Why analytics is at the heart of any endpoint security business case

Join today’s leading executives at the Data Summit on March 9. Register here.

Using a rigorous, data-driven analytical approach to create an endpoint security business case provides the added benefit of uncovering glaring weaknesses in a corporate network. The goal should be greater visibility and control of each endpoint as a threat surface and asset. That challenge is complicated by the rapidly changing nature of machine identities, making a 360-degree view of endpoint security elusive to maintain.

Endpoints are the attack surface of choice for cybercriminals and nation states that often launch Advanced Persistent Threats (APT) simultaneously on a broad base of endpoints. Their goal is to evade detection, move sideways, install ransomware, exfiltrate valuable customer, employee and company data, and identify systems with the most valuable data. A recent Tanium survey found that 55% of security and risk management leaders estimate that 75% or more of endpoint attacks cannot be stopped. A recent Cybersecurity Insiders report found that 60% of organizations are aware of less than 75% of the devices on their network, and only 58% of organizations say they have every vulnerability in their organization within 24 hours of a breach. identify a critical exploit. It takes enterprises an average of 97 days to test and deploy patches on each endpoint.

Benchmark endpoint benefits first

CISOs tell VentureBeat that one of the best actions they requested in the process of creating their endpoint security business cases was to conduct a comprehensive audit of every endpoint they could find. There is an ongoing debate in IT and cybersecurity teams whether to include all endpoints in the world’s largest enterprises. In reality they are not. CISO of a leading consumer packaged goods manufacturer told VentureBeat that up to 35% of endpoints, especially those with machine identities, are unknown today.

A good business case for endpoint security will close that 35% gap and put in place guardrails to make sure it never gets that big again. Quantifying the benefits works best when IT and cybersecurity teams adopt an audit mindset and delve into each endpoint and process they rely on today to identify them. Taking this approach often reveals which endpoints are overloaded with agents, so much so that software conflicts render the endpoint as unprotected as if there were no agents at all. Absolute’s recent 2021 Endpoint Risk Report found that there are an average of 11.7 security agents or controls on an average endpoint, creating potential software conflicts. The more security checks per endpoint, the more frequent the collisions and decays, making them more vulnerable than before.

Endpoint audits using advanced analytics identify overconfigured endpoints and other potential areas that put businesses at risk of a breach. The shift to the cloud for Endpoint Protection Platforms (EPP) is accelerating the influx for enterprises seeking endpoint data. Combining anonymized data from their customer base and using Tableau to create a cloud-based real-time dashboard, Absolute’s Remote Work and Distance Learning Center today provides a broad benchmark of the overall health of endpoint security. The dashboard provides visibility into device and data security, device status, device type, and device usage and collaboration. It is a useful reference site to evaluate how the pandemic continues to affect device usage and endpoint security.

Benchmarking the following set of benefits is a good starting point for building a business case:

Quantify the gains to be made by reducing IT help desk time managing endpoint configurations. It is a reasonable assumption to assume that reducing the call volume of an IT help desk for endpoint configuration requirements could yield at least $45,000 per year. That is based on the assumption that a call lasts 10 minutes and a total time savings of approximately 1,260 hours per year. Reducing asset loss and device depreciation can conservatively save $300,000 per year in a typical business. A primary factor in getting CISOs to spend time and resources on an endpoint audit is to get this number under control; it’s the number of endpoint devices that are being written off each year for being lost, stolen, or not accounted for. In audits, often up to 40% of endpoints are unused, stolen or unassigned for a year. This is also becoming a factor driving self-healing endpoints, as they often provide real-time status updates from their configurations down to OS, BIOS and patch levels. Monitor and identify the cost savings from taking secops off file exercises and rushed emergency endpoint projects, using analytics to track time savings. IT directors say a lack of consistent management of endpoint security costs thousands of hours a year and rarely provides the needed visibility and control over endpoints so much needed in corporate networks today. Visibility of each endpoint is the goal at this stage of any audit performed in support of a business case. Fortunately, there is a significant amount of innovation underway in this area, with a diverse group of vendors providing solutions. A few of them are Absolute, CrowdStrike, CyCognito, Ivanti, Microsoft Defender for Endpoint, and others. IT teams tell VentureBeat that based on their own estimates, a proven EPP platform could save approximately 2,500 hours fighting endpoint security vulnerabilities in the event of fire. Assuming the cost structure of a typical business, the savings of 2,500 hours alone would yield a total savings of $130,000 per year. Endpoint platforms must support analytics down to the endpoint level to deliver the data needed for more accurate asset lifecycle projections and financial models. Asset life cycles are shortened across all endpoint devices, creating the potential for large, unforeseen cost variances that enterprises will have to cover if they do not accurately predict an accurate life cycle planning figure. Doing this right with analytics and the financial data on how much has been invested in endpoints in turn boosts Return on Invested Capital (ROIC) and can save a typical company conservatively about $140,000 in depreciation and amortization expenses. Analytics improves regulatory and internal auditing and can save $67,000 per year in regulatory audit preparation time and costs alone. Some of the many regulatory audits companies must prepare to pass at the endpoint level include the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS), to name a few.

