Tripwire Study: Only 33 Percent of Organizations Have Endpoint Security Strategy
PORTLAND, Ore. — October 10, 2016 — Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of an extensive Tripwire study conducted by Dimensional Research. The study was carried out in August and evaluated key challenges that organizations must address in order to optimize their cyber security and compliance programs. Study respondents included over 500 IT security professionals.
According to Tripwire’s study, only thirty-three percent of the respondents have security strategies in place to protect the growing number of endpoints on their networks. In addition, sixty percent of the respondents said they are not confident that all of the devices connected to their networks receive security updates in a timely fashion.
“Timely application of security updates is one of the most effective ways to reduce risk in any organization, but it remains a widespread challenge,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire. “As more diverse devices are deployed, the availability and management of these updates becomes more difficult. Organizations need to have a strategy now, before an incident occurs.”
Critical endpoints are systems that, if compromised, could have significant fiscal or operational impact on an organization. Endpoints have traditionally been defined as devices with which users interact, such as desktops, tablets or phones; however, this definition has now been expanded to include additional items like employee-owned devices, virtual machines, point-of-sale terminals, Internet of Things (IoT) devices and servers. Despite presenting significant and unique security risks, critical endpoints are rapidly increasing on networks. Intel has projected there will be over 200 billion connected devices by 2020.
Additional findings from the survey included:
- Twenty-one percent of the respondents consider the security of IoT devices connecting to their organization’s networks to be one of their top security concerns.
- Nearly one-third (thirty-one percent) of the respondents said they conduct comprehensive inventories of hardware- and software-based assets, including IoT devices, on their networks only once per year.
- Fifty-two percent of the respondents said the projected growth rate of endpoints on their organization’s networks over the next 24 months would be less than twenty-five percent per year.
“The proliferation of devices from BYOD, IoT, and the incidental use of personal devices in the enterprise is causing ‘device sprawl,’ so it’s no surprise enterprises aren’t keeping up,” said Dwayne Melancon, vice president of products. “The key to dealing with this risk is to remember that foundational controls still apply, regardless of scale – know what’s on your network, understand how it’s vulnerable, keep it patched, keep it securely configured, and monitor the heck out of it for suspicious activity.”
Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at tripwire.com/blog or follow us on Twitter @TripwireInc.