19%) are using a combination of EPP and EDR solutions while the rest are using one or the other.
  • Two-thirds (62.55%) said their endpoint solution included managed endpoint detection services while a little over one-third (37.45%) said they were not using such services.
  • More than half the respondents (52.34%) said the main factor in deciding the type of endpoint solution they want is the technical capability of the solution.
  • A third of the respondents (32.77%) said the biggest challenge is the complexity of deploying, managing, and using the endpoint solution.

Methodology

The online survey was conducted by CISO MAG readers from EC-Council’s database. The respondents represent a cross-section of organizations from over 42 countries. Responses were received from those living in the U.S., U.K., UAE, Singapore, Egypt, and The Netherlands. Entries were also received from islands in the Caribbean Sea, such as St. Vincent & The Grenadines, and Trinidad & Tobago.

The survey was prepared in consultation with security experts and industry analysts.

Survey Respondent Profile

  • IT Manager/ICT Manager
  • Head of IT/VP IT
  • MIS Manager
  • IT Security Manager
  • Information Security Manager
  • Manager/Head of Network Security
  • Director of Information Security
  • ISO/Information Security Officer
  • Security Operations Officer/Operation Security Manager
  • VP/CISO
  • CIO
  • Security Consultant
  • Cybersecurity/Security Analyst
  • Cybersecurity Architect
  • Cybersecurity Engineer
  • Head of IS and SOC
  • ICT Security, Risk & Compliance Coordinator
  • Head IT, Risk & Security

Read the full survey report and the latest issue of CISO MAG here.

About CISO MAG

CISO MAG is a publication from EC-Council which provides unbiased and useful information to the professionals working to secure critical sectors. The information security magazine includes news, comprehensive analysis, cutting-edge features, and contributions from thought leaders, that are nothing like the ordinary. Within the first year of launch, the magazine reached a global readership of over 50,000 readers. The magazine also has an Editorial Advisory Board that comprises some of the foremost innovators and thought leaders in the cybersecurity space. Apart from this, CISO MAG also presents a platform that reaches out to cybersecurity professionals across the globe through its Summits and Awards and Power List surveys.

About EC-Council

EC-Council, officially incorporated as the International Council of E-Commerce Consultants was formed to create information security training and certification programs to help the very community our connected economy would rely on to save them from a devastating Cyber Attack. EC-Council rapidly gained the support of top researchers and subject matter experts around the world and launched its first Information Security Program, the Certified Ethical Hacker. With this ever-growing team of subject matter experts and InfoSec researchers, EC-Council continued to build various standards, certifications and training programs in the electronic commerce and information security space, thereby becoming the largest cybersecurity certification body in the world.