Sophos posts initial results on global corporate Endpoint Assessment Test

June 18, 2008 Sophos Press Release

Endpoints missing patches
Endpoints missing patches

BOSTON, Mass. - June 18, 2008 - IT security and control firm Sophos today announced its initial findings from the Sophos Endpoint Assessment Test. This free online scanning service checks for endpoint security vulnerabilities. The test looks for missing Microsoft security patches, disabled client firewalls, or missing endpoint security software updates. The test ran for 40 days and collected information from over 580 PCs worldwide. The results show that 81 percent of the corporate endpoints tested had failed one or more of these basic checks.

From the three tests conducted, results showed that 63 percent were missing at least one Microsoft security patch from one of the following: Microsoft Windows operating system, Microsoft Office, Microsoft Internet Explorer, Microsoft Media Player or Flash Player. Meanwhile, 51 percent of endpoints tested had disabled client firewalls and 15 percent had out-of-date or disabled endpoint security software.

"We're holding up to the light an aspect of endpoint security that has long been evaded by IT departments - the inability to properly assess and control baseline endpoint security requirements such as updated patches, enabled firewalls and current anti-malware signatures updates. Ultimately, machines that fail such a test represent 'low hanging fruit' for cybercriminals and a real danger to their corporate networks," said Bill Emerick, vice president of product management for Network Access Control. "Sophos will continue accumulating endpoint assessment results to raise awareness and to help organizations prioritize the areas of greatest vulnerability."

For the Sophos Endpoint Assessment Test, Sophos collected data from 583 corporate endpoints across all geographies. North America represented 39 percent of the sample base, while the UK made up 36 percent, and Australia and Germany were 11 percent and 9 percent respectively (5 percent being other countries). Additional statistical information is as follows:

  • 39% of the end users were part of an organization with fewer than 100 users
  • 36% were part of an organization size between 100 and 1000 users
  • 25% were from organizations larger than 1000 users

"This free tool from Sophos gives us an easy way to reintroduce the need for NAC," said Sophos channel partner Kevin Milloy, senior principle consultant at AMA Inc. "Far too many companies still believe the first-generation of NAC rhetoric that dwelled on network outbreak protection or guest access, when in actuality the much bigger issue - and one that endpoint NAC squarely addresses - is keeping endpoints protected by ensuring security measures remain enabled and current."