Average endpoint has 10 agents

• According to Absolute software, the average ‘enterprise’ endpoint has 10 shitware services running
  • This is collected out of 12,000 organisations, average size unknown
• 21% of AV wasn’t up to date
• 23% of patching tools were broken or disabled
• Encryption tools are “regularly disabled, broken, or missing entirely”
  • 100% of “encryption agents” had “Failed encryption” over the period of a year
  • 42% of endpoints have encryption failures at any given point
  • Unsure if anyones considering that in regards to their mobile fleets
  • akwardly this isn’t broken up to state what kind of failure it is, worst case is no encryption at all, best case is uncertain (partial encryption, or no encryption on portable media?)

The actual paper is behind a paywall at https://www.absolute.com/go/study/2019-endpoint-security-trends, or directly linked at https://www.absolute.com/media/1935/2019-endpoint-security-trends-report.pdf

From experience, this seems about right:

• Agents seem to break often
• I’m yet to see a place with Symantec AV set up and has updated AV on endpoints (or servers)
• Managing consistency across a (windows) fleet is hard
• Things like tenable produce output for executives, but it’s a pain to parse for an actual sysadmin to figure out which box to patch

No idea about the encryption side - coincidentally Bitlocker had issues when applying major updates (although work has been done to no longer need to suspend), although it’s not clear if that’s included in this

For reference, the bitlocker issues I’m talking about are the following:

• https://github.com/MicrosoftDocs/windows-itpro-docs/blob/master/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
• or in a friendly register article for ones management, https://www.theregister.co.uk/2016/12/01/upgrade_shift_f10_pops_win10_system_bitlockerbypassing_cli/