New SANS True Cost of Endpoint Security Research Finds Patching Is Still a Major Pain Point for Security Pros

Bethesda, Md. – A new study from SANS Institute, available July 26, examines endpoint management costs and issues in todays enterprises, including patching, lack of visibility and complexity. The research report also looks at upfront and hidden costs associated with endpoint management, as well as security concerns for when management goes awry.

"Endpoint management remains a critical security vector for most organizations," says Matt Bromiley, SANS Analyst, incident responder and the author of the survey report. "Numerous factors come into play in determining the success and cost of endpoint management efforts. Organizations need to consider all aspects of 'costs' when considering solutions: up-front costs, training, efficacy, ease of use and ongoing maintenance costs, for example."

The research found that organizational size and complexity, based on the number of operating systems in use, must be considered when organizations choose endpoint management tools. Size and complexity also relate to the lack of visibility that respondents reported, with 33% of respondents taking more than two days to detect security incidents, including patch noncompliance, configuration drift, query reconfiguration or indicators of attack/compromise.

Timely application of patches, typically accepted as an indicator of good cyber hygiene, remains an issue. Almost one-quarter (25%) of respondents have policies that allow at least one month for routine patching of their servers, and 11% need longer than that to install emergency or high-priority patches. For workstations, the policies are a bit more stringent, with 11% allowing more than a month to install emergency patches. A similar percentage take that long for routine patching.

"Even with the majority being able to patch within a month, the importance of timely patching has not diminished," continues Bromiley. "The lengthy time needed for applying patches is a concern, particularly for servers, because server-side vulnerabilities are often exploited for initial attacker foothold, providing a platform from which to pivot into other areas of the organization."

Full results will be shared during a Thursday, July 26 webcast at 4 PM EDT, sponsored by IBM Security, and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and endpoint security/incident response expert, Matt Bromiley.

Tweet This:

SANS True Cost of Endpoint Survey Results Released | July 26 @ 4 PM Eastern | Register to attend:

Visibility and Patch Application Key to Endpoint Security | Learn more on July 26 @ 4 PM Eastern | Register at

Explore the Costs of Endpoint Management | July 26 @ 4 PM Eastern | Register at

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (