- July 18, 2023: Linked available resources.
- February 24, 2020: Published.
The Desktop Software and Mobile Software risk vectors are considered as endpoint data. These risk vectors are similar to Server Software, but are for end-user systems that are using outdated (unsupported) operating systems or versions of web browsers. Newer versions of operating systems and web browsers typically address stability issues, bugs, and exploits.
Use Cases for Endpoint Data
- Identify devices that are at-risk in order to apply system updates, apply software updates, and reduce an organization's attack surface.
- Understand how devices at an insured are a risk for known vulnerabilities and other threats.
- Verify questionnaire data from vendors.
Example: Verify claims that their organization is free of a particular operating system.
- Verify other contractual agreements with clients or vendors.
Example: Verify that they've adhered to a policy of keeping end-user operating systems up-to-date.
Resources
| Desktop Software | Mobile Software |
|---|---|
Frequently Asked Questions
How come I’m not observing any data for these risk vectors?
The worldwide Internet Privacy legislation has a limit on the geographical scope of data that can be gathered. We are continuously expanding the geographical scope of endpoint data in order to include information on operating systems and browsers that are available for a larger set of countries.
How does my outdated guest network software affect these risk vectors?
Since data is externally collected, we are unable to determine if a network is being used for guest networks. Guest networks are not differentiated from business networks and still pose a risk to an organization, even if they’re completely segregated from the business networks.
Does endpoint data include Bring Your Own Device (BYOD)?
Connecting a personal device to a corporate network infrastructure is a risk and adds another potential surface of attack for a threat actor to gain access to company data and sensitive information.
Given the Meltdown and Spectre vulnerabilities, we are continuing to see an increasing interest in endpoint data, as they help to identify companies who have not yet implemented patches or updates to protect against the vulnerabilities.