The Shifting Stateof Endpoint Risk:Key Strategies toImplement in 2012
Today’s Agenda             Trends in the Threat Landscape             State of Endpoint Risk:             Latest Survey Re...
Today’s Panelists       Dr. Larry Ponemon    Paul Zimski       Chairman & Founder   Vice President, Solution Marketing    ...
2012 Threat Trends1. State-sponsored cyber crime will become a regular occurrence2. Social media goes deeper – increasing ...
State of Endpoint RiskLatest Survey Results
Ponemon Institute                LLC• The Institute is dedicated to advancing responsible information management  practice...
Project SummaryThe purpose of this study is to determinehow effective organizations are in the        Survey response     ...
What organizational level best describes your current position    Forty-seven percent of responders are managers or hold h...
Industry distribution of the 688 respondents    The largest sectors include financial services, public sector and healthca...
What is the worldwide headcount of your organization?     The majority of the respondents are from organizations with a wo...
Attributions About Endpoint Security     Forty-one percent of business executives support endpoint security operations. On...
What best describes how IT operations and IT security work together?     Only 12 percent of those surveyed indicate their ...
Is your IT network more secure now than it was a year ago?The study finds that the majority of respondents believe their o...
How many malware attempts or incidents does your IT organizationdeal with monthly?      More than 75 percent of respondent...
Have your malware incidents increased over the past year?Thirty-one percent of respondents say there has been a major incr...
Where is the greatest rise of potential IT risk? (Top 5 choices)Compared to last year, 39 percent more respondents identif...
Which one incident represents your biggest headache?The top three incidents that present the most difficult challenges for...
Which are the greatest IT security risks next year? (Top 3concerns)The below chart lists in descending order what responde...
Use of the following technologies will increase over the next 12months.Respondents indicate that their use of application ...
What was the change in use in the following technologies?          Application control/whitelisting (endpoint)            ...
How has the effectiveness of the following technologieschanged?       Anti-virus and anti-malware had the largest decline ...
How concerned are you about Mac malware infections?Eighty-five percent of Mac users surveyed indicate that they are increa...
Is your IT organization’s operating cost increasing?       Forty-three percent of responders indicated their IT operating ...
To what extent are malware incidents to blame?     Sixty-three percent of survey responses indicate malware as significant...
How effective is your current anti-virus/anti-malware technology?     Only 44 percent of responders consider their anti-vi...
Does the virtualization platform require your organization to deployadditional security measures?                         ...
Who provides these additional security measures?         A combination of the virtualization and security                 ...
Does your organization have a cloud strategy?       Sixty-two percent of responders do not have a cloud strategy.         ...
In regards to mobile device management, what are the three mostimportant to your organization’s needs?         Provisionin...
Is your organization planning to expand its use of applicationcontrol/whitelisting technologies within the next 12 months?...
Does your organization have an integrated endpoint security suite?     Almost half (46 percent) of those surveyed plan to ...
How many software agents does your organization typically haveinstalled to perform management, security and/or other opera...
How many different software management consoles does yourorganization use?     35%                                30%     ...
Summary of Findings• Current approaches to endpoint security are ineffective and costly.• Organizations do not feel more s...
More Information• Data Privacy Day 2012                          2012 State of the Endpoint Report » http://www.lumension....
Q&A
Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumens...
Upcoming SlideShare
Loading in …5
×

The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012

721 views
661 views

Published on

Review this presentation as we reveal statistics from the 2012 State of the Endpoint survey, sponsored by Lumension® and conducted by Ponemon Institute. Find out about today's growing insecurity, IT's perceived areas of greatest risk for 2012, and the disconnect between risk and planned security strategies. In addition, we will examine the evolving IT risk environment and recommendations to more effectively and cost-efficiently secure your endpoints.


