Most Recent Blogs

Endpoint Security Activities Buzzing at Enterprise Organizations

Posted: January 12, 2015   /   By: Jon Oltsik   /   Tags: endpoint security

Endpoint security used to be a quasi “set-it-and-forget-it” category at many enterprise organizations. The IT operations team would provision PCs in an approved, secure configuration and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was set and dry by then.

As Bob Dylan once sang, “the times they are a-changin." CISOs realize that these legacy endpoint security methods are no longer enough so they are thoroughly altering endpoint security across their organizations. 

ESG is about to publish some new research on endpoint security that illustrates the depth and breadth of some new activities. For example, over the last 2 years:

  • 66% of organizations say they have reevaluated their endpoint security policies, procedures, and tools to create a plan for improving endpoint security.
  • 59% of organizations say they have trained their security team on new malware threats and endpoint security best practices.
  • 59% of organizations say they have implemented technologies for endpoint profiling and/or continuous monitoring.
  • 57% of organizations say they have increased the allocation of infosec budget earmarked for endpoint security and associated activities.
  • 56% of organizations say they have created or increased end-user training programs to better educate them about cyber-threats.
  • 56% of organizations say they have purchased new endpoint security products in addition to those they’ve used in the past.
  • 56% of organizations say they have increased network segmentation to enhance endpoint security protection.

Clearly, all is not well in endpoint security land, but many organizations are addressing problems head-on across the organization and IT infrastructure. While this is good news overall, the ESG research indicates a lot of haphazard and tactical activities, which may lead to further problems down the line. 

Rather than panic, CISOs must take the time to align endpoint security with their overall enterprise security strategy. This will require an integrated architecture where endpoint security interoperates with network security, threat intelligence, and security analytics. Those that are not up for this challenge should seek immediate help from service providers. 

More soon...there is a lot of intriguing endpoint security research data to blog about!

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.

Jon has an M.B.A. and a B.A. from the University of Massachusetts, Amherst. As an escape from cybersecurity intelligence and technology, he plays guitar in a rock-and-roll cover band.

Posts by Topic

see all