Survey of CISOs shows stopping unknown threats and measuring compliance to be top concerns in 2005, while budgets hold steady or increase
Carlsbad, Calif. and Redwood City, Calif — March 7, 2005 — According to a new survey sponsored by Preventsys and Qualys, 52 percent of chief information security officers acknowledged having a “Moat & Castle” approach to their overall network security. They admitted that once the perimeter security is penetrated, their networks are at risk. Yet, 48 percent consider themselves to be “proactive” when it comes to network security and feel that they have a good grasp on their enterprise’s security posture. This runs counter to the reactive, perimeter-based security approach noted by more than half of the respondents.
The survey was conducted during a recent CISO executive breakfast seminar series where the CEO’s of Preventsys and Qualys, along with other top-level security professionals discussed proven ways to convey departmental progress. They spoke on effective methods for justifying budgets, setting achievable security goals, and tying information security directly to business initiatives to improve communication between IT and upper management.
According to the survey, 24 percent felt their security was akin to Fort Knox it would take a small army to get through; while 10 percent compared their network security to Swiss cheese, security holes inside and out. The remaining 14 percent of respondents described their current network security as being locked down on the inside, but not yet completely secured to the outside.
Preventsys and Qualys also found that 46 percent of security officers spend more than a third of their day, and in some cases as much as 7 hours, analyzing reports generated from their various security point solutions.
“We conducted this survey to gain further insight into the daily issues facing CISOs. We were intrigued by the contradictory findings CISOs like to think they are proactively addressing network security, but when we look closer, that is not always the case,” said Tom Kuhr, vice president of marketing at Preventsys. “These results highlight the need for large enterprises to improve their approach to managing security and really cover all parts of their network, not just the perimeter, so they can actually become as proactive as they aspire to be.”
The most pressing concerns for CISOs this year are protecting their networks from the unknown (32 percent) and achieving and measuring regulatory compliance (28 percent).
On a positive note, the survey revealed a positive trend in spending, with all respondents reporting that budgets are either holding stable or increasing in 2005.
QualysGuard is an on demand vulnerability management solution that enables organizations to assess and manage business risk. QualysGuard automates the network security auditing process across the enterprise both inside and outside the firewall, and across distributed networking environments. QualysGuard provides network discovery and mapping, asset prioritization, centralized reporting, and remediation workflow and verification. Executive-level reports allow security professionals to demonstrate effective security practices and verify compliance with data protection laws and regulations. QualysGuard’s on demand technology is far more accurate, cost effective, and easier to deploy than software-based alternatives.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Preventsys provides Enterprise Vulnerability Management systems to Fortune 500 companies and government agencies for the proactive, centralized and automated management of network security processes, configuration management and regulatory compliance. For more information, visit www.preventsys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.