StillSecure, provider of an award-winning, integrated suite of enterprise network security solutions, today announced the Endpoint Security Index, a research project that outlines the value of network access control and policy enforcement. StillSecure developed the Endpoint Security Index to quantify the threat that endpoints introduce into a typical enterprise network, and to determine the best methods for reducing an organization’s risk. Two months of findings already confirm that security policy enforcement is an increasingly necessary and effective method for combating network attack.
To develop the Endpoint Security Index, StillSecure’s Security Alert Team (SAT) tracks the number of vulnerabilities, viruses and spyware that infiltrate four endpoint devices with different security policies – including no policy, a typical policy, a typical policy with enforcement, and a high policy with enforcement. Each of the policies has varying levels of the following security measures: personal firewall, hotfixes, anti-virus, anti-spyware, and Internet Explorer Security Zone settings.
No security measures are implemented in the no policy setting. The typical policy includes delayed hotfixes and anti-virus updates, with a medium security zone setting. The typical policy with enforcement uses a network access control solution to enforce up-to-date hotfixes and anti-virus, and the high policy with enforcement adds a host firewall, anti-spyware, and a high security zone setting.
“Attacks that leverage the endpoint have increased exponentially over the past few years, validating the importance of testing each endpoint before it gains network access to determine any remediation activities that are needed,” said Mitchell Ashley, CTO and VP of Customer Experience at StillSecure. “The Endpoint Security Index helps organizations understand what policies to put in place so that they meet compliance and business continuity requirements. Initial results illustrate the importance of active policy enforcement; it´s the difference between having anti-virus installed and ensuring it´s up-to-date, which can be the deciding factor the next time a Blaster-style worm hits.”
More data from the project’s findings will be available in the coming months. Some initial observations are outlined below:
Endpoints with no security policy are vulnerable to a series of cascading security events. In January 2006 the endpoint with no security policy obtained an IRCbot which led to adware being installed, the Prutect trojan corrupted anti-spyware updates and interfered with virus scanning, and other unauthorized system changes were made.
There is a correlation between the Internet Explorer security zone settings and the amount of spyware on a device. Low and Medium-Low settings allow users to download potentially malicious files that have been compromised by spyware. File downloads are not permitted with high security zone settings so the threat is non-existent.
For more information about the Endpoint Security Index and details on monthly findings please visit: http://www.stillsecure.com/endpointindex.