Organizations have endpoint security tools, but they still fall short of the basics


Most IT and security teams would agree that ensuring endpoint security and network access security applications run in accordance with security policies on managed PCs should be a core task. Even more basic would be to ensure that these applications are present on the devices.

And yet, many organizations still do not meet these requirements. A new report from Absolute Security, based on anonymized telemetry from millions of mobile and hybrid PCs running its solution with embedded firmware, found that much of the market is falling far short of best practices.

For example, the 2024 Cyber ​​Resilience Risk Index report found that without the support of automated remediation technologies, leading endpoint protection platforms and network access security applications fail to meet the security policies 24% of the time in their sample of managed PCs.

When combined with data showing significant delays in patching, Absolute Security argued that organizations may be ill-equipped to make the historic shift to AI-enabled PCs, which would require significant resources and divert attention from these fundamentals. cyber security.

Findings detail basic security tooling and patching issues

Absolute Security's report analyzed data from more than 5 million PCs from global organizations with 500 or more active devices running Windows 10 and Windows 11. It uncovered findings that should concern IT and cybersecurity teams.

Essential endpoint security tools fall short of security policies

Absolute Security analyzed how organizations deployed endpoint security platforms such as CrowdStrike, Microsoft Defender Antivirus, Microsoft Defender for Endpoint, Cortex XDR from Palo Alto Networks, Apex One from Trend Micro, Singularity from SentinelOne, and Intercept X from Sophos.

SEE: Top 8 Advanced Threat Protection Tools and Software Available in 2024

It also discussed the use of leading zero-trust network security applications, including Citrix's Secure Private Access, Cisco's AnyConnect, Palo Alto Networks' GlobalProtect, Zscaler's Internet Access offering, and Netskope's ZTNA Next.

In addition to finding that 24% of these applications did not comply with basic security policy, it discovered that endpoint security tools were not even installed on almost 14% of PCs that were supposed to be under the protection of a PPE. Absolute Security called this “especially noteworthy” given that PPE is considered the first line of defense for the mobile and hybrid network edge.

Organizations are still far behind their patching ambitions

Organizations are delaying weeks or even months in applying critical patches, opening “excessive risk gaps.” While the overall average number of days to patch software vulnerabilities continues to decline (to 74 days for Windows 10 and 45 for Windows 11), most industries continue to operate well behind their own patching policies. Australia's Essential Eight changed the requirement for patching vulnerabilities in high-risk software from one month to two weeks in 2023.

Absolute Security found that patching times varied by industry. Education providers and governments have the worst patch records, taking 119 and 82 days, respectively, to patch Windows 10 software in 2024, although this is a big improvement over the 188 and 216 days it took these sectors to patch. patch the vulnerabilities in 2023. For Windows 11, education and government were again the two longest patches, although they only took 61 and 57 days, respectively.

The time has come to patch Windows 10 vulnerabilities by sector. Image: Absolute Security

The implications for upcoming AI-enabled PC investments and deployments

Absolute Security acknowledged that a massive “AI replacement wave” could be coming to the enterprise PC market. It revealed that only 92% of enterprise PCs have sufficient RAM capacity for AI currently, which it said has been set at 32GB of RAM. “Not surprisingly, IDC forecasts that demand for PCs supporting new innovations in AI will increase from 50 million units to 167 million by 2027, an increase of 60 percent,” the report details.

The issues organizations face with endpoints have implications for how they adopt AI-enabled PCs. “Massive deployments are complex and resource-intensive. Huge investments in fleets of AI-enabled endpoints have the potential to divert budget and human resources from critical IT and security priorities that can leave gaps in security and risk policies. “Devices loaded with new software not only increase complexity but also impact performance and security,” he said.

Getting the benefits of AI PC will depend on security

Absolute Security said the ability of a new generation of AI-enabled PCs to handle large data sets and language model processing locally would allow more data to be kept locally on enterprise-owned assets rather than on third-party cloud hosts. “With more localized control over data, organizations can reduce the overall risk of data theft and leakage,” the report says.

However, the company said this would depend on the proper functioning of security and risk controls on end devices. The report recommended that companies investing in AI-enabled PC deployments take steps to ensure maximum efficiency across all IT, security and risk procedures.

Absolute Security warns against overreliance on existing tools

Telemetry data from Absolute Security revealed that organizations are currently using a complex mix of “more than a dozen” endpoint security tools and network access security applications per device. Basically, they were all governed by four basic security policies:

  • Make sure the app is present on the device.
  • Make sure the device version is correct.
  • Verify that an application is running as expected.
  • Verify that an application is signed as property and has not been tampered with.

Endpoint protection and vulnerability management tools are not foolproof

Absolute Security recommended that CISOs and IT implement solutions that monitor, report and help remediate network and endpoint access security applications as close to real-time as possible.

“Security measures that come standard with applications may not be sufficient, as malfunctioning or compromised software will not be able to self-mitigate and return to an effective state,” the report says. “Support network access and endpoint security controls with technologies that automate remediation and restoration to an effective state following cyberattacks, technical failures, or deliberate tampering attempts,” he suggested.

When it comes to patching systems, Absolute Security warned that standard vulnerability management platforms may not verify whether assets comply with security policies or function as expected, even if they are fully patched. “To avoid errors that these solutions don't track, add a layer that expands visibility into software and hardware assets to ensure they are working as needed,” he said.

Maximize efficiency to minimize the impact of AI PC fleet transition

As AI-enabled PCs are invested in and deployed in greater numbers, Absolute Security suggested that businesses take steps to ensure maximum efficiency across all IT, security and risk procedures, including security application repair and restoration, as well as the implementation and management processes. Efficiency gains will ensure IT and security teams can focus on providing maximum defense against threats.

scroll to top