Annual Internal Threat Report Reveals Attacks Against Corporate Networks Unrelenting
Key Findings Indicate that Serious Network Vulnerabilities and Growing Number of Attacks Continue to Cripple Status Quo Security Defenses
Cambridge, MA, - Mazu Networks, Inc. announced the availability of the second annual Mazu Networks Internal Threat Report. The research reveals that although enterprises are more aware of the internal network threat, they continue to fall victim to a growing number of attacks that circumvent perimeter and endpoint security solutions.
"The research proves that enterprises remain vulnerable to documented threats as well as new attack types and vectors," said Jon Oltsik, senior information security analyst for ESG and the study’s principal author. "With highly publicized attacks monopolizing media real estate in 2005, it is no surprise that many companies still lack confidence in their ability to defend effectively their critical networks from compromise. The results demonstrate the need for a more layered defense strategy that provides extensive internal network visibility."
In its second year, the 2006 Mazu Networks Internal Threat Report offers year-over-year research comparisons as well as a number of new data points that further illustrate the state of internal network security. The research delves deeper into the security challenges enterprises face and offers insight into the types and the frequency of internal attacks, common network vulnerabilities and the impact of regulatory issues on information security. Key research findings include:
- The growing number of organizations granting network access to external constituencies represents a growing risk. The research shows that 85% of the respondents stated that their organization extends network access to non-employees. Thirty-nine percent of respondents expect the number of non-employees accessing the network to grow significantly during the next few years.
- High risk vulnerabilities are commonplace in corporate networks. Respondents found a number of risky vulnerabilities on their networks during 2005. Of the companies surveyed: 28% found unauthorized reconnaissance; 23% found unauthorized personnel with root or administrator access and 17% found suspicious connections to critical applications and databases on their networks.
- Internal attacks pose a major threat to critical business assets.
- Twenty-three percent had an internal breach, while 27% had no means of knowing whether or not an attack had occurred.
- Eighteen percent experienced more than five targeted attacks that were externally sourced.
- An additional 27% did not know whether or not they were compromised by a credentialed user.
- Worms remain a major disruptive force to enterprise network security.
- Defense strategies against worm attacks also proved ineffective this past year. The research results showed that there was zero improvement in defeating worm attacks during 2005 as compared to 2004 findings. Despite a decrease in the number of worm attacks and an increase in security spending, 51% of companies surveyed reported that their internal network was compromised by worms during the last 12 months.
- Twenty-five percent of the respondents stated that it took between three and six hours to detect a worm attack, while 26% stated that it took more than 24 hours to remediate the impact of the attack.
- Worm attacks caused 66% of the respondents to experience system downtime followed by: 36% experiencing interruption of a critical application, service or system; 19% experiencing intellectual property theft and 14% experiencing data corruption or loss.
These results are despite an increase in perimeter security investments:
- Firewalls deployed, 99%.
- Network-based IDS deployed, 72%.
- Network-based IPS deployed, 43%.
- Host-based IDS deployed, 45%.
- Host-based IPS deployed, 33%.
"Through our research we have learned that although people continue to invest in perimeter and endpoint security solutions at an increasing rate, they are still vulnerable to a wide range of threats," said Paul Brady, CEO, Mazu Networks. "Our latest research provides clear and statistical proof that the internal network threat is real and ever-changing. Through our behavior-based approach, Mazu Networks is the only company that can effectively secure today’s more open, expansive and inter-connected corporate networks."
The study, which was conducted for Mazu Networks by ESG, analyzed data gathered directly from 218 US-based organizations with more than 1,000 employees each. The survey asked security and IT professionals at these firms about their experiences with threats and attacks against their internal corporate networks in 2005. Survey questions focused on attacks that originated directly from within their networks and on attacks that successfully penetrated their core networks after evading perimeter-based security measures.
A free copy of the Internal Threat Report is available with registration from Mazu Networks.