Seven signs of trouble in endpoint security

Computerworld - Feeling vulnerable? Chances are your network is.
According to a 2004 Computer Security Institute/FBI study, disruptions from recent security incidents, such as Nimda, Blaster and SoBig, as well as other vulnerabilities, cost the average enterprise more than $2 million in direct losses.
To mitigate these security threats, corporations and government agencies spent more than $20 billion in 2004 on the problem of Internet security vulnerabilities, according to market research company IDC. Gartner Inc. estimates that another $11 billion will be spent on broader systems management products.
However, most security investments leave mobile endpoints at risk. This is because mobile computers are difficult to manage with traditional security measures and can become vulnerable in many ways, including the following:

• Failure to maintain current security configuration and patch levels because the computer wasn't in the office or on the network at the right time to receive them


• Corrupted patches, which can occur if a current version of a Dynamic Link Library is overwritten by an older vulnerable version when the user installs or reinstalls software


• "Weak" security settings, which are often the result of a user changing settings when attempting to get the computer to communicate with the Internet on a home network or a customer's internal network


• The growing number of mobile workers, which can compound problems -- and compromise your network -- when communication is re-established with the network.

So the question becomes, just how vulnerable are you? We've come up with seven signs that can help any enterprise evaluate how secure it is at the endpoint.
No. 1: You don't know what software is installed and running or how your mobile computers are configured.
Enterprise administrators today are often faced with substantial challenges when attempting to collect and view timely information about the computers they manage. The most common method is through systems management infrastructures. However, this approach is limited in its ability to provide all of the information that administrators need, forcing them to rely on data that's weeks or even months old.
You need to have a timely and comprehensive understanding of the configuration of the systems that you manage. Systems are available that allow administrators to identify properties, including patch levels, antivirus status coverage, security configuration, running applications and services.
No. 2: You rely on antivirus and personal firewall software as your total solution to endpoint security.
According to The Yankee Group, more than 80% of enterprises across Europe and North America experienced a worm or virus incident in the past year, despite significant investments in antivirus software. This is