Promisec Survey: Endpoints Still Vulnerable to Breach as Security Defenses Lag

An alarming 89% of VP and C-Level IT Leaders have a heightened fear of a breach over the next year

Only 32% of Respondents Have Advanced Endpoint Security in Place Even As 73% Agree Endpoints are ‘Most Vulnerable’ to an Attack


Needham, Mass. – November 12, 2015 Promisec, a pioneer in endpoint security and compliance solutions, today announced the results of survey of IT security professionals which found that endpoint security solutions today continue to lag, failing to provide protections or detections adequate to protect against today’s security threats. Survey results point to increased security gaps and vulnerabilities in spite of widespread fear of security breaches, when compared to a year-ago survey that Promisec published.

Fewer companies today (32%) said they have advanced endpoint security protections in place, which is down from 39% last year, even though an increasing number of respondents (73% this year vs 58% last year) consider endpoints to be “most vulnerable” to a cyber-attack. Although more respondents recognize that endpoints are vulnerable to a cyber-attack, fewer companies today said they have endpoint protection in place compared with last year. In addition, 67% of respondents said the number of endpoints is rising, down from 76% last year.

An increased number of respondents (74%) said traditional anti-virus defenses no longer address advanced targeted threats and only 26% believe they will play a vital role in the future. This compares to 58% and 19% respectively, in last year’s survey, which illustrates a continued trend away from traditional anti-virus defenses.

The survey found that 82% of IT professionals are either ‘highly’ or ‘moderately’ concerned about a potential security breach in the next year but only 31% say they are ‘well prepared’ for a cyber-attack. 73% of respondents consider endpoints, such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network. In spite of significant concern of a potential data breach and the value of endpoint security, most companies have inadequate defenses in place.

Case in point, only 31% of companies said they were able to complete Microsoft patch updates in less than a week even though these updates play key role eliminating known vulnerabilities. Moreover, 40% said it took up to a month (compared to 34% last year), 13% said it look over a month (compared with 19% last year), and 16% “never” achieved full rollout of updates, up slightly from 14% last year). In spite of these endpoint security challenges, only 25% have a dedicated endpoint security budget, down from 30% last year.

These findings indicate little change from last year, implying there is stronger reason to believe that the hackers would have susceptible environments with which to breach. Security awareness may be up, but actions are unchanged.

Approximately half of respondents continue to agree that there is a bigger need for SIEM and/or advanced threat detection and correlation systems to have deeper endpoint analytics. The respondents categorized it as ‘very important’ as endpoints are a common attack point and monitoring these points of entry are vital to identifying an attack and taking steps toward remediation.

A majority of VP and C-Level IT leaders surveyed indicated a heightened fear of a security breach in the coming year and acknowledged a rapidly shifting security landscape, which now includes endpoint security.

  • 29% of VP and C-Level IT leaders surveyed said they have advanced endpoint protections in place, compared with 33% last year, but 82% indicated they have a need for deeper endpoint analytics to assist in threat detection, up from 75% last year. In spite of growing demand for endpoint security, fewer companies this year have endpoint security systems in place.
  • Nearly 71% of VP and C-Level IT leaders put endpoints at the top of their most vulnerable list, virtually unchanged from last year.
  • An Overwhelming majority of VP and C-Level IT Leaders (81%) say antivirus solutions are not part of their future for protecting against advanced threats, vs 83% last year.
  • An alarming 89% of VP and C-Level IT Leaders have a heightened fear of a breach over the next year, which indicates steady growth over 86% last year.

“Results from our survey indicate that for many companies, endpoints remain highly vulnerable to a cyber-attack as threat levels continue to rise,” said Dan Ross, CEO of Promisec. “We continue to see new breed of more complex and sophisticated threats, where traditional blocking and prevention mechanisms, such as firewall, anti-virus and anti-malware software, are no longer enough to keep our networks safe. Companies need to aggressively fortify their endpoint security infrastructure as a critical part of their total security portfolio in order to keep pace with the rapid evolution of today’s most severe threats.”

Companies Struggle to Keep Pace with Advanced Targeted Threats

  • 70% of respondents say they are “not confident” that the security measures they have in place will protect against all scenarios, up significantly from 55% last year. This indicates growing fear of a security breach in a more complex and sophisticated threat environment.
  • 43% of respondents said that they are only ‘modestly’ keeping up with BYOD and mobility trends as the number of endpoints increase on their network, up from 40% last year.
  • 46% of respondents said there has been only a ‘modest increase’ in their companies stepping up its focus on security in response to threats but there are still possible gaps in security, virtually unchanged from last year.
  • 63% said employees are reasonably compliant and use caution but believe they could do a better job establishing and enforcing basic protocols, up slightly from 58% last year.
  • 54% of respondents said that patching, remediation, and compliance are the biggest challenges relative to endpoint security, virtually unchanged from last year.

Survey Methodology

The survey was conducted between November 2, 2015, and November 9, 2015, and reflects responses from over 150 IT decision makers including senior management, security managers, directors, and network and systems engineers.

To learn more about Promisec and its offerings, please visit:





About Promisec

Promisec is a pioneer in endpoint visibility and remediation, empowering organizations to avoid threats and disarm attacks that can lead to unwanted headlines and penalties. Promisec’s technology assures users that their endpoints are secure, audits are clean, regulations are met and vulnerabilities are addressed proactively to ensure the integrity of enterprise IT. The Promisec Endpoint Management solution provides the power of agentless visibility and remediation before these threats can have impact, ensuring endpoint security, compliance and operational efficiency. More than 400 globally recognized companies, including Amdocs, Fossil, Teva and Wellpoint, trust in Promisec to stay secure, compliant and operationally efficient. Visit for more information.


PR Contact:

Michael Gallo for Promisec