* How organizations are creating a perfect storm for hackers
* The Top 3 new threats to the workplace
* Perceived risks and corresponding strategies to combat today's evolving endpoint environment

Find out about our reliance on productivity tools, but how inadequate collaboration and resource restrictions for security are creating a perfect storm for hackers.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
721
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Larry
  • The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012

    1. 1. The Shifting Stateof Endpoint Risk:Key Strategies toImplement in 2012
    2. 2. Today’s Agenda Trends in the Threat Landscape State of Endpoint Risk: Latest Survey Results Summary and Recommendations Q&A
    3. 3. Today’s Panelists Dr. Larry Ponemon Paul Zimski Chairman & Founder Vice President, Solution Marketing Ponemon Institute Lumension3
    4. 4. 2012 Threat Trends1. State-sponsored cyber crime will become a regular occurrence2. Social media goes deeper – increasing threats3. Security will finally arrive for virtualization4. Anonymous will not go away5. Mobile devices will come under greater attack6. VoIP will be used as a covert channel in data breaches7. Medicare fraud via ID theft will see explosive growth4
    5. 5. State of Endpoint RiskLatest Survey Results
    6. 6. Ponemon Institute LLC• The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.• In our 10th year, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.• Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations. Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.• The Institute has assembled more than 60+ leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.6
    7. 7. Project SummaryThe purpose of this study is to determinehow effective organizations are in the Survey response Freq. Pct%protection of their endpoints and whatthey perceive are the biggest obstacles to Total sampling frame 18,986 100.0%reducing risk. Total Returns 911 4.8%Our study involves 688 respondentslocated in the United States who are Rejected surveys 80 .4%deeply involved in their organization’s ITfunction. Final sample 831 4.4%All results were collected during August orSeptember 2011. Final sample after screening 688 3.6%7
    8. 8. What organizational level best describes your current position Forty-seven percent of responders are managers or hold higher level positions within their organizations. 4% 1% 1% 1% 10% 22% Senior Executive Vice President Director Manager 20% Supervisor Technician Staff Contractor 23% Other 18%8
    9. 9. Industry distribution of the 688 respondents The largest sectors include financial services, public sector and healthcare organizations. Financial Services 3% 2%1% 3% Public Sector 18% 3% Health & pharmaceuticals 4% Services Technology & software 4% Retailing 4% Education & research 12% Communications 5% Industrial Hospitality Entertainment & media 6% Transportation 10% Energy Defense 8% Consumer products 8% 9% Agriculture9
    10. 10. What is the worldwide headcount of your organization? The majority of the respondents are from organizations with a worldwide headcount greater than 5,000 people. 35% 31% 30% 25% 22% 21% 20% 16% 15% 10% 5% 5% 5% 0% Less than 500 500 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than people people people people people 75,000 people10
    11. 11. Attributions About Endpoint Security Forty-one percent of business executives support endpoint security operations. Only 35 percent of respondents have ample resources to minimize risk. Business executives are supportive of our 18% 23% organization’s endpoint security operations. We have ample resources to minimize IT 15% 20% endpoint risk. Laptops and other mobile data-bearing devices are secure and do not present a significant 11% 15% security risk. 0% 10% 20% 30% 40% 50% Strongly agree Agree11
    12. 12. What best describes how IT operations and IT security work together? Only 12 percent of those surveyed indicate their IT operations and IT security work well together. 60% 50% 48% 40% 40% 30% 20% 12% 10% 0% Collaboration is adequate, but Collaboration is poor or non- Collaboration is excellent can be improved existent12
