100% of Organizations Have Security and Compliance Breaches

Inspection of 100,000 Endpoints Reveals More Than 23% Are Missing Required Third-Party Agents; 15% Are Missing Microsoft Hot Fixes or Service Packs


NEW YORK, NY--(Marketwire - December 14, 2009) - Inspections of approximately 100,000 endpoints over 25 organizations shows that typically organizations suffer from 10-30% of security breaches or non-compliance on endpoints in the networks. The top threats were missing third-party agents, unauthorized peer-to-peer applications, missing Microsoft updates, and antivirus issues. The report was issued by Promisec, Inc., a leader in delivering Clientless Endpoint Management (CEM) software solutions to identify and eliminate threats in corporate networks.

The top 4 threats to corporate endpoints were:

--  Missing third-party agents
--  Unauthorized peer-to-peer applications
--  Microsoft products missing recent service packs or hotfixes
--  Antivirus problems, meaning the antivirus was disabled, missing, or
    not updated for the latest version
    

"It's increasingly difficult for IT staff to get full visibility of the endpoints," said Robin Mayo, President of US Operations of Promisec. "Today many endpoints are running 5 or 6 agents for standards compliance or to meet security standards. It's no surprise that in many organizations, more than 20% of endpoints are missing or have misconfigured one or several of those agents."

The report covers the trends and incidence of the following threats to corporate networks:

--  Missing third-party agents, such as encryption, personal firewall, and
    other management and compliance tools.
--  Anti-virus problems, such as disabled or missing antivirus, or lack of
    recent updates
--  Peer-to-peer applications
--  Missing Microsoft service packs and hotfixes
--  Dual connectivity through wireless and mobile networks
--  Existence of hacking software
--  Unmanaged workstations
--  Unauthorized Virtual Machine software use
--  Unauthorized USB and PDA use
    

"Today, users and applications are sophisticated," said Hilik Kotler, Promisec Co-Founder and EVP Business Development. "Users can easily bypass security enforcement mechanisms by using unauthorized devices, installing unauthorized applications, and disabling required updates or security maintenance tasks. Most of this behavior isn't malicious, but it poses serious threats to corporate networks. Our inspection was able to identify this behavior, where client-based solutions tend to fall short."

According to the report, all organizations were at risk with problems involving employee misconduct and technical errors on the endpoints. No organization showed a clean bill of health.

Promisec's annual study aims to reveal serious problems that persist at the endpoint level of enterprises and other organizations. The company's research has provided CIOs with unprecedented visibility inside their networks. The full report is available at http://www.promisec.com/security_audit_report.html.

Promisec offers a free security and compliance audit to qualifying organizations. To apply for a free audit, visit http://www.promisec.com/free_audit_request.html.

About Promisec

Promisec, Inc. delivers Clientless Endpoint Management (CEM) software solutions that eliminate threats and optimize corporate internal networks with unprecedented visibility and control over the endpoints. Promisec's patented technology allows IT managers to identify and resolve security, compliance and policy issues in a matter of minutes, without making any changes to the network or endpoints.

Founded in 2004 by former military intelligence experts, Promisec's management team brings broad high-level executive experience in the network security industry.

Promisec is a privately held company with headquarters in Israel and offices in New York, Tokyo and Paris. Our customers include Forbes Global 2000 companies and other organizations in the manufacturing and service industries as well as government and health care institutions.

For more information, see www.promisec.com.

Contact Information: Contact Rebecca Rachmany rebecca.rachmany@promisec.com US Phone: 1 (212) 743-9921 International: +972-54-6678863 55 Broad Street, Suite 20C, New York, NY 10004 Rebecca Porter Rainier Communications rporter@rainierco.com Phone: 1-508-475-0025 x114 1700 West Park Drive, Suite 190, Westborough, MA 01581

Promisec Endpoint Security Audit Report - Internal Risk Breakdown Promisec Endpoint Security Audit Report - Internal Threats Trends