Survey Lists Top Enterprise Endpoint Security and Compliance Holes

By Brian Prince  |  Posted 2009-12-14 Print this article Print

A survey of roughly 100,000 endpoints from some 25 organizations revealed that all of them had between 10 and 30 percent security- or policy-compliance issues.

The survey, performed by endpoint management software vendor Promisec, found the key issues are missing third-party agents, unauthorized peer-to-peer applications, missing Microsoft updates and out-of-date or misconfigured antivirus.

Some of their other findings: • 23% of endpoints were missing third-party agents • 20% of endpoints had unauthorized peer-to-peer applications • 15% of endpoints did not have the latest Microsoft service packs or hotfixes • 15% of endpoints had antivirus problems, meaning the antivirus was disabled, missing or not updated for the latest version • Dual connectivity, hacking software and un-managed workstations were found in 2-3% of endpoints. • ï€ Total USB device use went up dramatically, but unauthorized USB or PDA use was at 13%

"To manage compliance and security issues, IT managers are using an increasing number of third-party agents," according to the Promisec report. "Maintaining software updates for these and other applications (are) an increasing challenge."

Today's workstations may have five to six different agents that should be running, the report continued. The increased difficulty of maintaining accurate visibility may have contributed to a significant rise between the 2008 and 2009 surveys. In 2008, the percentage of missing third-party agents was in single digits.

"Savvy and technically-minded workers in turn learn to uninstall or disable endpoint security management agents they perceive as disrupting their workflow. With or without malicious intent, end-users can tamper with agents on their computers."

In the case of antivirus, Promisec Executive Vice President of Operations Marc Brungardt told eWEEK that there are a variety of reasons it could be out of compliance, such as employees tinkering with the programs to infections blocking the ability of the software to update.

"Another common problem is that companies inadvertently issue a static ID for the client," the company explains in its report. "If one of the endpoints with this static ID reports that the antivirus is OK, all other endpoints with that same ID are also identified as OK. In many cases, we discovered that antivirus programs were not configured to work properly. Among other reasons, this can happened because not all necessary services are available or because the antivirus is on 'pause' or 'stop' mode."

"If you look at the numbers," Brungardt said, "the trend seems to clearly indicate these problems are getting worse instead of better." |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel