Companies are missing the point when it comes to endpoint security.
Chris Schwartzbauer, vice president of Shavlik Technologies claimed that too many companies and organisations appear to be oblivious to the real threats around the data that PCs, laptops and remote systems may carry and the controls required for securing it.
Schwartzbauer said: “IT administrators often admit to us that they don't have the time to patch their PCs every time, or that remote systems are not updated with the latest anti-malware signatures because current available technology is slow and bulky, and would impede business productivity.
“These barriers, however, mask the real issue, which is that endpoint systems have not been rated as a priority. Understandably, companies are concerned about their critical systems, and the servers and databases that house their most sensitive data. Ironically, these systems are no longer where the greatest vulnerabilities exist.”
Schwartzbauer advised companies to take stock of the items that are critical to perform, such as malware control, patch and configuration management, and define consistent and workable policies upheld by automated processes for high-volume and difficult to manage areas.
“Organisations are dealing with access controls and such on servers and at the network edge, but not on all of the machines. This is especially true for the PCs, laptops and virtual machines, where they are typically only applying anti-virus controls, and neglecting other concerns such as configuration, application control and patching requirements”, said Schwartzbauer.
“Endpoint security must be about holistically managing the corporate environment, whereby the systems at any point on the network, within and outside of the data centre, are subjected to the same level of controls and scrutiny in accordance with the established policies for the organisation.
“The requirement is to develop defence in depth by controlling the state of security in all systems, and not allowing the endpoint to remain an open door to the organisation.”