EMERYVILLE, Calif. -- BigFix Inc. today released the Security Configuration Management Strategies Report highlighting top concerns for IT leaders in 2007. The report finds the inability of security configuration management (SCM) solutions to manage mobile workers disconnected from the network to be the number one way SCM solutions contribute to security attacks. Additional findings indicate that antivirus products do not provide complete protection from malware once the network is exposed. The study, commissioned by BigFix, surveyed 450 IT leaders, director level and above, working for large enterprises across the United States 84 percent with revenue of $2 billion or more in a wide variety of industries from financial services to transportation.
Nearly 40 percent of the respondents organizations have been affected by malware within the last year and more than 80 percent of the respondents indicated they were using antivirus products from one of the leading vendors in the market McAfee or Symantec. Although anti-malware solutions have become highly commoditized, the number of instances of malware attacks remains a primary issue for large organizations.
Security configuration management solutions can contribute to vulnerabilities by not providing complete visibility and control across the enterprise. Thirty percent of the respondents attributed intrusions to their solutions inability to manage mobile users disconnected from the network. Nearly half of the IT leaders surveyed indicated they were using Microsoft SMS or IBM Tivoli, and 45 percent of the respondents were indifferent or dissatisfied with their SCM solution.
Clearly, securing the mobile workforce needs to be a top priority for global companies, said BigFix CTO Amrit Williams. And we believe there needs to be a shift in the way that IT approaches the problem. Many enterprise security solutions do an adequate job in static, predictable environments, but addressing emerging threats in dynamic environments requires the ability to continuously enforce policies and manage your endpoints in real time when theyre off the corporate LAN. Legacy security solutions cant manage these blind spots effectively, and consequently leave the enterprise vulnerable to all kinds of attacks and intrusions.