security controls attack surface

How to Make Sure Your Security Controls are Doing Their Jobs

Endpoint security software is in high demand. Even in the current uncertain economic state, leading industry analyst firms forecast that the market for defending endpoints against internal and external threats will continue to grow annually. Several top organizations expect that by 2026, it will reach $90 billion.

This should come as no surprise to any organization with massive device fleets deployed, as security and compliance concerns have spiked alongside the significant shift to remote work. Why, though, when we live in a time where security spending has reached an all-time high, and we have software designed to counter every known threat and vulnerability, are we still experiencing breaches and disruptions in increasing numbers?

There are as many responses to this question as there are products, services, and experts selling into the cybersecurity space. There is no way to mitigate every threat faced in today’s connected ecosystem. The false sense of security derived from blind investments can be overcome, however, and there are some basic steps that any enterprise can take to reduce cybersecurity and compliance risks.

The Modern Attack Surface

Security and risk professionals face overwhelming volumes of threats and challenges, many of which are exacerbated by remote and mobile work growth. Every time a public or private sector organization provisions devices, adds employees, deploys software or moves deeper into the cloud, its attack surface expands, and its technical complexity increases. To counter external attackers, insider threats, software flaws, and complications, they are deploying multi-layered technology stacks that specialize in addressing all these facets and more.

Recognize Your First Line of Defense

Most organizations are aware of how vulnerable their endpoints are. All access to data, systems, and people starts with the users’ hardware of choice, whether they be company-issued laptops, desktops, or BYOD. This ubiquity puts them on the front line of the modern-day threat landscape, giving them the distinction of being the first line of defense.

Enterprises seem to be taking endpoint security more seriously, as is evidenced by the previously mentioned spending level and the fact that most deploy an average of 11 endpoint security applications across devices. However, many of the strategies and much of the spending doesn’t seem to be working as expected. This is why we continue to experience unprecedented volumes of attacks that disrupt business, government, and our daily lives.

While there is no way to eliminate risk completely, there are solutions available today that can help strengthen the defensive capabilities you expect your critical endpoint security controls to deliver. These solutions can be easy to overlook, as they underpin the health and performance of security control, as opposed to providing the actual security functionality.

Make Certain Your Security Apps Work as Intended

If you are like most organizations, among your average of 11 deployed security applications are controls that include EDRs, VPNs, EPPs, and more. Based on the telemetry these provide natively, you are probably seeing some measurable value. Your EDR is most likely telling you how many malware variants it is detecting, your VPN is surely monitoring network traffic, and your EPP is undoubtedly reporting on the number of malicious attacks it is helping to block and remediate. The number and type of controls you have deployed may check all the security and compliance boxes, satisfying external regulators and internal stakeholders. However, none of them are of any use if they aren’t doing their jobs when they are needed most.

Based on recent data pulled from millions of globally distributed endpoints, Absolute’s own analysis revealed that when it comes to even a limited set of security controls (EPP, EDR, and Remote Access) provided by the world’s leading vendors, most operate at well below the level of efficacy needed to ensure an acceptable level of security. There are various reasons why these solutions sometimes fail. These include everything from technical complexity to insufficient patching to savvy and impatient users that simply turn them off.

Our research showed that the difference between those that are withstanding these factors and those that aren’t is an added capability that ensures resilience across both the devices and agents. When embedded in the hardware, these supporting technologies automatically heal applications impeded by technical collisions, immediately turn on any that were tampered with, and reimage and restore those that were disrupted by threat actors. In the case that a device becomes lost, stolen, or ransomed, these solutions even have the potential to mitigate these issues as well.

Make Security Work

There are three kinds of connected organizations today: those that have been breached, those that will be breached, and those that don’t know they have been breached. This is true for even those with a high degree of advanced security in place. Most security ISVs, MSSPs, and other vendors deliver value on the products and services they provide, but there is only so much they can do from their positions outside of the customers they serve.

To remain secure in an environment that grows increasingly hostile every day, it takes a full complement of internal and external practitioners, partners, vendors, and regulators working together to make security work as intended. Although it may be impossible for you to always have full visibility over your attack surface, if you invest in the right products, you can have the benefit of knowing that some of your most high-priority defenses are where they are supposed to be and doing what they are supposed to be doing when they are needed the most.

Latest posts by John Herrema (see all)
Scroll to Top