Endpoints missing patches
BOSTON, Mass. - June 18, 2008 - IT security and control firm
Sophos today announced its initial findings from the Sophos
Endpoint Assessment Test. This free online scanning service
checks for endpoint security vulnerabilities. The test looks for
missing Microsoft security patches, disabled client firewalls, or
missing endpoint security software updates. The test ran for 40
days and collected information from over 580 PCs worldwide. The
results show that 81 percent of the corporate endpoints tested had
failed one or more of these basic checks.
From the three tests conducted, results showed that 63 percent
were missing at least one Microsoft security patch from one of the
following: Microsoft Windows operating system, Microsoft Office,
Microsoft Internet Explorer, Microsoft Media Player or Flash
Player. Meanwhile, 51 percent of endpoints tested had disabled
client firewalls and 15 percent had out-of-date or disabled
endpoint security software.
"We're holding up to the light an aspect of endpoint security
that has long been evaded by IT departments - the inability to
properly assess and control baseline endpoint security requirements
such as updated patches, enabled firewalls and current anti-malware
signatures updates. Ultimately, machines that fail such a test
represent 'low hanging fruit' for cybercriminals and a real danger
to their corporate networks," said Bill Emerick, vice president of
product management for Network Access Control. "Sophos will
continue accumulating endpoint assessment results to raise
awareness and to help organizations prioritize the areas of
greatest vulnerability."
For the Sophos Endpoint Assessment Test, Sophos collected data
from 583 corporate endpoints across all geographies. North America
represented 39 percent of the sample base, while the UK made up 36
percent, and Australia and Germany were 11 percent and 9 percent
respectively (5 percent being other countries). Additional
statistical information is as follows:
- 39% of the end users were part of an organization with fewer
than 100 users
- 36% were part of an organization size between 100 and 1000
users
- 25% were from organizations larger than 1000 users
"This free tool from Sophos gives us an easy way to reintroduce
the need for NAC," said Sophos channel partner Kevin Milloy, senior
principle consultant at AMA Inc. "Far too many companies still
believe the first-generation of NAC rhetoric that dwelled on
network outbreak protection or guest access, when in actuality the
much bigger issue - and one that endpoint NAC squarely addresses -
is keeping endpoints protected by ensuring security measures remain
enabled and current."
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.