This article is part of a VB special issue. Read the full series here: Zero trust: The new security paradigm.
Most enterprises don’t know how many endpoints they have active on their networks because their tech stacks were designed to excel at the concept of “trust but verify,” rather than zero trust. The gap between how many human and machine-based endpoints organizations know versus have is growing.
Jim Wachhaus, attack surface protection evangelist at CyCognito, told VentureBeat in an interview that it is common to find organizations generating thousands of unknown endpoints a year. In addition, a Cybersecurity Insiders report found that 60% of organizations are aware of fewer than 75% of the devices on their network, and only 58% of organizations say they could identify every vulnerable asset in their organization within 24 hours of a critical exploit.
A recent Tanium survey found that 55% of security and risk management leaders believe that 75% or more of endpoint attacks will not be stopped. The typical enterprise is managing approximately 135,000 endpoint devices today and 48% of them, or 64,800 endpoints, are undetectable on their networks.
A recent Ponemon Institute report, sponsored by Adaptiva, found that the average annual budget spent on endpoint protection by enterprises is approximately $4.2 million. While endpoint spending continues to increase, so does the gap between how many endpoints are known and protected on a given enterprise’s network.
Zero-trust frameworks are needed to close endpoint gaps
CISOs need to consider that defining a zero-trust network access (ZTNA) framework for their businesses accelerates how quickly they can close gaps in endpoint security. A close second priority must be adopting ZTNA techniques, including microsegmentation and least-privileged access, to protect both human and machine identities.
It is common knowledge in the cybersecurity community that human and machine identities are under siege, w …