News
100% of Organizations Have Security and Compliance Breaches
December 2009 by PROMISEC
Inspections of approximately 100,000 endpoints over 25 organizations shows that typically organizations suffer from 10-30% of security breaches or non-compliance on endpoints in the networks. The top threats were missing third-party agents, unauthorized peer-to-peer applications, missing Microsoft updates, and antivirus issues. The report was issued by Promisec, Inc., a leader in delivering Clientless Endpoint Management (CEM) software solutions to identify and eliminate threats in corporate networks.
The top 4 threats to corporate endpoints were:
– Missing third-party agents
– Unauthorized peer-to-peer applications
– Microsoft products missing recent service packs or hotfixes
– Antivirus problems, meaning the antivirus was disabled, missing, or
not updated for the latest version
"It’s increasingly difficult for IT staff to get full visibility of the endpoints," said Robin Mayo, President of US Operations of Promisec. "Today many endpoints are running 5 or 6 agents for standards compliance or to meet security standards. It’s no surprise that in many organizations, more than 20% of endpoints are missing or have misconfigured one or several of those agents."
The report covers the trends and incidence of the following threats to corporate networks:
– Missing third-party agents, such as encryption, personal firewall, and
other management and compliance tools.
– Anti-virus problems, such as disabled or missing antivirus, or lack of
recent updates
– Peer-to-peer applications
– Missing Microsoft service packs and hotfixes
– Dual connectivity through wireless and mobile networks
– Existence of hacking software
– Unmanaged workstations
– Unauthorized Virtual Machine software use
– Unauthorized USB and PDA use
"Today, users and applications are sophisticated," said Hilik Kotler, Promisec Co-Founder and EVP Business Development. "Users can easily bypass security enforcement mechanisms by using unauthorized devices, installing unauthorized applications, and disabling required updates or security maintenance tasks. Most of this behavior isn’t malicious, but it poses serious threats to corporate networks. Our inspection was able to identify this behavior, where client-based solutions tend to fall short."
According to the report, all organizations were at risk with problems involving employee misconduct and technical errors on the endpoints. No organization showed a clean bill of health.
Promisec’s annual study aims to reveal serious problems that persist at the endpoint level of enterprises and other organizations. The company’s research has provided CIOs with unprecedented visibility inside their networks.
