Black Hat Survey: End Users Remain Biggest Security Headache as Compromised Endpoints Increase

Author: No Comments Share:

Earlier this year, Bromium published “Endpoint Protection: Attitudes and Opinions,” a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end users are a weak link.

These results were significant, so earlier this August, Bromium conducted a similar survey at Black Hat. Our Black Hat survey was a poll of less than 100 respondents, so these results may be considered less statistically significant; however, they are still interesting.

Man having a headache at home

Similar to our previous research, Bromium found that nearly 75 percent of respondents believe that end users are their biggest security headache. As noted previously, the Verizon Data Breach Intelligence Report found that 71 percent of breaches were a result of an attack on end user devices, so these results should come as no surprise.

User devices can be compromised in a moment by drive-by downloads, system vulnerabilities and e-mail attachments, a challenge is only exacerbated by mobile workers connecting to untrusted networks, yet it can be time-consuming and expensive for information security teams to fix these problems. The alternative, locking down system resources, is not a popular option because it greatly reduces productivity with a negative user experience.

Are users your biggest security headache?


Yes                                         74%

No                                          14%

Don’t Know                         11%



It is easy to understand why end users are such a headache when you consider the results of some of the other questions that were asked. Case in point: Bromium research determined that the total number of compromised endpoints has increased for the majority of respondents in the past 12 months.


In the past 12 months, has the total number of compromised endpoints in your organization:


Increased                             51%

Stayed the

same                                     34%

Decreased                           14%



These compromised endpoints create additional work for information security professionals since they have to be cleaned and remediated, which results in lost productivity for both the users and admins. Investing in anti-virus solutions is not enough, as respondents indicated they had to remediate compromised endpoints that had anti-virus on a monthly, weekly or even daily basis.

In the past 12 months, how frequently have you had to remediate a compromised endpoint that had anti-virus installed?


Monthly                                34%

Weekly                                  29%

Daily                                      20%

Never                                    14%

Not Sure                               3%



Ultimately, the reason that end users are such a headache for information security professionals is because endpoint protection solutions, such as anti-virus, are so ineffective. The majority of respondents believe their endpoint protection detection rates are less than 50 percent, which would explain why the overwhelming majority of respondents are also not confident in the ability of their current endpoint protection solution to detect unknown threats.


What are your current endpoint protection detection rates?


Less than 25 percent        23%

Between 25 and 50

percent                                 34%

Between 50 and 75

percent                                 34%

More than 75 percent        9%



Are you confident in the ability of your current endpoint protection solution to detect unknown threats (e.g. zero-day attacks) 

Yes                                         34%

No                                          66%



Symantec has declared that antivirus “is dead.” You have to agree when you consider these poor detection rates. Endpoint protection is a multi-billion dollar industry, yet security professionals are not confident in these solutions.

End users will remain a primary target for attacks because of the value they hold. Therefore, the market must adapt to meet the demands of a post-AV era. A defense-in-depth architecture can be limited by a common vulnerability in the Windows kernel; indeed, Bromium Labs refers to this as LOL (layers on layers). Instead, organizations should invest in complimentary advanced threat protection solutions.

Bromium vSentry and LAVA provide an advanced threat protection suite that delivers proactive endpoint protection for the post-AV era. Bromium vSentry isolates all tasks in micro-virtualization to contain all threats, while Bromium LAVA provides real-time visibility and analytics. Bromium micro-virtualization enforces security by design, instead of relying on signatures to detect the undetectable. Bromium is returning confidence to endpoint protection solutions.

Previous Article

Next-Gen IDS/IPSs: Caught between a ROC and a hard place

Next Article

The Rise and Fall of Enterprise Security

You may also like