Connect with us

Hi, what are you looking for?


Endpoint Security

Organizations Struggle to Protect Growing Number of Endpoints

A recent study conducted by Dimensional Research has revealed that most organizations don’t have a security strategy in place to protect the growing number of endpoints on their networks.

A recent study conducted by Dimensional Research has revealed that most organizations don’t have a security strategy in place to protect the growing number of endpoints on their networks.

According to the study, just 33% of the survey’s respondents admitted that such a security strategy was in place, while the rest either said they were in the process of building such a strategy (51%), or that they didn’t have plans on the matter (16%). The stats are worrying, because the compromise of critical endpoints could have dire fiscal or operational consequences for an organization.

Traditionally, devices with which users could interact, such as desktops, tablets or phones, have been considered endpoints, but employee-owned devices, virtual machines, point-of-sale terminals, Internet of Things (IoT) devices and servers have been recently added to the list as well. The number of critical endpoints on enterprise networks has been growing fast despite security risks, with over 200 billion connected devices forecast by 2020.

According to the study, conducted on behalf of Tripwire, organizations also lack insight on whether the devices connected to their networks receive security updates in a timely fashion. When asked if they were confident that these devices were kept up to date, only 40% of respondents said they were.

When asked whether they were concerned about the security of IoT (Internet of Things) devices connecting to their organization’s network, only 21% of respondents said it was their top concern. 57% said they were concerned but didn’t see it as a top threat, 10% said they weren’t concerned, while 12% said they prohibit IoT devices on the corporate network.

Advertisement. Scroll to continue reading.

Massive distributed denial of service (DDoS) attacks carried out against Brian Krebs’ blog and hosting provider OVH have brought to the spotlight once again weaknesses in IoT devices. Many of them are secured with easy-to-guess, hardcoded default credentials and also have vulnerable services enabled by default, which exposes them to botnets such as Mirai or other types of IoT malware.

Despite that, most organizations (57%) perform a comprehensive inventory of all hardware and software based assets on their network (including IoT devices) either once a year (31%) or without following a strict schedule (26%). Only 15% said they were performing the inventory continuously, others perform the check weekly (1%), monthly (5%), or quarterly (14%), but 7% never do it.

“Timely application of security updates is one of the most effective ways to reduce risk in any organization, but it remains a widespread challenge. As more diverse devices are deployed, the availability and management of these updates becomes more difficult. Organizations need to have a strategy now, before an incident occurs,” Tim Erlin, senior director of IT security and risk strategy for Tripwire, said.

Carried out in August to evaluate the challenges that organizations must address to optimize their cyber security and compliance programs, the survey received responses from more than 500 IT security professionals.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...