How much endpoint security will cost?

These are the costs most often included in an endpoint security business case:

Annual and multi-year license cost scenarios, depending on the vendor. There is a wide spectrum of pricing models that Endpoint Protection Platform (EPP) relies on today. One of the leading providers of cloud-based EPP platforms that promise self-healing, autonomous endpoint technology, has a range of license fees from $750,000 to more than $1.7 million. ITSM and legacy systems integration, customization, implementation and change management cost bundling in professional services is common. Most enterprises want endpoint security integrated into their tech stacks, and CISOs tell VentureBeat that the time it takes from ITSM integration is worth it. Base numbers VentureBeat has received from EPP vendors range from $40K to over $150,000 to integrate EPP, ITSM and installed SIEM.

Defining an Endpoint Security Business Case

While the original goal of creating a business case for endpoint security investments is to obtain funding, the rigor in quantifying costs and benefits often identifies major gaps in endpoint security coverage and security.

How insightful and rigorous the use of analytics is to identify the costs and benefits of endpoint security pays off with a more accurate 360-degree view of endpoints for the first time. For many, the audit that organizations do to obtain the data needed for the next Return on Investment (ROI) calculation provides the first real, quantified picture of which endpoints are actually active and in use or not. It is also invaluable for recording the number of lost endpoints; something CISOs admit to VentureBeat, few companies have 100% visibility today.

The following is the ROI calculation to define what an enterprise can reasonably expect to achieve on investments in endpoint security:

Endpoint Security ROI = (Endpoint Security Benefits – Endpoint Security Cost) / Endpoint Cost x 100.

An insurance and financial services company recently completed an internal audit and the expected annual benefits from their implementation of endpoint security will be $475,000 at a cost of $65,000, representing a net return of $6.30 for every $1 invested.

Lessons learned from enterprises that have successfully created ROI for endpoint security include:

Start with an endpoint pilot and benchmark costs per phase. Even the most researched ROI models can vary over time. It is best to first complete a pilot of a series of endpoints and then test the truth assumptions of the ROI model with actual financial data. Pilots help identify areas where previous approaches to endpoint security have left gaps that leave an enterprise more vulnerable than before. Analytics are the guardrails any endpoint security strategy needs to stay on track. Selecting an EPP platform or endpoint security solution that includes analytics as part of the baseline is critical to success. It’s a bonus if there are APIs that can be used for data collection and that provide more flexibility in defining custom metrics and Key Performance Indicators (KPIs). Keep C-level sponsors involved in future plans and victories even after going live. Too often, once an endpoint security project is deployed, C-level sponsors move on to another project. Getting their buy-in and support for future roadmaps is also critical to getting the most out of endpoint security investments in the long run.

Endpoint security and its future benefits

Defining a business case for endpoint security should quantify as many benefits and costs in advance as possible if it is going to be successful. The time savings that IT teams can only achieve by automating patch management and self-healing endpoints are significant. Add to that having more effective data for endpoint discovery and asset management, and the business case becomes an easier decision for C-level executives and in some cases for the board to support.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post Why analytics is at the heart of any endpoint security business case

was original published at “https://venturebeat.com/2022/03/03/why-analytics-are-core-to-any-endpoint-security-business-case/”