SOURCE: Secure Computing

October 03, 2007 12:01 ET

Secure Computing Announces Results of a Commissioned Study by Independent Research Firm on the State of Web 2.0 Security

Among Other Findings, Report Concludes That Many Organizations Have a False Sense of Preparedness and No Blue Print to Train Employees on How to Deal With New Web Threats

SAN JOSE, CA--(Marketwire - October 3, 2007) - Secure Computing Corporation (NASDAQ: SCUR), a leading enterprise gateway security company, today announced the results of a commissioned study conducted by Forrester Consulting on behalf of Secure Computing. The study, which surveyed 153 IT professionals and security decision makers in companies with at least 1,000 employees, found -- among other things -- that while Web 2.0 usage is already prevalent in enterprises, organizations are not prepared to deal with the potential threats associated with the technology. The study further notes a lack of risk awareness, user training and consistent policies.

The study suggests that about half of the organizations surveyed spent more than 25 thousand dollars in the last fiscal year on malware remediation. It was therefore not surprising to learn that businesses are wary of Web 2.0 usage and associated threats. While 97 percent of all enterprise IT staff consider themselves "prepared," 79 percent have reported frequent attacks from malware. In addition, 79 percent of those surveyed are concerned about viruses, and 77 percent about Trojans, but only 12% were concerned about botnets even though bot networks have been growing rapidly as demonstrated by the recent estimate that the storm threat was propagated by over 1 million computers in a single botnet. These findings confirm that the majority of today's enterprises are still concerned -- to a considerable degree -- about Web 2.0 threats in their organizations.

Other significant findings include:

--  It costs organizations from $15 - 30 per user per year to recover from
    malware threats alone
--  92 percent of the respondents indicate that outbound data leakage
    prevention is an important aspect of Web filtering and 58 percent consider
    data leakage an extremely important business concern
--  That said, only 33 percent of the respondents have data leakage
    prevention capabilities in place today

Are Organizations Prepared for Web 2.0?

The study found a noticeable discrepancy between the amount of concern over security threats, and how well prepared businesses actually are -- or even perceive themselves to be.

While nearly 97 percent of those surveyed consider themselves prepared for Web-borne threats, a full 68 percent concede that there is room for improvement. However, it is important to note that when asked how often they experience malware attacks, a 79 percent reported more than infrequent occurrences of malware, with viruses and spyware being the leading issues.

According to the study "Today, the Internet is beleaguered with threats such as Phishing, viruses, Spyware, and botnets, all threatening to challenge your business operation. The need to keep inappropriate content at bay, reduce non-business bandwidth consumption, and limit exposure to Internet threats gave rise to the industry of Web filtering. The need for more effective web protection has never been greater."

Recommendations Based on Study Findings:

Given the complexity of the current threat and technology environments, Forrester and Secure Computing recommend that organizations look beyond a simple filtering solution, and:

--  Employ next-generation Web filtering technologies, with enterprise-
    grade performance, scalability, and support for management. "Next-
    generation" capabilities include reputation services, blended threat
    protection and behavior-based detection. Additionally, outbound content
    control such as data leakage and application control is essential.
--  Re-examine the adequacy of security policies and protection
    capabilities. Report data shows that most organizations are confident that
    their protection policies and mechanisms are adequate, yet still face
    problems due to malware and data leakage. Organizations should re-evaluate
    policies and protection mechanisms in the face of the latest trends of Web-
    borne threats, especially those connected with Web 2.0 applications.
--  Improve user awareness and training on Web 2.0 and web-borne threats.
    The first rule of thumb for improving security protection is considering
    people and process alongside with technologies. Organizations should
    implement systematic and comprehensive training to communicate the
    magnitude and extent of Web threats to users.

Secure Computing Responds:

In response to these study findings, Secure Computing has launched "SWAT," the Secure Web 2.0 Anti-threat Initiative to raise awareness of Web 2.0 threats, provide essential guidance on threat protection and deliver leading solutions that help organizations protect themselves in today's environment. As part of SWAT, Secure Computing will offer research findings, best practices, design criteria, white papers, product information and more. To visit the SWAT specific website, please click

About Secure Computing

Secure Computing (NASDAQ: SCUR), a leading provider of enterprise gateway security, delivers a comprehensive set of solutions that help customers protect their critical Web, email and network assets. Over half the Fortune 50 and Fortune 500 are part of our more than 20,000 global customers in 106 countries, supported by a worldwide network of more than 2,300 partners. The company is headquartered in San Jose, Calif., and has offices worldwide. For more information, see

Contact Information

    Ally Zwahlen
    Secure Computing Corporation
    Email Contact

    Paula Dunne
    Contos Dunne Communications LLC
    408-893-8750 cell
    Email Contact