Proactive Threat Management Identified as Top Need in Ponemon Institute Research Report

SUNNYVALE, CA--(Marketwire - Apr 19, 2011) - Narus, Inc., the leader in dynamic network traffic intelligence and analytics for protecting governments, service providers and enterprises against cyber threats and the risks of doing business in cyber space, today unveiled new research from a Narus-sponsored study by the Ponemon Institute that pinpoints where cyber warriors should concentrate their security efforts. Mobile security threats and nation-sponsored cyber attacks ranked high among major security concerns, while critical network infrastructure organizations emerged as a top target for domestic and foreign cyber criminals. The study's respondents, comprising a group of information security experts, subsequently agree that the most essential security technology to thwart cyber attacks is a system that provides advanced warning.

Cyber threats of all kinds have become top of mind lately, especially as new technologies have taken hold. Mobility and the explosion of handheld device use, for example, present endless opportunities for criminal activity. Thus, it's no surprise that mobile devices will become the new venue for potential cyber security threats and an overall challenge to IT security organizations. According to the survey results, respondents feel a primary problem facing cyber security is unsecure applications, especially those that consumers download onto their Internet-connected mobile device. Sixty-seven percent of the survey respondents consider a technology that controls endpoints and mobile connects/devices to be the most important security technology to have in place.

While mobility poses a significant threat to individuals and organizations, well-publicized DDoS attacks launched by foreign entities and domestic criminals alike have endangered our critical infrastructures and put cyber warriors on high alert. The study's respondents felt that a few critical network infrastructures in particular were at risk: telecom and communications (93 percent of respondents); transportation (70 percent); and power and water utilities (63 percent).

Respondents indicated that attacks on their respective organizations are occurring with increased frequency. A full 63 percent of respondents reported seeing an increase in successful intrusions over the past 12 months, likely by a nation or criminal syndicate. Ironically, only 27 percent of respondents have witnessed a corresponding increase in their respective companies' cyber security investments. (The majority believes that a lack of staffing and governance is the No. 1 contributing factor to cyber security deficiency -- even more so than technology.)

Respondents indicated that their current cyber security technologies range from firewalls to anti-virus/anti-malware systems to intrusion detection systems, but 100 percent of respondents consider a solution that provides advanced warning about threats and attackers -- such as NarusInsight -- is essential to maintaining the integrity of not only their network, but also that of the world's largest infrastructures.

Additional key findings:

• Of those respondents whose organizations were attacked, most determined the origin of the attack through signature (73 percent) or traffic or network intelligence (50 percent). It appears that a combination of signature-based security coupled with non-signature-based approaches will be most effective.

• The most severe attack vectors are SQL injection, client-side HTTP attacks, viruses and insider threats. These attacks are considered severe because of their consequences, such as theft of information assets and difficulty in detecting, preventing or correcting effects of the attacks.

• Seventy-seven percent of respondents believe criminal activities evade their firewalls; 67 percent say they evade their antivirus/antimalware systems; and 60 percent say they evade their intrusion detection/prevention systems.

• Respondents believe stealth and secrecy in security operations, education and training within the enterprise, alignment of security with business objectives, and a holistic approach (multiple complementary security software) to enterprise security are necessary to create a strong security posture in their respective organizations.

• Only 33 percent of respondents say their organization collaborates with other industries and the government on cyber security.

"The results presented in the Narus-sponsored Ponemon Institute report are in line with previous studies conducted on behalf of Narus over the past year, and reinforce our message that the implementation of real-time traffic intelligence technology to detect the DNA of the network will curtail malicious cyber activity," said David Friedman, chief marketing officer, Narus. "This technology, in combination with people, processes, and an ecosystem of like-minded vendors and the government, will ensure the integrity of critical infrastructures and protect against criminal cyber activity."

About Narus
Narus provides dynamic network traffic intelligence and analytics software that analyzes information on IP traffic and flow data to map the digital DNA (or behavior) of the network in real time.

Through its patented analytics, Narus' carrier-class software detects patterns and anomalies that can predict and identify security issues, misuse of network resources, suspicious or criminal activity, and other events that can compromise the integrity of IP networks. The NarusInsight System is designed to be integrated into a customer's operational environment, strengthening existing security and monitoring systems, while providing total traffic visibility across the network.

NarusInsight protects and manages the largest IP networks around the world and has been deployed with commercial and government installations on five continents. Narus is a wholly owned subsidiary of The Boeing Company, and is headquartered in Sunnyvale, Calif., with regional offices around the world.