Enterprise IT Departments Struggle with Security, Network Downtime: Solera

In a survey of IT, security and operations professionals, nearly all the responders were concerned about network downtime, but only two-thirds of them had an incident response in place.

Despite recent studies indicating that IT executives consider information security a high priority for their organizations, many organizations are not prepared to "adequately respond" to security incidents, according to a recent study from Solera Networks.

Almost all the respondents, or 96 percent, considered employee Web activity, such as browsing to a malicious Website, a threat, according to the study. A significant number, 71 percent, said instant messaging poses security threats. Very few respondents, or 12 percent, felt the organization could effectively monitor or capture IM activity.

Most survey respondents had, or expected to have, a "significant" security incident. A little over a third of the respondents reported a significant security incident within the last three years, and more than 80 percent thought it likely they would experience one in the next three years, according to the study.

"Opportunistic theft and vandalism on networks is being replaced with targeted, multi-component, persistent attacks focused on specific systems and assets," said Peter Schlampp, vice president of marketing and product management at Solera.

While being hit by malware, such as worms and Trojans, were a concern, 93 percent of respondents said they were "moderately or extremely concerned" about network downtime, followed with 92 percent concerned about the time required to recover from security incidents. Malware was the third item respondents were worried about.

In fact, network downtime concerns trumped all worries. Even though almost a third of the respondents said attackers were more likely to steal intellectual property, only 69 percent were worried about actual theft.

There was a very wide gap between what staff and managers were worried about and what the company was doing. Despite being worried about an attack, half of the organizations knew they were either not prepared or only somewhat prepared to handle these incidents.

Most organizations are "ill-prepared" to prevent and respond to security incidents, said Schlampp.

About 35 percent of the organizations surveyed reported having "weak or no incident response plans" to address business continuity and recover from network downtime.

Nearly everyone, or 96 percent, said real-time traffic data and network forensics would help analyze and review what is happening on the network, but only 19 percent said their organization has the capability to collect the data, according to the survey. Survey researchers found that even those who claim to collect the data are getting very limited information.

The "good news" is that many organizations recognize that the ability to perform real-time network forensics is critical, and are beginning to budget and plan for it, wrote the researchers.

Solera's Network Forensics Survey is an annual survey, in its second year, examining how IT and network security personnel view and respond to network security breaches. More than 1,000 IT professionals from large enterprises in the United States, with at least 1,000 network nodes, were selected for the survey. Upper and middle management made up a little over two-thirds of the respondents. The remainder consisted of regular staff and workgroup managers. About 27 percent of the respondents were security professionals, and half were part of the IT department.