Sophos posts initial results on global corporate Endpoint Assessment Test

The test ran for 40 days and collected information from over 580 PCs worldwide

Singapore. June 23, 2008 – IT security and control firm Sophos today announced its initial findings from the Sophos Endpoint Assessment Test. This free online scanning service checks for endpoint security vulnerabilities. The test looks for missing Microsoft security patches, disabled client firewalls, or missing endpoint security software updates. The test ran for 40 days and collected information from over 580 PCs worldwide. The results show that 81 per cent of the corporate endpoints tested had failed one or more of these basic checks.

From the three tests conducted, results showed that 63 per cent were missing at least one Microsoft security patch from one of the following: Microsoft Windows operating system, Microsoft Office, Microsoft Internet Explorer, Microsoft Media Player or Flash Player. Meanwhile, 51 per cent of endpoints tested had disabled client firewalls and 15 per cent had out-of-date or disabled endpoint security software.

“We’re holding up to the light an aspect of endpoint security that has long been evaded by IT departments – the inability to properly assess and control baseline endpoint security requirements such as updated patches, enabled firewalls and current anti-malware signatures updates. Ultimately, machines that fail such a test represent ‘low hanging fruit’ for cybercriminals and a real danger to their corporate networks,” said Jim Dowling, Director of Sales for Asia, Sophos. “Sophos will continue accumulating endpoint assessment results to raise awareness and to help organizations prioritize the areas of greatest vulnerability.”

For the Sophos Endpoint Assessment Test, Sophos collected data from 583 corporate endpoints across all geographies. North America represented 39 per cent of the sample base, while the UK made up 36 per cent, and Australia and Germany were 11 percent and 9 percent respectively (5 per cent being other countries).

Additional statistical information is as follows:
· 39 per cent of the end users were part of an organisation with fewer than 100 users
· 36 per cent were part of an organisation size between 100 and 1000 users
· 25 per cent were from organisations larger than 1000 users