The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

CISO MAG study: 1 in 3 CISOs feel the biggest challenge of endpoint solution is its complexity

Albuquerque, N.M. (November 21, 2019) — Today, the typical organization has hundreds if not thousands of endpoints: desktops, workstations, laptops, mobile phones, tablets, access points, printers, IP-cams, USB devices, credit card readers, POS devices, servers, cloud VMs, and virtual desktops. The addition of IoT devices will increase the number of endpoints even more. Traditional anti-malware, signature-based, and file-scanning solutions will not be able to keep up and manage all those endpoints. This raised concerns with organizations delving into endpoint security.


CISO MAG, an information security news website, and publication from EC-Council conducted a multiple-choice survey, in the month of October 2019 to present new research on the usage of endpoint security solutions.


3 Key takeaways


The three prominent findings that stand out in the survey are:


● The best of both: Half of all companies (53.19 percent) that participated in this survey are using both EPP and EDR solutions.
● Endpoint visibility: Almost half of the respondents (46.38 percent) want real-time endpoint and application visibility.
● Managed services: Two-thirds (62.55 percent) said their endpoint solution included managed endpoint detection services.


Some vendors are sweetening their offerings by bundling endpoint monitoring and management services. These services offer in-depth or advanced threat hunting, forensics, and remediation services.


Another key trend is that endpoint protection is now moving to the cloud, with SaaS-based services for monitoring endpoints. The demand for endpoint security services has increased as cloud security has improved. Traditionally, endpoints were centrally managed from an on-premise server communicating with agents on the endpoints. This shifts the responsibility of managing endpoints out of the enterprise and into the hands of managed security services providers (MSSPs).


Here are some key findings of the survey, indicating that many organizations still need to complete their endpoint security deployments.


Key Findings


● More than half the respondents (62.98 percent) have been using an endpoint security solution for some time.
● It is surprising to note that 14.89 percent are not using any endpoint security solution.
● The rest of the respondents (22.13 percent) are either in the process of evaluating a solution, implementing a solution, or conducting pilot trials.
● Almost half the respondents (46.38 percent) agree that an endpoint security solution offers better or real-time endpoint and application visibility.
● A quarter of the respondents (25.11 percent) said there was increased usage of mobile devices and endpoints in their organizations.
● A fifth (20.85 percent) agreed there was increased volume and complexity of breaches.
● More than half (53.19 percent) are using a combination of EPP and EDR solutions while the rest are using one or the other.
● Two-thirds (62.55 percent) said their endpoint solution included managed endpoint detection services, while a little over one-third (37.45 percent) said they were not using such services.
● More than half the respondents (52.34 percent) said the main factor in deciding the type of endpoint solution they want is the technical capability of the solution.
● A third of the respondents (32.77 percent) said the biggest challenge is the complexity of deploying, managing, and using endpoint solution.




The online survey was conducted by CISO MAG readers from EC-Council’s database. The respondents represent a cross-section of organizations from over 42 countries. Responses were received from those living in the U.S., U.K., UAE, Singapore, Egypt, and The Netherlands. Entries were also received from islands in the Caribbean Sea, such as St. Vincent & The Grenadines, and Trinidad & Tobago.


The survey was prepared in consultation with security experts and industry analysts.


Survey Respondent Profile


● IT Manager/ICT Manager
● Head of IT/VP IT
● MIS Manager
● IT Security Manager
● Information Security Manager
● Manager/Head of Network Security
● Director of Information Security
● ISO/Information Security Officer
● Security Operations Officer/Operation Security Manager
● Security Consultant
● Cybersecurity/Security Analyst
● Cybersecurity Architect
● Cybersecurity Engineer
● Head of IS and SOC
● ICT Security, Risk & Compliance Coordinator
● Head IT, Risk & Security


Read the full survey report and the latest issue of CISO MAG here.



CISO MAG is a publication from EC-Council, which provides unbiased and useful information to the professionals working to secure critical sectors. The information security magazine includes news, comprehensive analysis, cutting-edge features, and contributions from thought leaders that are nothing like the ordinary. Within the first year of launch, the magazine reached a global readership of over 50,000 readers. The magazine also has an Editorial Advisory Board that comprises some of the foremost innovators and thought leaders in the cybersecurity space. Apart from this, CISO MAG also presents a platform that reaches out to cybersecurity professionals across the globe through its Summits and Awards and Power List surveys.


About EC-Council

EC-Council has been the world’s leading information security certification body since the launch of their flagship program, Certified Ethical Hacker (CEH), which created the ethical hacking industry in 2002. Since the launch of CEH, EC-Council has added industry-leading programs to their portfolio to cover all aspects of information security including EC-Council Certified Security Analyst (ECSA), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (CCISO), among others. EC-Council also hosts conferences across the US and around the world, including Hacker Halted, Global CISO Forum, and CISO Summit. For more information about EC-Council, please see