TMCnet News
New SANS True Cost of Endpoint Security Research Finds Patching Is Still a Major Pain Point for Security ProsBETHESDA, Md., July 19, 2018 /PRNewswire/ -- A new study from SANS Institute, available July 26, examines endpoint management costs and issues in today's enterprises, including patching, lack of visibility and complexity. The research report also looks at upfront and hidden costs associated with endpoint management, as well as security concerns for when management goes awry. "Endpoint management remains a critical security vector for most organizations," says Matt Bromiley, SANS Analyst, incident responder and the author of the survey report. "Numerous factors come into play in determining the success and cost of endpoint management efforts. Organizations need to consider all aspects of 'costs' when considering solutions: up-front costs, training, efficacy, ease of use and ongoing maintenance costs, for example." The research found that organizational size and complexity, based on the number of operating systems in use, must be considered when organizations choose endpoint management tools. Size and complexity also relate to the lack of visibility that respondents reported, with 33% of respondents taking more than two days to detect security incidents, including patch noncompliance, configuration drift, query reconfiguration or indicators of attack/compromise. Timely application of patches, typically accepted as an indicator of good cyber hygiene, remains an issue. Almost one-quarter (25%) of respondents have policies that allow at least one month for routine patching of their servers, and 11% need longer than that to install emergency or high-priority patches. For workstations, the policies are a bit more stringent, with 11% allowing more than a month to install emergency patches. A similar percentage take that long for routine patching. "Even with the majority being able to patch within a month, the importace of timely patching has not diminished," continues Bromiley. "The lengthy time needed for applying patches is a concern, particularly for servers, because server-side vulnerabilities are often exploited for initial attacker foothold, providing a platform from which to pivot into other areas of the organization." Full results will be shared during a Thursday, July 26 webcast at 4 PM EDT, sponsored by IBM Security, and hosted by SANS. Register to attend the webcast at www.sans.org/webcasts/107095 Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and endpoint security/incident response expert, Matt Bromiley. Tweet This: SANS True Cost of Endpoint Survey Results Released | July 26 @ 4 PM Eastern | Register to attend: www.sans.org/webcasts/107095 Visibility and Patch Application Key to Endpoint Security | Learn more on July 26 @ 4 PM Eastern | Register at www.sans.org/webcasts/107095 Explore the Costs of Endpoint Management | July 26 @ 4 PM Eastern | Register at www.sans.org/webcasts/107095 About SANS Institute View original content:http://www.prnewswire.com/news-releases/new-sans-true-cost-of-endpoint-security-research-finds-patching-is-still-a-major-pain-point-for-security-pros-300683681.html SOURCE SANS Institute |