SANS Rocky Mountain Fall is Live Online! Join us Nov 2-7 MT for 17 interactive courses + NetWars. Save $300 thru 10/7.

Press

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Next-Gen Endpoints Risks and Protections: Results of the SANS 2017 Endpoint Security Survey

End Users Source of Most Breaches; Patching Falling Behind; Improvement in EDR and Automation Needed

  • Bethesda, MD
  • February 22, 2017

Browser-based attacks and social engineering are the two most powerful techniques targeting organizations represented in the SANS 2017 Endpoint Risks and Protections Survey. Both techniques prey upon users as their initial point of entry.

"Organizations must devote more resources to user education and to monitoring activities that result from user behavior," says the report's author and SANS Analyst G.W. Ray Davidson. "The insider threat is no longer just the malicious actor with unauthorized access; well-intentioned but naive employees can be just as dangerous."

The results of this new survey are to be released by SANS Institute on February 28 in the first of a two-part webcast series. In it, 53% of respondents had known, impactful compromises starting at their endpoints in the past 24 months. And that total doesn't include the 37% who don't know whether or not they've been compromised during that timeframe.

While users represent the top vulnerability leveraged by attackers, vulnerabilities such as misconfigurations or software flaws were also commonly leveraged in attacks against the endpoints, ranking as the third most common source of significant compromise, according to responses.

Of the 53% of significant breaches that respondents knew about, just 48% were detected through endpoint detection and response (EDR) solutions. The remainder of detections were not directly endpoint solutions, and included such sources as log analysis, security information and event management (SIEM) system alerts, cloud-based monitoring, and even third-party notification.

"The farther from the endpoint a breach is discovered, the more time it has to pivot from system to system and increase the impact of the breach," adds Davidson. "As organizations develop sufficient maturity, they should automate remediation activities as much as possible, because the scope of a breach can quickly outpace remediation efforts."

Full results will be shared during a two-part webcast at 1 PM EDT on Tuesday, February 28 and Wednesday, March 1 webcasts, sponsored by Carbon Black, Great Bay Software, Guidance Software, IBM Security, Malwarebytes, and Sophos, and hosted by SANS. Register to attend the February 28 webcast at www.sans.org/webcasts/103167 and the March 1 webcast at www.sans.org/webcasts/103172

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and network security expert, G.W. Ray Davidson.

TWEET THIS!
  • Endpoints most often breached by their users-SANS survey webcasts Feb 28 and March 1 | www.sans.org/u/pYQ
  • Who's managing your endpoints? SANS survey webcasts Feb 28 and March 1 | www.sans.org/u/pYQ
  • Smart devices are the new endpoints: Who's managing them and how? SANS survey webcasts Feb 28 and March 1 | www.sans.org/u/pYQ

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)