A modern organization typically maintains a data storage system to store and deliver sensitive information concerning various significant business aspects of the organization. Sensitive information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. In addition, sensitive information may include intellectual property (IP) of an organization such as software code developed by employees of the organization, documents describing inventions conceived by employees of the organization, etc.
To protect an organization's computers against a variety of threats, endpoint protection agents are typically installed by the organization on individual machines throughout the organization. These endpoint protection agents are designed to protect the machines against known and unknown outside threats to the organization. Such threats may include viruses, worms, Trojan horses, spyware, and adware. They can provide protection against even the most sophisticated attacks that evade traditional security measures such as rootkits, zero-day attacks, and spyware that mutates.
As the number of computing systems, such as desktop computers, laptop computers, handheld devices, mobile smart phone, tablets, netbooks, and so on, within an organization increases, so does the potential for security threats to originate within that organization. However, existing security compliance products and services, such as endpoint protection agents, do not measure the overall security posture of an individual computing system within an organization. Generally, these security compliance products and service have sophisticated and advanced products in place to anticipate threats that may be inbound to an organization. However, none of these security compliance products and services measures the overall security posture of the individual computing system and do not assess the threats that are originating from inside an enterprise.