The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012

Today’s Agenda

Trends in the Threat Landscape

State of Endpoint Risk:Latest Survey Results

Summary and Recommendations

Q&A

Today’s Panelists

3

Dr. Larry PonemonChairman & FounderPonemon Institute

Paul ZimskiVice President, Solution MarketingLumension

4

2012 Threat Trends

1. State-sponsored cyber crime will become a regular occurrence

2. Social media goes deeper – increasing threats

3. Security will finally arrive for virtualization

4. Anonymous will not go away

5. Mobile devices will come under greater attack

6. VoIP will be used as a covert channel in data breaches

7. Medicare fraud via ID theft will see explosive growth

State of Endpoint RiskLatest Survey Results

Ponemon Institute LLC

• The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.

• In our 10th year, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.

• Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations. Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.

• The Institute has assembled more than 60+ leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.

6

Project Summary

The purpose of this study is to determine

how effective organizations are in the

protection of their endpoints and what

they perceive are the biggest obstacles to

reducing risk.

Our study involves 688 respondents

located in the United States who are

deeply involved in their organization’s IT

function.

All results were collected during August or

September 2011.

Survey response Freq. Pct%

Total sampling frame 18,986 100.0%

Total Returns 911 4.8%

Rejected surveys 80 .4%

Final sample 831 4.4%

Final sample after screening 688 3.6%

7

What organizational level best describes your current position

8

1% 1%

22%

23%

18%

20%

10%

4% 1%

Senior Executive

Vice President

Director

Manager

Supervisor

Technician

Staff

Contractor

Other

Forty-seven percent of responders are managers or hold higher level positions within their organizations.

Industry distribution of the 688 respondents

9

18%

12%

10%

9%8%

8%

6%

5%

4%

4%

4%

3%3%

3% 2% 1% Financial Services

Public Sector

Health & pharmaceuticals

Services

Technology & software

Retailing

Education & research

Communications

Industrial

Hospitality

Entertainment & media

Transportation

Energy

Defense

Consumer products

Agriculture

The largest sectors include financial services, public sector and healthcare organizations.

What is the worldwide headcount of your organization?

10

Less than 500 people

500 to 1,000 people

1,001 to 5,000 people

5,001 to 25,000 people

25,001 to 75,000 people

More than 75,000 people

0%

5%

10%

15%

20%

25%

30%

35%

5%

16%

22%

31%

21%

5%

The majority of the respondents are from organizations with a worldwide headcount greater than 5,000 people.

Attributions About Endpoint Security

11

Laptops and other mobile data-bearing devices are secure and do not present a significant security risk.

We have ample resources to minimize IT endpoint risk.

Business executives are supportive of our organization’s endpoint security operations.

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

11%

15%

18%

15%

20%

23%

Strongly agree Agree

Forty-one percent of business executives support endpoint security operations. Only 35 percent of respondents have ample resources to minimize risk.

What best describes how IT operations and IT security work together?

12

Colla

bora

tion

is ad

equa

te, b

ut ca

n be

impr

oved

Colla

bora

tion

is po

or o

r non

-exis

tent

Colla

bora

tion

is ex

celle

nt0%

10%

20%

30%

40%

50%

60%48%

40%

12%

Only 12 percent of those surveyed indicate their IT operations and IT security work well together.

Is your IT network more secure now than it was a year ago?

The study finds that the majority of respondents believe their organizations’ endpoints are vulnerable to attacks. Compared to last year, 66 percent of respondents say their organizations’ IT networks are not more secure or are unsure (41 percent + 25 percent).

13

Yes No Unsure0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

34%

41%

25%

36% 36%

28%

FY 2011 FY 2010

How many malware attempts or incidents does your IT organization deal with monthly?

14

Less than 5 5 to 10 11 to 25 26 to 50 More than 500%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

3%

9%

13%

32%

43%

6%

11%

21%

35%

27%

FY 2011 FY 2010

More than 75 percent of respondents experienced 26 to 50+ malware incidents per month.

Have your malware incidents increased over the past year?

Thirty-one percent of respondents say there has been a major increase in malware attacks and 22 percent say there has been a slight increase over the past year. Only 8 percent of respondents believe malware attacks have decreased over the past year.

15

Not sure No, they have decreased

No, they stayed the same

Yes, but only slight increase

Yes, major increase

0%

5%

10%

15%

20%

25%

30%

35%

14%

8%

25%

22%

31%

17%

9%

25%

21%

28%

FY 2011 FY 2010

Where is the greatest rise of potential IT risk? (Top 5 choices)

Compared to last year, 39 percent more respondents identify mobile devices as having the greatest potential for IT security risks.

16

Virtual computing environments (servers, endpoints)

Across 3rd party applications (vulnerabilities)

Cloud computing infrastructure and providers

Removable media (USB sticks) and/or media (CDs, DVDs)

Mobile devices such as smart phones (Blackberry, iPhone, IPad, Android)

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

8%

11%

25%

32%

39%

Which one incident represents your biggest headache?

The top three incidents that present the most difficult challenges for respondents are zero day attacks (23 percent) targeted attacks (22 percent) and SQL injection (21 percent).

17

Exploit of software vulnerability greater than 3 months old

Exploit of software vulnerability less than 3 months old

SQL injection Targeted attacks* Zero day attacks0%

5%

10%

15%

20%

25%

30%

35%

40%

10% 11%

21% 22% 23%

16%

11%

23%

35%

FY 2011 FY 2010

*FY 2010 survey did not contain this choice

 Which are the greatest IT security risks next year? (Top 3 concerns)

The below chart lists in descending order what respondents perceive as the five most serious security risks their organizations will face in the near future. Respondents predict the top three IT security risks in the next 12 months will be:

18

Negligent insider risk

Growing volume of malware

Use of insecure cloud computing resources

Insufficient budget resources

Increased use of mobile platforms (smart phones, iPads)

0% 5% 10% 15% 20% 25% 30% 35% 40%

28%

29%

31%

32%

36%

Use of the following technologies will increase over the next 12 months.

