CISO MAG study: 1 in 3 CISOs feel biggest challenge of endpoint solution is its complexity

by | Nov 25, 2019

CISO MAG, EC-Council

Today, the typical organization has hundreds if not thousands of endpoints: desktops, workstations, laptops, mobile phones, tablets, access points, printers, IP-cams, USB devices, credit card readers, POS devices, servers, cloud VMs, and virtual desktops. The addition of IoT devices will increase the number of endpoints even more. Traditional anti-malware, signature-based, and file-scanning solutions will not be able to keep up and manage all those endpoints. This raised concerns with organizations delving into endpoint security.

CISO MAG, an information security news website and publication from EC-Council conducted a multiple-choice survey, in the month of October 2019 to present new research on the usage of endpoint security solutions.

3 key takeaways

The three prominent findings that stand out in the survey are:

1. The best of both: Half of all companies (53.19%) that participated in this survey are using both EPP and EDR solutions.

2. Endpoint visibility: Almost half of the respondents (46.38%) want real-time endpoint and application visibility.

3. Managed services: Two-thirds (62.55%) said their endpoint solution included managed endpoint detection services.

Some vendors are sweetening their offerings by bundling endpoint monitoring and management services. These services offer in-depth or advanced threat hunting, forensics, and remediation services.

Another key trend is that endpoint protection is now moving to the cloud, with SaaS-based services for monitoring endpoints. The demand for endpoint security services has increased as cloud security has improved. Traditionally, endpoints were centrally managed from an on-premise server communicating with agents on the endpoints. This shifts the responsibility of managing endpoints out of the enterprise and into the hands of managed security services providers (MSSPs).

Here are some key findings of the survey, indicating that many organizations still need to complete their endpoint security deployments.

Key Findings

  • More than half the respondents (62.98%) have been using an endpoint security solution for some time.
  • It is surprising to note that 14.89% are not using any endpoint security solution.
  • The rest of the respondents (22.13%) are either in the process of evaluating a solution, implementing a solution, or conducting pilot trials.
  • Almost half the respondents (46.38%) agree that an endpoint security solution offers better or real-time endpoint and application visibility.
  • A quarter of the respondents (25.11%) said there was increased usage of mobile devices and endpoints in their organizations.
  • A fifth (20.85%) agreed there was increased volume and complexity of breaches.
  • More than half (53.19%) are using a combination of EPP and EDR solutions while the rest are using one or the other.
  • Two-thirds (62.55%) said their endpoint solution included managed endpoint detection services while a little over one-third (37.45%) said they were not using such services.
  • More than half the respondents (52.34%) said the main factor in deciding the type of endpoint solution they want is the technical capability of the solution.
  • A third of the respondents (32.77%) said the biggest challenge is the complexity of deploying, managing and using the endpoint solution.

Methodology

The online survey was conducted by CISO MAG readers from EC-Council’s database. The respondents represent a cross-section of organizations from over 42 countries. Responses were received from those living in the U.S., U.K., UAE, Singapore, Egypt, and The Netherlands. Entries were also received from islands in the Caribbean Sea, such as St. Vincent & The Grenadines, and Trinidad & Tobago.

The survey was prepared in consultation with security experts and industry analysts.

Survey Respondent Profile

  • IT Manager/ICT Manager
  • Head of IT/VP IT
  • MIS Manager
  • IT Security Manager
  • Information Security Manager
  • Manager/Head of Network Security
  • Director of Information Security
  • ISO/Information Security Officer
  • Security Operations Officer/Operation Security Manager
  • VP/CISO
  • CIO
  • Security Consultant
  • Cybersecurity/Security Analyst
  • Cybersecurity Architect
  • Cybersecurity Engineer
  • Head of IS and SOC
  • ICT Security, Risk & Compliance Coordinator
  • Head IT, Risk & Security

Read the full survey report and the latest issue of CISO MAG here.

About CISO MAG

CISO MAG is a publication from EC-Council which provides unbiased and useful information to the professionals working to secure critical sectors. The information security magazine includes news, comprehensive analysis, cutting-edge features, and contributions from thought leaders, that are nothing like the ordinary. Within the first year of launch, the magazine reached a global readership of over 50,000 readers. The magazine also has an Editorial Advisory Board that comprises some of the foremost innovators and thought leaders in the cybersecurity space. Apart from this, CISO MAG also presents a platform that reaches out to cybersecurity professionals across the globe through its Summits and Awards and Power List surveys.

About EC-Council

EC-Council, officially incorporated as the International Council of E-Commerce Consultants was formed to create information security training and certification programs to help the very community our connected economy would rely on to save them from a devastating Cyber Attack. EC-Council rapidly gained the support of top researchers and subject matter experts around the world and launched its first Information Security Program, the Certified Ethical Hacker. With this ever-growing team of subject matter experts and InfoSec researchers, EC-Council continued to build various standards, certifications and training programs in the electronic commerce and information security space, thereby becoming the largest cybersecurity certification body in the world.

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles