Story image

More than 70% of Windows environments are at risk, survey finds

11 May 2016

The success rate of attacks on corporate networks is growing, and today 70% of Windows environments are at risk of malicious attacks. 

ManageEngine's report titled, Active Directory and Windows Server Security - Trends and Practices, finds in addition to this another 10% of IT admins are unaware of the security standards for Windows environments.

Furthermore, 72% of respondents seek a solution that sends alerts when security configurations change, yet 55% have not begun to use one.

The survey also found that 47% of IT admins find it difficult and time consuming to gain awareness of the current security settings of their Windows environments - a small percentage of respondents use scripts but find it tedious.

ManageEngine says at the centre of most corporate networks is the active directory. Since the active directory is the most important technology to control access to the network and resources, it is important to secure all aspects of this portion of a network, the company says.

However, the growing success rate of attacks suggests that many organisations do not secure their active directory correctly.

“Organisations clearly are paying closer attention to the security for active directory,” says Derek Melber, ManageEngine technical evangelist and microsite manager of security hardening for active directory and Windows servers.

“However, the survey results also indicate that Windows environments are far from being secure, and improved overall visibility is essential,” he says.

ManageEngine says the results of the survey indicate that organisations need to take immediate action to secure their Windows environments. For efficient management of their Windows environments, IT admins could benefit from exploring available reporting solutions, the company says. Businesses can enhance security measures to ensure a more secure and smoother environment to run operations.

Furthermore, ManageEngine says the findings imply a visibility gap in the market. Despite the market availability of solution providers, at least half the organisations do not use a configuration alert system and may need to perform requirement-to-solution mapping to reduce this gap. 

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”