This is the first blog in a two-part series about the hidden costs of endpoint management and how to avoid them. To get the full story, read part two as well.

Companies today are paying much more than they realize for endpoint management in terms of money, resources and speed — many of which are hidden expenses. A recent SANS Institute report titled “Understanding the (True) Costs of Endpoint Management,” examined the endpoint management problems that IT managers are currently dealing with, the decisions that impact (or allow an organization to determine) the true cost of endpoint management tools, and what the future holds for this ever-growing task.

Let’s take a look at some of these hidden expenses, where they come from, and how organizations reduce these costs and even avoid them altogether.

Top 5 Drivers of Hidden Endpoint Management Costs

So what’s driving these concealed costs? There are many factors, but in the top five are:

  1. Too many tools;
  2. Limited endpoint visibility;
  3. Inefficient processes;
  4. Deficient compliance enforcement; and
  5. Lack of integration.

If you struggle with these things, you’re not alone. Let’s take a closer look at each of these contributing elements.

1. Too Many Tools

How many endpoint management tools do you use? One enterprise security team that IBM spoke to was using 85 security tools from 45 different vendors — and they still had inadequate visibility into their endpoint landscape, not to mention administrative overload from managing these overlapping, nonintegrated tools. Without fast, easy visibility across the entire endpoint landscape, teams often haphazardly patch vulnerabilities with no clear understanding of risk levels.

According to the SANS report, 83 percent of organizations use between three and nine different endpoint management tools just to find and patch vulnerabilities on endpoints. Some use more than 20 tools to complete these tasks. Think about the cost of purchasing, deploying and managing all these tools across multiple servers — not to mention the impact of managing all those vendor relationships.

Then there’s the issue of infrastructure. How many management servers are required to support all of these tools? How much are you spending on the various software licenses required to enable these tools? Even free tools may need additional software licenses that cost money, such as operating systems (OSs) and database engines. Or these free tools may have unforeseen license costs if you want to use them across your entire enterprise, or for additional applications. These types of unexpected costs can add up quickly.

In addition, as IT professionals have to sift through and correlate more and more data from multiple dashboards, the greater the number of tools in use, the bigger the impact to your team’s ability to respond in a timely and agile manner. This potentially impacts both resource and speed costs.

Read the SANS Report

2. Limited Endpoint Visibility

If you asked five people from any organization how many endpoints they have, you’d likely get five different answers. Now try to determine what OSs and applications (and which versions) are running on each of these endpoints.

Another consideration is the time to value of your data. Is the information you get relevant, timely and accurate? Data value erodes over time. Endpoint information that is three minutes old has a different value than data that is three days or weeks old. And how confident are you about data accuracy? Data that is collected in different ways, using different formats and at different times by different tools can be subject to error.

Together, these factors will impact your ability to effectively prioritize and respond to your most critical vulnerabilities in a timely manner.

3. Inefficient Processes

Inefficient endpoint management processes can also carry hidden costs, and strong patch management is at the core of this. Many with low first-pass patching success rates struggle because they are using multiple OS-specific tools and have to repeat patch processes multiple times on multiple tools, increasing resource and speed costs and enabling a larger attack surface. And we all know that it only takes one unpatched endpoint to open the door for a major breach.

According to the SANS report, on average only 7 in 10 endpoints successfully receive patches on the first push. If you have less than 100 percent first-pass success, you must spend time, energy and effort to understand why the patches were not successful. How many cycles and resources does this consume?

After this is done, you’ll still need to relaunch the same patch again (often multiple times) until all endpoints are updated — assuming you know how many endpoints are still unpatched and that they are on the network when you push the patch). And this is just using one tool; multiply this effort — and the resource and speed costs — by the number of tools you are using to better understand how much you’re truly spending to patch.

4. Deficient Compliance Enforcement

Compliance is another area where you can find hidden costs, but achieving a steady state of compliance can often be challenging. Today, many end users have administrator rights on endpoints that allow them to download unapproved software and make other unauthorized changes. One in 5 of respondents to the SANS survey said they didn’t know whether their endpoint systems had fallen into a noncompliant state.

If drift has occurred, how can you remediate these compliance and configuration issues? How many resources and how much time does this take? How can you verify that your security posture meets your internal service levels? Finally, how can you analyze compliance progress over time to highlight improvement or identify gaps?

The bottom line is that if your endpoints aren’t compliant, you are at risk — and we all know that security breaches are expensive.

5. Lack of Integration

IT infrastructure and security teams are typically siloed, have dissimilar responsibilities and use different, nonintegrated tools. This exacerbates the lack of visibility, inefficient processes, sporadic endpoint hygiene, and inconsistent compliance problems and costs. It can also delay your ability to respond to potential threats and active attacks.

The good news is that since the WannaCry attack in 2017, IBM is seeing tighter collaboration between security and infrastructure teams. However, as the SANS report shows, there’s still a lot of room for improvement. Security teams need to play a larger role in patching and endpoint control, and more communication is needed as well. So while we’re seeing many organizations gradually integrate their security and operations teams, there are often still very clear delineations and limited communication mechanisms. This then shifts the focus to how we can improve the level of integration and automation between the systems and processes these teams use every day.

Understanding the Costs Is Just the First Step

There are many costs inherent to endpoint management. These include money, resource and speed costs, and they are impacted by many factors that act to increase these true, or hidden, expenses. The good news is that there are many ways to address these problems. To find out how, read the second installment of this series.

Read the complete SANS Report

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…