News Stay informed about the latest enterprise technology news and product updates.

Audit finds endpoint security risks in every end-user company

To make endpoint security really work, VARs will have to teach customers about real risks from USB, WiFi and other devices that poke holes in typical security plans.

In a recent security audit of companies with more than 500 employees, every single one had vulnerabilities that would let employees or strangers hook up their iPods or WiFi devices, and walk off with critical corporate data.

And, despite the presence of antivirus and intrusion prevention technology in most midsized and enterprise companies, the most egregious of those holes are completely unplugged and will likely stay that way.

Israel-based vendor Promisec recently audited 30 organizations with 500 to 15,000 users and found endpoint vulnerabilities, to varying degrees, at every one of them. One business had unauthorized USB devices plugged into 55% of its machines, and another had 22% of its users on file-sharing networks.

"Most of the organizations that we checked had the sense that everything would be OK," Promisec CEO Amir Kotler said. "They were kind of astonished when we showed them."

Endpoint security resources
Data theft creates a rich product, service market for security VARs

Securing enterprise endpoints is key to IT control

Identity and Access Management Security School: Endpoint security

Many businesses don't realize the threats -- or choose to ignore them -- so it's up to the channel to educate clients about their endpoint security options, vendors and analysts said.

More than 99% of businesses run antivirus software, but that doesn't protect against targeted attacks, which are the biggest security threats today, said Natalie Lambert, a senior analyst with Forrester Research in Cambridge, Mass.

"The problem is, there's still a perception that antivirus itself is good enough protection," she said. "And that's certainly not the case anymore."

Top 10 internal threats
1. File sharing
2. Instant messaging
3. Voice over IP
4. Remote control
5. Synchronization software
6. Music managers
7. Badly maintained antivirus
8. Insecure media files
9. Vulnerable Modems
10. Wireless networks
Source: Promisec

Even some organizations that realize the risks turn a blind eye to endpoint security so they don't have to deal with its costs and logistics, said analyst Michael Rothman, president of Atlanta-based Security Incite. Devising and managing specific policies to address each endpoint threat can drain resources, and banning popular but potentially harmful programs such as Skype and iTunes does not typically go over well with employees, Rothman said.

"A lot of people feel they have larger fish to fry," he said.

Although it usually takes being the victim of an attack for an organization's IT administrators to realize the need for endpoint security, Rothman said, value-added resellers (VARs) can get their foot in the door for sales by educating their clients in advance.

The threats to endpoint security vary, so the first step for VARs is to work with clients to develop policies about managing each threat, Kotler said. VARs can then offer products that integrate with their clients' existing security features and are aligned with those policies.

"To protect yourself, there's multiple technologies that are really needed," Lambert said.

One approach is to monitor network and endpoint traffic to show customers where vulnerabilities exist and let them track and block potentially harmful activity, according to Faizel Lakhani, vice president of products and marketing for security vendor Reconnex, which sells an appliance with that combination of functions.

"Most organizations don't have a clue as to what is broken in their business process," Lakhani said.

Knowing where the biggest threats are lets businesses set the best policies to prevent attacks and correct potentially risky behavior from employees. "The endpoint is a powerful place to change user behavior," Lakhani said.

Large vendors including Symantec, McAfee and Sophos sell endpoint security products that feature intrusion prevention systems, network access control and other technologies, but Rothman said there are not yet any integrated products that protect against every endpoint threat. It will take at least a year to 18 months for vendors to develop those products and two or three years for them to make a dent in the market, he said.

An alternative solution to endpoint security is desktop virtualization. It takes advantage of existing network security systems and eliminates other endpoint vulnerabilities, Lambert said.

"You don't have to worry about any breach of the data, because it's not really there," she said.

Desktop virtualization was designed to make management easier, but most of the attention it draws now comes from its endpoint security benefits.

Although it is very uncommon now because it requires a constant Internet connection, virtualization will become more popular in the future, Lambert said.


Let us know what you think about this story; email: Colin Steele, Features Writer.

Dig Deeper on Managed network security services