While external threats besiege organization networks every day, people within an organization can pose a significant danger because of their access to sensitive information. Commonly used programs -- file sharing, instant messaging, voice over Internet protocol and music managers -- all pose internal threats to an organization.

Endpoint security has emerged as an important tool to protect the organization's internal network. While the term "endpoint security" is used in different ways and in different contexts, it generally refers to measures taken to secure endpoints within an organization, including laptops, desktops, PDAs and other personal-computing devices. Endpoint security can include building a strategy where security software is distributed to end-user devices, but is centrally managed.

According to Promisec, a company that provides endpoint security solutions, many organizations overlook the importance of endpoint security. Promisec compares traditional IT security structures to a soft-boiled egg, where outside security measures represent the exterior shell, but interior security is about as strong as the soft-boiled fluid of the egg.

Other players in the endpoint security market include GFI and Reconnex, which also sell software that monitors network and endpoint traffic to show customers where vulnerabilities exist, and lets them track and block potentially harmful activity. Larger vendors, such as Symantec, McAfee and Sophos, also sell endpoint security products.

In a 2007 study, Promisec audited 30 organizations with 500 to 15,000 users and found endpoint vulnerabilities at every one of them. One business had unauthorized USB devices in 55 percent of its machines, and another had 22 percent of its users on file-sharing networks. In February 2008, Promisec found 32 percent of computers scanned had unauthorized storage devices attached.

Increasingly organizations such as government are finding a security gap between what is protected from an outside threat and what happens at the end of the computing infrastructure.

"Governments are certainly spending money on IT security, but imagine if your insurance policy covered only 80 percent," said Alan Komet, vice president of marketing for Promisec. "Governments are paying for protection 100 percent of the time, but are getting 80 percent."