As the number of cybersecurity incidents increased and the protection of sensitive data became heavily legislated, companies turned to security tools to counter cyberattacks and data leaks. However, as diverse threats required different solutions, the number of these tools has steadily grown, reaching a staggering 75 security solutions on average. It is no wonder therefore that agent fatigue has set in.
Agent fatigue refers to the tiredness brought on by the need to deploy and load multiple agents onto endpoints to detect and prevent security incidents, as well as to provide IT teams with visibility and response capabilities in case of a breach. The phenomenon is brought on by company cybersecurity strategies that add new security tools for every new type of threat or vulnerability discovered, much like plugging the holes in a sinking ship.
While perhaps this was the right strategy twenty years ago, the complex threat landscape of today means that information security professionals have become burdened by the sheer number of tools they need to constantly update and monitor. Often understaffed and with as much as 53% of endpoint detection and response alerts being false, IT security teams suffer from high levels of stress and fatigue. This invariably leads to slow response times and potential oversight of security incidents which can be fatal to a company’s data security and compliance efforts.
The Importance of Client Agents
When taking such figures into consideration, it’s easy to blame client agents for the burnout suffered by security professionals. However, it’s worth noting that it is not client agents themselves that are the culprit, but the strategies companies use to build their cybersecurity frameworks. Businesses accumulate security tools due to multiple acquisitions and growth over time. As a consequence, larger enterprises wind up with a lot of redundancy in security tools.
Client agents themselves have been an indispensable part of data security efforts during the COVID-19 pandemic when work computers were taken out of the security of corporate networks and into potentially vulnerable home environments. Client agents, deployed on the endpoint, continued to protect data and devices remotely. Some, such as Data Loss Prevention (DLP) solution Endpoint Protector ensured that its data protection policies were active even when devices were offline or connected to public networks.
The COVID-19 pandemic has also made the case for remote working, proving its viability in the long term, which means companies are likely to adopt generous work-from-home policies in the future. Remote work, but also business travel which poses the same security challenges, makes it difficult for companies to do away with client agents even if there were viable alternatives available.
Avoiding Agent Fatigue
Although the importance of client agents is acknowledged by companies so is the increasingly frequent problem of agent fatigue. So how can companies avoid agent fatigue while maintaining the advantages client agents provide? Some experts have made the case for multi-functional Swiss Army Knife type tools. This means reducing the number of agents a company uses by adopting tools that address several security threats, not just one.
While the Swiss Army Knife approach seems ideal, the best security products tend to be specialized, relying on years of expertise in one field to address a particular category of threats. Products that address multiple threat vectors might wind up lacking focus and diluting their efficiency.
The best solution is to choose products whose client agents are light and granular. Client agents that come with an entire set of tools that a company does not need or, worse, that address vulnerabilities already covered by other tools, weigh down a security framework, and are conducive to agent fatigue. Having products that allow organizations to pick and choose the features they need, lightens the load of a client agent and reduces the time a security professional needs to monitor it.
Companies must also revisit their security product purchasing policies to include steps that analyze existing tools for the new capabilities they need. In this way, they can avoid redundancy and overlap between agents. Ultimately, organizations need to rethink the way they accumulate security tools and see them, rather than as a stack, as pieces of the same puzzle.