The security threat landscape is in a state of flux as cybercriminals become ever more sophisticated and stealthy in their efforts, and security firm Symantec believes organizations need to adapt their approach to endpoint security as a result.
Last week, Symantec released its 2012 Endpoint Security Best Practices Survey, revealing that 144,000 malicious files are detected each day, translating into a rate of more than 4.3 million per month. Symantec said it blocked 3.1 billion attacks in 2010.
“We’ve learned that endpoints are not what they used to be,” said Jason Nadeau, director of Product Management for Symantec Endpoint Security. “Endpoint security used to be restricted to PCs on the desk and servers in the datacenter.”
But the number and variety of endpoints are exploding with the introduction of all manner of mobile devices, virtual servers, and virtual workstations to the network. Nadeau said the firms that have had the most success in defending their endpoints in this evolving environment are the ones that have been the most aggressive in deploying so-called advanced protection in the form of intrusion prevention and data loss protection technologies.
“In terms of basic protection, the top-tier portion of respondents were six times as likely to have deployed virus and spyware protection and five times as likely to have deployed firewalls,” Nadeau said. “The same trend is evident for advanced protection. The top tier is five times as likely to have deployed intrusion prevention and six times as likely to have deployed data loss protection. I would argue that everybody needs to be doing this and that those sorts of technologies need to move to the baseline.”
Symantec’s survey collected data from 1,425 IT professionals in 32 countries. One-third of the respondents were C-level employees of business owners, another one-third were management focused on strategic issues, and the last one-third were management focused on tactical and operational issues.
Symantec divided the respondents into three tiers based on their security practices.
“Top-tier companies are faring much better in terms of outcomes from attacks than the bottom tier,” Nadeau said, noting that top-tier firms were 2.5 times less likely to see a large number of cyber attacks — including denial of service, information theft, fraud and vandalism — and their total downtime was nearly four times less than that of other firms.
Those numbers aren’t academic. Nadeau said top-tier firms suffered an average total of 588 hours of downtime for the year compared with 2,765 hours for bottom-tier firms. Additionally, successful attacks were costly. Symantec said it found that the typical organization incurred $470,000 in losses due to endpoint cyber attacks in the past 12 months.
Those losses were primarily driven by forced dedication of IT manpower to remediate the affected endpoints; loss of organization, customer or employee data; and damage to the organization’s brand and reputation.
Security Practices That Save Money
Among the organizations that fared the best in terms of attack outcomes, nearly 100 percent said they keep their endpoints — including virtual and physical servers, virtual and physical desktops, laptops/netbooks, and mobile devices — updated with current operating system and application updates through the entire organization. In addition to virus and spyware protection, these organizations have also deployed firewall protection, intrusion prevention systems, and tools to prevent unauthorized copying of data to and from peripheral devices such as USB drives. Nearly all of them said they also viewed other endpoint security technologies such as encryption, access control, data loss prevention, and reputation-based security to be somewhat-to-extremely necessary.
Also, 99 percent of the top tier said they provide some form of employee security training, with 82 percent saying they provide such training at least annually.
By comparison, less than half of the bottom tier said they keep their endpoints somewhat-to-completely updated. Only 20 percent said their physical endpoints have virus and spyware protection, and only 10 percent said they had deployed those technologies for their virtual servers and desktops. Only about one-half of the bottom tier respondents said they considered technologies like encryption, access control, data loss prevention, and reputation-based security as somewhat or extremely necessary. And only 66 percent of these respondents said they gave employees some form of security training at least once a year.
“We want to help customers minimize the risk of successful cyber attacks,” Nadeau said. “You can’t eliminate successful cyber attacks, in the same way you can’t eliminate crime.” But he said organizations can minimize the risk with a multilayer strategy.
Nadeau said organizations can take four steps to reduce the risk of successful cyber attacks: Assess your risk, deploy the latest innovations in endpoint security, train employees, and create and practice a full incident response plan.
“Organizations must know where their sensitive information resides, who has access to it and how it is entering or leaving the organization or even how it is flowing within the organization,” Nadeau said. “There’s no one-size-fits-all solution or silver bullet to that. Some firms can absolutely do this themselves. Generally, for the average company, the idea is they should get some guidance. They should get some consulting help if they’re doing this for the first time.”
However, he was quick to note that risk assessment is not a one-time thing.
“Every day your risk posture can be changing,” he said. “That’s where the tools and technology to manage it come into play.”
When it comes to technology, Nadeau said organizations should deploy reputation-based security and real-time behavioral monitoring as well as intrusion prevention solutions. And he added that organizations have to apply patches and keep systems up-to-date.
“You’ve got to patch,” he said. “At the end of the day, if those underlying vulnerabilities are still there and never get addressed, you’ve still got [a problem].”
Thor Olavsrud is a contributor to InternetNews.com, the news service of the IT Business Edge Network.