    13. 13. Is your IT network more secure now than it was a year ago?The study finds that the majority of respondents believe their organizations’ endpoints are vulnerable toattacks. Compared to last year, 66 percent of respondents say their organizations’ IT networks are notmore secure or are unsure (41 percent + 25 percent). 45% 41% 40% 36% 36% 35% 34% 30% 28% 25% 25% 20% 15% 10% 5% 0% Yes No Unsure FY 2011 FY 201013
    14. 14. How many malware attempts or incidents does your IT organizationdeal with monthly? More than 75 percent of respondents experienced 26 to 50+ malware incidents per month. 50% 45% 43% 40% 35% 35% 32% 30% 27% 25% 21% 20% 15% 13% 11% 9% 10% 6% 5% 3% 0% Less than 5 5 to 10 11 to 25 26 to 50 More than 50 FY 2011 FY 201014
    15. 15. Have your malware incidents increased over the past year?Thirty-one percent of respondents say there has been a major increase in malware attacks and 22percent say there has been a slight increase over the past year. Only 8 percent of respondents believemalware attacks have decreased over the past year. 35% 31% 30% 28% 25% 25% 25% 22% 21% 20% 17% 15% 14% 10% 9% 8% 5% 0% Not sure No, they have No, they stayed the Yes, but only slight Yes, major increase decreased same increase FY 2011 FY 201015
    16. 16. Where is the greatest rise of potential IT risk? (Top 5 choices)Compared to last year, 39 percent more respondents identify mobile devices as having the greatestpotential for IT security risks. Mobile devices such as smart phones 39% (Blackberry, iPhone, IPad, Android) Removable media (USB sticks) and/or media 32% (CDs, DVDs) Cloud computing infrastructure and providers 25% Across 3rd party applications (vulnerabilities) 11% Virtual computing environments (servers, endpoints) 8% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45%16
    17. 17. Which one incident represents your biggest headache?The top three incidents that present the most difficult challenges for respondents are zero day attacks (23percent) targeted attacks (22 percent) and SQL injection (21 percent). 40% *FY 2010 survey did not contain this choice 35% 35% 30% 25% 23% 22% 23% 21% 20% 16% 15% 10% 11% 11% 10% 5% 0% Exploit of software Exploit of software SQL injection Targeted attacks* Zero day attacks vulnerability greater vulnerability less than 3 months old than 3 months old FY 2011 FY 201017
    18. 18. Which are the greatest IT security risks next year? (Top 3concerns)The below chart lists in descending order what respondents perceive as the five most serious securityrisks their organizations will face in the near future. Respondents predict the top three IT security risksin the next 12 months will be: Increased use of mobile platforms (smart 36% phones, iPads) Insufficient budget resources 32% Use of insecure cloud computing resources 31% Growing volume of malware 29% Negligent insider risk 28% 0% 5% 10% 15% 20% 25% 30% 35% 40%18
    19. 19. Use of the following technologies will increase over the next 12months.Respondents indicate that their use of application control whitelisting and firewall will increasemore than 50 percent. Application control/whitelisting (endpoint) 56% Application control firewall (gateway) (NGFW) 55% Endpoint management and security suite 46% (integrated technologies like AV, patch, etc.) Mobile device management 45% Security Event and Incident Management 38% (SIEM) Network access control (NAC) 30% Data loss/leak prevention (content filtering) 29% 0% 10% 20% 30% 40% 50% 60%19
    20. 20. What was the change in use in the following technologies? Application control/whitelisting (endpoint) 7% Endpoint management and security suite 7% (integrated technologies like AV, patch, etc.) Device control (removable media 5% i.e., USB, CD/DVD) Whole disk encryption 4% Application control firewall (gateway) (NGFW) 2% Anti-virus 2% 0% 2% 4% 6% 8%20
    21. 21. How has the effectiveness of the following technologieschanged? Anti-virus and anti-malware had the largest decline in effectiveness. Respondents indicated a 17 percent decline in effectiveness. -10% Application control firewall (gateway) (NGFW) -11% Network access control (NAC) -13% Device control (USB, removable media) -15% Patch & remediation management -15% Vulnerability assessment -16% Endpoint firewall -17% Anti-virus & anti-malware -18% -16% -14% -12% -10% -8% -6% -4% -2% 0%21
    22. 22. How concerned are you about Mac malware infections?Eighty-five percent of Mac users surveyed indicate that they are increasingly or very concerned aboutmalware infections. 50% 45% 44% 41% 40% 35% 30% 25% 20% 15% 12% 10% 5% 3% 0% Unsure Not at all concerned Increasingly concerned Very concerned22
