A recent study has revealed 12% of enterprise IT assets do not have enterprise protection installed, and 5% are not covered by patch management processes. The lack of protection and unpatched vulnerabilities could be exploited by threat actors to gain access to enterprise networks.
Sevco Security conducted the study using data from 500,000 IT assets and published the findings of the study in its State of Cybersecurity Attack Surface report. One of the main problems is the lack of visibility into IT assets. In order to ensure that all IT assets have appropriate security, organizations must have an accurate inventory of all assets they own. Without such an inventory, it is impossible for organizations to know the security status of all assets and it is inevitable that some devices will have ‘stale’ security solutions and unpatched vulnerabilities.
The investigation into the Equifax data breach in 2017, which resulted in the exposure of the personal information of 147 million people, was due, in a large part, to a lack of visibility into its IT assets. Vulnerabilities went unaddressed that were eventually exploited by malicious actors. The problem is not exclusive to Equifax. It is a problem in many organizations. Sevco Security says a lack of visibility into all IT assets is one of the biggest challenges for security teams. It results in unprotected assets that are ticking timebombs, and malicious actors are searching for these poorly protected endpoints and exploiting vulnerabilities to gain a foothold in enterprise networks.
Windows servers are a common weak point. According to the study, 19% of all Windows servers were missing endpoint protection, compared to 11% of Windows clients and 12% of MacOS devices. MacOS devices were found to be 2-3 times more likely to be missing from patch management processes than Windows clients and servers, with 14% of macOS devices missing patch management compared to 5% of Windows servers and 4% of Windows clients.
“An increasing number of modern attacks involve targeting unpatched servers and devices. Most enterprises have robust patch management tools that are effective at what they’re designed to do: applying patches to known IT assets. Companies are not getting breached because their patch management tools are ineffective,” explained Sevco Security in the report. “They’re getting breached because it’s impossible to patch an unknown asset, as is the case with 5% of IT assets covered in this data set.”
Sevco Security determined that 3% of all IT assets were stale in terms of endpoint protection and 1% were not covered by patch management processes. Stale IT assets are defined as assets that appear in the security control console as being installed on the device but haven’t checked into that control for a considerable period.
“In the case of a stale device, the agent is installed, but it’s not checking in. That results in missing updates and probable malfunctioning agents,” said Sevco Security CEO J.J. Guy. “This is particularly insidious because someone might think the agent is installed and working – and therefore the asset is protected – but it isn’t.”