TMCnet News

Survey Finds 52 Percent of Companies Rely on a ''Moat & Castle'' Approach to Network Security
[March 07, 2005]

Survey Finds 52 Percent of Companies Rely on a ''Moat & Castle'' Approach to Network Security

CARLSBAD, Calif. and REDWOOD SHORES, Calif. --(Business Wire)-- March 7, 2005 -- Survey of CISOs Shows Stopping Unknown Threats and Measuring Compliance to Be Top Concerns in 2005, While Budgets Hold Steady or Increase

According to a new survey sponsored by Preventsys and Qualys, 52 percent of chief information security officers acknowledged having a "Moat & Castle" approach to their overall network security. They admitted that once the perimeter security is penetrated, their networks are at risk. Yet, 48 percent consider themselves to be "proactive" when it comes to network security and feel that they have a good grasp on their enterprise's security posture. This runs counter to the reactive, perimeter-based security approach noted by more than half of the respondents.

The survey was conducted during a recent CISO executive breakfast seminar series where the CEOs of Preventsys and Qualys, along with other top-level security professionals discussed proven ways to convey departmental progress. They spoke on effective methods for justifying budgets, setting achievable security goals, and tying information security directly to business initiatives to improve communication between IT and upper management.

According to the survey, 24 percent felt their security was akin to Fort Knox -- it would take a small army to get through; while 10 percent compared their network security to Swiss cheese, security holes inside and out. The remaining 14 percent of respondents described their current network security as being locked down on the inside, but not yet completely secured to the outside.

Preventsys and Qualys also found that 46 percent of security officers spend more than a third of their day, and in some cases as much as 7 hours, analyzing reports generated from their various security point solutions.

"We conducted this survey to gain further insight into the daily issues facing CISOs. We were intrigued by the contradictory findings -- CISOs like to think they are proactively addressing network security, but when we look closer, that is not always the case," said Tom Kuhr, vice president of marketing at Preventsys. "These results highlight the need for large enterprises to improve their approach to managing security and really cover all parts of their network, not just the perimeter, so they can actually become as proactive as they aspire to be."

The most pressing concerns for CISOs this year are protecting their networks from the unknown (32 percent) and achieving and measuring regulatory compliance (28 percent).

On a positive note, the survey revealed a positive trend in spending, with all respondents reporting that budgets are either holding stable or increasing in 2005.

About Qualys

Qualys is the leader in on demand vulnerability management. The company allows organizations of all sizes to effectively secure their networks, conduct automated security audits, and ensure compliance. Qualys automates the process of proactively identifying and remediating security vulnerabilities, and provides the quickest route to neutralize worms and other emerging threats according to their relative business impact. Qualys' on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organizations. Thousands of customers rely on Qualys, including DuPont, Hershey Foods, Hewlett-Packard, Standard Chartered Bank and many others. Qualys is headquartered in Redwood Shores, Calif., with European offices in France, Germany and the U.K., and Asian offices in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit

About Preventsys

Preventsys provides Enterprise Vulnerability Management systems to Fortune 500 companies and government agencies for the proactive, centralized and automated management of network security processes, configuration management and regulatory compliance. For more information, visit

(C) 2005 Preventsys Inc. All rights reserved. All companies and products mentioned are trademarks and property of their respective owners.

[ Back To's Homepage ]