Today we're releasing the second of three reports derived from our RiskRater research.
The first report focused on mobile devices and the BYOD movement. Today's report is concerned with endpoint devices and their security.
Given that user endpoints are increasingly becoming the target of attacks, we were interested in how well the respondents:
- Enable code execution prevention techniques
- Block suspicious email attachments
- Require and enforce periodically expiring strong passwords
Overall, we were happy to find that 4 out of 5 respondents indicated they have implemented all but one of the security controls we asked about. The exception is that only 46% of respondents had implemented code execution techniques (such as DEP or ASLR).
While we are encouraged that so many respondents have taken steps to protect their endpoint devices, we want to stress that this research only covers a few basic security controls. We want to make it clear that endpoint security is an ongoing process that must be monitored and managed, and is most effective when coupled with a full complement of network, application and user security controls and practices.
The full report is located here, please take a look.
If you have not yet had a chance to participate in our RiskRater program, you can do so here.