As part of our research on Cybersecurity Perceptions Versus Reality, we developed a survey in collaboration with Serene-risc, a knowledge mobilization network in cybersecurity based in Canada, on the perceptions and practices of cybersecurity professionals. The survey aimed at understanding how defenders perceive specific security measures and whether these measures were implemented in their respective organizations. We then combined the survey results with our penetration testing experience to confront two perspectives: the defenders’ and the pentesters’, the latter standing as proxies for real attackers. This blog post summarizes the results related to endpoint visibility.

Endpoint Visibility
Download the complete Cybersecurity Perceptions Versus Reality report, also available in French.
Endpoint Visibility

As part of our research on Cybersecurity Perceptions Versus Reality, we developed a survey in collaboration with Serene-risc, a knowledge mobilization network in cybersecurity based in Canada, on the perceptions and practices of cybersecurity professionals. The survey aimed at understanding how defenders perceive specific security measures and whether these measures were implemented in their respective organizations. We then combined the survey results with our penetration testing experience to confront two perspectives: the defenders’ and the pentesters’, the latter standing as proxies for real attackers. This blog post summarizes the results related to endpoint visibility.

Download the complete Cybersecurity Perceptions Versus Reality report, also available in French.

Defenders: Asset Inventory Matters

Endpoint visibility represents visibility on all devices at the edge of a network, such as laptops, desktops, mobiles phones, tablets, etc. We asked how much endpoint visibility respondents have on their entire organization. As shown in Figure 1, we find that 68.4% said high and very high visibility, 23.9% said moderate visibility, and 7.7% said no or low visibility.

Figure 1 – Endpoint Visibility

Pentesters’ Experience

The fact that 68% of the respondents said that they had high endpoint visibility was surprising to penetration testers, who usually experience the opposite. They mentioned that the discrepancy may be explained by the idea that endpoint visibility perceived by the respondents is based on more traditional threats instead of more recent techniques using in-memory payloads and weaponized operating system features. In addition, based on pentesting experience, when compared with the tactics, techniques, and procedures frameworks (TTPs) like the Mitre Att&ck framework, the client’s endpoint visibility usually covers only a fraction of the known tactics and techniques.

Pro Tips on Endpoint Visibility

As a reference for readers, below are some pro-tips related to maintaining endpoint visibility on corporate networks.

Conclusion

These findings are part of the Cybersecurity Perceptions Versus Reality report that highlights the key results of a two-year long study that aimed at understanding a disconnect that exists between how defenders perceive the value of their implemented security controls, and the most common attack vectors leveraged by penetration testers acting as potential attackers. The report is available in French and the microdata of the survey is available online.

Pin It on Pinterest

Share This