    23. 23. Is your IT organization’s operating cost increasing? Forty-three percent of responders indicated their IT operating costs are increasing. 60% 50% 48% 46% 43% 41% 40% 30% 20% 11% 11% 10% 0% Yes No Unsure FY 2011 FY 201023
    24. 24. To what extent are malware incidents to blame? Sixty-three percent of survey responses indicate malware as significantly or very significantly contributing to the increase in IT expense. 45% 41% 40% 40% 35% 32% 30% 29% 25% 22% 20% 15% 14% 14% 10% 8% 5% 0% Very significant Significant Some significance None FY 2011 FY 201024
    25. 25. How effective is your current anti-virus/anti-malware technology? Only 44 percent of responders consider their anti-virus/anti-malware technology to be somewhat or very effective. 40% *FY 2010 survey did not contain this choice 35% 33% 34% 30% 30% 28% 26% 25% 21% 20% 15% 11% 12% 10% 5% 5% 0% Very effective Somewhat effective Somewhat Not effective at all Cannot determine* ineffective FY 2011 FY 201025
    26. 26. Does the virtualization platform require your organization to deployadditional security measures? No, 45% Yes, 55%26
    27. 27. Who provides these additional security measures? A combination of the virtualization and security 34% technology vendors The virtualization vendor 30% A security technology vendor (virtualization security 29% component) Unsure 5% Other (please specify) 2% 0% 5% 10% 15% 20% 25% 30% 35% 40%27
    28. 28. Does your organization have a cloud strategy? Sixty-two percent of responders do not have a cloud strategy. Unsure, 21% Yes, 38% No, 41%28
    29. 29. In regards to mobile device management, what are the three mostimportant to your organization’s needs? Provisioning and access policy 62% management Virus and malware detection or 55% prevention Encryption and other data loss 49% technologies Asset tracking 47% Anti-theft features 42% Remote wipe capability 41% Other (please specify) 3% 0% 20% 40% 60% 80%29
    30. 30. Is your organization planning to expand its use of applicationcontrol/whitelisting technologies within the next 12 months?Sixty-three percent of responders are planning to expand their use of application control/whitelistingtechnologies. 35% 32% 31% 30% 25% 25% 20% 15% 12% 10% 5% 0% Yes, with certainty Yes, likely to do so No Unsure30
    31. 31. Does your organization have an integrated endpoint security suite? Almost half (46 percent) of those surveyed plan to invest in an integrated endpoint security suite. 50% 46% 45% 40% 35% 33% 30% 25% 21% 20% 15% 10% 5% 0% Yes No, but expects to within the next No 12-24 months31
    32. 32. How many software agents does your organization typically haveinstalled to perform management, security and/or other operations? Forty-nine percent of responders have 6 or more software agents installed. 45% 40% 39% 35% 30% 25% 23% 20% 18% 15% 10% 10% 10% 5% 0% 1 to 2 3 to 5 6 to 10 More than 10 Cannot determine32
    33. 33. How many different software management consoles does yourorganization use? 35% 30% 30% 29% 25% 23% 20% 15% 10% 9% 9% 5% 0% 1 to 2 3 to 5 6 to 10 More than 10 Cannot determine33
    34. 34. Summary of Findings• Current approaches to endpoint security are ineffective and costly.• Organizations do not feel more secure than they did last year. » This is mainly due to the use of ineffective technology solutions when better, more effective/efficient technologies exist but are not heavily implemented.• IT operating expenses are increasing and a main driver of those costs is tied directly to an increase in malware incidents. » Most respondents consider malware a significant factor in those cost drivers.• Malware continues to be on the rise with attack vectors focused more on third-party and web-based applications.34
    35. 35. More Information• Data Privacy Day 2012 2012 State of the Endpoint Report » http://www.lumension.com/2012-Data-Privacy- Day.aspx http://www.lumension.com/2012-state-of-the- endpoint.aspx• Quantify Your IT Risk with Free Scanners » http://www.lumension.com/special-offer/ premium-security-tools.aspx• Lumension® Endpoint Management and Security Suite » Demo: http://www.lumension.com/endpoint- management-security-suite/demo.aspx » Evaluation: http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx35
    36. 36. Q&A
    37. 37. Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumension.com

    ×