Report: Enterprise Endpoints Behaving Badly

Scan of 100,000 endpoints at 25 different enterprises reveals unauthorized P2P activity, missing application agents, misconfigured or missing antivirus

Dark Reading Staff, Dark Reading

December 12, 2009

3 Min Read

More reasons to worry about the endpoint: A new scan of enterprise machines found that nearly one-fourth were missing third-party software agents and engaging in unauthorized peer-to-peer networking.

Security compliance and endpoint management company Promisec conducted an internal audit of 25 of its new enterprise customers, scanning 100,000 of their endpoints to gather data on the state of their endpoints. The top threats on end user machines, according to the scan results, are missing third-party software agents (23.3 percent), unauthorized P2P (20.6 percent), missing Microsoft Service Packs and hot fixes (15.4 percent), and antivirus problems, where the AV was either misconfigured, out of date, or missing (15.4 percent).

All 25 of the organizations had security and compliance threats in anywhere from 10 to 30 percent of their endpoints. The data comes from scans run before the enterprises installed Promisec's endpoint security tools. Promisec sells clientless endpoint management.

"I was surprised about the [number of machines] missing agents. We're used to AV issues and P2P application issues, but missing third-party agents [was unexpected]," says Hilik Kotler, co-founder of Promisec.

Rebecca Rachmany, senior marketing director at Promisec, says the missing agents issue was especially disconcerting because some of them have consoles that are supposed to catch misconfigurations or other issues. "We were able to identify missing agents when the agent console was not aware of the issue. When you consider that enterprises are putting millions of dollars to invest in these solutions, it is disturbing to find that as many as a quarter of the endpoints aren't running the agents," Rachmany says.

Another disturbing finding in the report was the number of machines missing Microsoft patches, especially in the wake of the Conficker worm. "The level of awareness for the virus was high, yet many endpoints still were not running the latest patch several weeks after it had been released," she says.

Promisec also found that 2 to 3 percent of the endpoints in the study were running dual connections, hacking software, and unmanaged workstations. Dual connectivity, a.k.a. "split tunneling," is where a corporate machine is connected to an unauthorized public wireless network, for instance, while connected to its corporate network via a 3G modem or other access interface in order to access sites forbidden by company policy. Unauthorized USB and PDA usage was around 13 percent, according to the study.

Endpoints also were found with virtual machines that weren't sanctioned by their IT departments. "To use such a program, the user has to be aware he installed it and to have a reason to want his or her activity to be private from the system administrator," according to the Promisec report.

"I think the study validated that there continues to be a significant lack of visibility into the internal networks at almost every company," says Marc Brungardt, executive vice president of Promisec. "The greatest perimeter security in the world is not very helpful if 23 percent of the endpoints present an open window of opportunity."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:


About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights