Enterprise cybersecurity software fails 20% of the time, warns Absolute Security

A fifth of enterprise security tools are broken, leaving organizations exposed

A sobering new report suggests that a significant portion of the cybersecurity tools organizations rely on for protection are not functioning as intended. The “2024 Resilience Risk Index” from Absolute Security reveals a stark reality: on average, one in five endpoint security and network controls are failing. This dysfunction stems from a combination of poor patch management, overwhelming IT complexity, and the persistent use of obsolete software, creating dangerous gaps in corporate defenses.

The findings, based on anonymized data from six million devices globally, indicate that despite massive investments in security stacks, organizations are grappling with a fundamental problem of operational integrity. The report serves as a critical reminder that deploying a security tool is only the first step; ensuring it remains healthy and effective is a continuous battle.

The anatomy of failure: A technical breakdown

The 20% failure rate is not a single issue but an aggregate of systemic weaknesses across the security posture. The report breaks this down into two primary areas: 10% of endpoint devices have at least one security agent that is non-operational, and 10% of network controls are similarly failing. These failures are not sophisticated zero-day attacks but fundamental breakdowns in cybersecurity hygiene.

Endpoint agent and network control decay

At the core of the issue is the health of security agents themselves. Endpoint Detection and Response (EDR), antivirus, and Data Loss Prevention (DLP) tools can become corrupted, disabled by users, or misconfigured, rendering them useless. When an EDR agent stops communicating, it effectively creates a blind spot where an attacker can operate undetected.

Similarly, network controls are proving just as fragile. Components like firewalls, Zero Trust Network Access (ZTNA) agents, and corporate VPN service clients can be misconfigured or bypassed. A non-operational VPN client, for example, could leave remote connections unprotected, directly exposing corporate resources.

The persistent plague of poor patching

The failure to apply security updates remains a primary entry vector for threat actors. The Absolute Security report paints a grim picture, noting that 62% of critical vulnerabilities remain unpatched for over 72 hours. More alarmingly, 10% are never patched at all. This practice is a direct invitation for attack, as threat actors actively scan for and exploit known, unpatched flaws. The infamous 2017 Equifax breach, caused by the failure to patch a known vulnerability in Apache Struts, stands as a monumental example of the consequences.

The risk of obsolete and end-of-life software

Compounding the patching problem is the widespread use of outdated technology. According to the report, a staggering 67% of organizations are running software that has reached its end-of-life (EOL). EOL software no longer receives security updates from the vendor, meaning any vulnerabilities discovered are permanent and unfixable. This creates an inherent, high-risk vulnerability that cannot be mitigated through patching, essentially leaving a permanent backdoor into the network.

Death by complexity: Security tool sprawl

The report also highlights the debilitating effect of “tool sprawl.” With organizations managing an average of 113 different cybersecurity tools, security teams are overwhelmed. This complexity leads to integration failures, conflicting policies, and an unmanageable volume of alerts. Instead of creating a layered defense, this tangled web of solutions often results in visibility gaps and operational inefficiencies, making it easier for threats to slip through the cracks.

Impact assessment: A false sense of security

The direct consequence of this 20% failure rate is a significant increase in organizational risk. Enterprises are left vulnerable to ransomware, data breaches, and intellectual property theft, despite their substantial security spending. This gap between investment and actual protection creates a dangerous false sense of security for leadership and boards.

The impact extends beyond the breached organization. Customers and employees whose personal data is compromised face risks of fraud and identity theft. As seen in the Colonial Pipeline attack, failures in operational security can also disrupt critical infrastructure and supply chains, affecting society at large.

These findings align with long-standing industry concerns. Regulatory bodies and security frameworks have consistently emphasized the importance of maintaining security controls. Incidents like the widespread exploitation of the Log4j vulnerability demonstrated how quickly attackers can mobilize to exploit unpatched systems on a global scale. The Absolute Security report provides hard data showing that these foundational weaknesses are not edge cases but widespread realities.

How to protect yourself: Building true cyber resilience

Addressing this challenge requires a strategic shift from acquiring more tools to ensuring the efficacy of existing ones. Organizations must move toward a model of cyber resilience, which assumes that tools can and will fail, and builds processes to detect and remediate these failures quickly. Here are actionable steps for security leaders:

1. Establish comprehensive visibility: You cannot protect what you cannot see. Implement robust asset management to maintain a complete inventory of all hardware and software. Use Security Posture Management platforms to gain a unified view of your security tool health and configuration status across all endpoints.
2. Automate and prioritize patch management: Manual patching is no longer viable in modern IT environments. Deploy automated patching solutions and prioritize vulnerabilities based on real-world threat intelligence, such as CISA's Known Exploited Vulnerabilities (KEV) catalog. The goal is to shrink the window of opportunity for attackers.
3. Rationalize the security stack: Conduct a thorough audit of all 113 (or more) security tools in your environment. Identify redundant capabilities, eliminate shelfware, and consolidate where possible. A leaner, well-integrated security stack is far more effective and manageable than a bloated, fragmented one.
4. Aggressively retire EOL systems: Create and enforce a strict policy for retiring and replacing end-of-life software and hardware. This is a non-negotiable aspect of risk management. If immediate replacement is impossible, implement compensating controls like network segmentation to isolate these vulnerable systems.
5. Implement continuous control validation: Do not assume a tool is working just because it was deployed. Use solutions that continuously monitor the health and integrity of security agents and controls. These systems can automatically detect a disabled antivirus or a misconfigured firewall and trigger alerts or even self-remediate the issue.

The “2024 Resilience Risk Index” is a clear signal that the cybersecurity industry’s focus must evolve. Simply deploying defenses is not enough. The true measure of a security program is its ability to ensure those defenses are consistently operational, patched, and resilient in the face of constant change and persistent threats.