Findings of Security Audit Revealed

Promisec, a company that specializes in endpoint security management, has released the findings of an audit 30 large organizations covering 193,000 corporate endpoints. According to the audit, data loss and illegal software introductions are the two largest threats, driven by the unauthorized connection of USB-attached mass storage devices.

Findings of the audit which was conducted over the last 12 months reveal that:

• 25,090 (13%) of the corporate PCs surveyed had unauthorized USB devices attached to them, opening the door to data loss and the opportunity for USB-borne viruses and malware to enter the corporate network.
• 7720 (4%) of corporate PCs had peer-to-peer (P2P) applications installed.
• 2895 (1.5%) of the corporate PCs did not have the latest Microsoft service packs.
• 3281 (1.7%) had anti-virus monitoring and remediation issues.
• 2316 (1.2%) of the 193,000 audited endpoints were without required third-party desktop security agents.
• 1582 (0.8%) of endpoints had unauthorized remote control software, and a lesser percentage had unauthorized and unprotected shareware.

Promisec bases its audit on information collected via its Promisec Spectator Professional software which is installed on a single enterprise workstation. The software's ability to perform discovery and provide reporting across all corporate networks produces a detailed synopsis of processes, devices and other activities on the network which may be outside of corporate policy, revealing the current state of internal network security.

"Organizations are becoming more adept at identifying security threats to their external networks, but internal network security issues represent a substantial problem for businesses challenged with preventing loss of corporate IP and the infiltration of their networks by malware inadvertently introduced by employees and business partners," said Promisec's Amir Kotler. "The answer to this problem is first understanding the magnitude of it. The loss of internal financial data, customer lists and proprietary product details can be devastating while the introduction of malware can significantly slow down business efficiency -- all of which can be prevented by implementing a strong endpoint security strategy."

Posted by Jon Erickson at 11:43 AM  Permalink