Respondents indicate that their use of application control whitelisting and firewall will increase more than 50 percent.

19

Data loss/leak prevention (content filtering)

Network access control (NAC)

Security Event and Incident Management (SIEM)

Mobile device management

Endpoint management and security suite (integrated technologies like AV, patch, etc.)

Application control firewall (gateway) (NGFW)

Application control/whitelisting (endpoint)

0% 10% 20% 30% 40% 50% 60%

29%

30%

38%

45%

46%

55%

56%

What was the change in use in the following technologies?

20

Anti-virus

Application control firewall (gateway) (NGFW)

Whole disk encryption

Device control (removable media i.e., USB, CD/DVD)

Endpoint management and security suite (integrated technologies like AV, patch, etc.)

Application control/whitelisting (endpoint)

0% 1% 2% 3% 4% 5% 6% 7% 8%

2%

2%

4%

5%

7%

7%

How has the effectiveness of the following technologies changed?

21

Anti-virus & anti-malware

Endpoint firewall

Vulnerability assessment

Patch & remediation management

Device control (USB, removable media)

Network access control (NAC)

Application control firewall (gateway) (NGFW)

-18% -16% -14% -12% -10% -8% -6% -4% -2% 0%

-17%

-16%

-15%

-15%

-13%

-11%

-10%

Anti-virus and anti-malware had the largest decline in effectiveness. Respondents indicated a 17 percent decline in effectiveness.

How concerned are you about Mac malware infections?

22

Unsure Not at all concerned Increasingly concerned Very concerned0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

3%

12%

44%41%

Eighty-five percent of Mac users surveyed indicate that they are increasingly or very concerned about malware infections.

Is your IT organization’s operating cost increasing?

23

Yes No Unsure0%

10%

20%

30%

40%

50%

60%

43%46%

11%

41%

48%

11%

FY 2011 FY 2010

Forty-three percent of responders indicated their IT operating costs are increasing.

To what extent are malware incidents to blame?

24

Very significant Significant Some significance None0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

22%

41%

29%

8%

14%

40%

32%

14%

FY 2011 FY 2010

Sixty-three percent of survey responses indicate malware as significantly or very significantly contributing to the increase in IT expense.

How effective is your current anti-virus/anti-malware technology?

25

0%

5%

10%

15%

20%

25%

30%

35%

40%

11%

33%

30%

21%

5%

12%

34%

28%26%

FY 2011 FY 2010

*FY 2010 survey did not contain this choice

Only 44 percent of responders consider their anti-virus/anti-malware technology to be somewhat or very effective.

Does the virtualization platform require your organization to deploy additional security measures?

26

Yes 55%

No 45%

Who provides these additional security measures?

27

Other (please specify)

Unsure

A security technology vendor (virtualization security component)

The virtualization vendor

A combination of the virtualization and security technology vendors

0% 5% 10% 15% 20% 25% 30% 35% 40%

2%

5%

29%

30%

34%

Does your organization have a cloud strategy?

28

Yes 38%

No 41%

Unsure 21%

Sixty-two percent of responders do not have a cloud strategy.

In regards to mobile device management, what are the three most important to your organization’s needs?

29

Other (please specify)

Remote wipe capability

Anti-theft features

Asset tracking

Encryption and other data loss technologies

Virus and malware detection or prevention

Provisioning and access policy management

0% 10% 20% 30% 40% 50% 60% 70%

3%

41%

42%

47%

49%

55%

62%

Is your organization planning to expand its use of application control/whitelisting technologies within the next 12 months?

30

Yes, with certainty Yes, likely to do so No Unsure0%

5%

10%

15%

20%

25%

30%

35%32%

31%

25%

12%

Sixty-three percent of responders are planning to expand their use of application control/whitelisting technologies.

Does your organization have an integrated endpoint security suite?

31

Yes No, but expects to within the next 12-24 months

No 0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

33%

46%

21%

Almost half (46 percent) of those surveyed plan to invest in an integrated endpoint security suite.

How many software agents does your organization typically have installed to perform management, security and/or other operations?

32

1 to 2 3 to 5 6 to 10 More than 10 Cannot determine0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

18%

23%

39%

10% 10%

Forty-nine percent of responders have 6 or more software agents installed.

How many different software management consoles does your organization use?

33

1 to 2 3 to 5 6 to 10 More than 10 Cannot determine0%

5%

10%

15%

20%

25%

30%

35%

23%

29%30%

9% 9%

Summary of Findings

•Current approaches to endpoint security are ineffective and costly.

•Organizations do not feel more secure than they did last year. » This is mainly due to the use of ineffective technology solutions when better,

more effective/efficient technologies exist but are not heavily implemented.

• IT operating expenses are increasing and a main driver of those costs is tied directly to an increase in malware incidents. » Most respondents consider malware a significant factor in those cost drivers.

•Malware continues to be on the rise with attack vectors focused more on third-party and web-based applications.

34

More Information

• Data Privacy Day 2012» http://

www.lumension.com/2012-Data-Privacy-Day.aspx

• Quantify Your IT Risk with Free Scanners» http://www.lumension.com/special-offer/

premium-security-tools.aspx

• Lumension® Endpoint Management and Security Suite» Demo:

http://www.lumension.com/endpoint-management-security-suite/demo.aspx

» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx

2012 State of the Endpoint Report

http://www.lumension.com/2012-state-of-the-endpoint.aspx

35

Q&A

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com

http://blog.lumension.com