• Home
• IT Initiatives
• Product Info
• Resources
• Partners
• News & Events
  • Press Releases
  • Press & Analyst Coverage
  • Events
• Company Info
• Customer Support
• Contact Us

Annual Mazu Internal Threat Report conducted by Enterprise Strategy Group reveals extent of internal network security problems and growing concern among midsized to large corporations

---

CAMBRIDGE, Mass. (February 7, 2005) — Mazu Networks, a leading provider of network-wide intrusion prevention systems for the enterprise, today announced preliminary results from its Annual Internal Threat Report. The study showed that a startling percentage of companies continue to experience costly and damaging internal network attacks. Among its key findings were the following:

• Worms continue to be a major disruptive force to enterprise networks
  • 47% of companies had their internal networks compromised by worms in 2004
  • Only 19% are very confident they are properly protected against future outbreaks
• Internal attacks pose a major threat to critical business assets
  • 23% of companies were compromised by a credentialed user in 2004
  • An additional 27% don't know whether or not they were compromised by a credentialed user
  • Only 14% are very confident they are protected against these attacks.
• These results are despite significant investment in perimeter security
  • 96% of the affected companies had firewalls
  • 65% of the affected companies had signature-based IDSs
  • 32% of the affected companies had signature-based IPSs
• Users admit to many internal vulnerabilities that could be easily exploited by a malicious insider. The top internal vulnerabilities include the following:
  • 46% reported active user accounts that belong to ex-employees
  • 44% reported misconfigured hosts or networking equipment
  • 31% Reported rogue wireless access points
• Regulatory compliance is driving significant security activity
  • Of those companies required to comply with Sarbanes-Oxley, 73% say this effort is driving an increase in security investment
  • The highest priority for ensuring compliance is internal network security (50% of respondents)
  • Only 32% of companies are very confident they would pass the IT security component of an audit.

The study, which was conducted for Mazu Networks by the Enterprise Strategy Group, analyzed data gathered directly from 229 US-based organizations with more than 1,000 employees each. The survey asked security and IT professionals at these firms about their experiences with threats and attacks against their internal corporate networks in 2004. Survey questions focused on attacks that originated directly from within their networks, and on attacks that successfully penetrated their core networks after evading perimeter-based security measures.

"Through ESG's surveys of end users, we know that many organizations have suffered financial losses and operational impact from worms, internal attacks, and poorly managed security practices," said Jon Oltsik, Senior Information Security analyst for ESG and the study's principal author. "This isn't just an IT phenomenon, these incidents interrupt business and hurt both top- and bottom-line performance. We believe this data illustrates the need for organizations to invest in security processes and technologies that improve internal network security."

Commenting on the results of the survey, Mazu Networks' president and COO, Paul Brady said, "This study shows the beginning of a major realignment in enterprise network security. Industry analysts conclude that 70% percent of attacks come from inside enterprise networks. This year's Mazu Internal Threat Report shows that while 64% of companies maintain a high rate of security spending at the perimeter, these defenses are not adequately protecting internal assets against worms and insider attacks. Firms that are not investing in solutions to protect their internal network are exposing themselves to unnecessary business risk."

More details on the preliminary results of the annual Mazu Internal Threat Report are available from both Mazu Networks and the Enterprise Strategy Group (contacts listed below). The full report will be available in early March.

About Enterprise Strategy Group

Enterprise Strategy Group is a leading industry analyst firm that provides strategic guidance and unmatched service to technology vendors, IT professionals, venture capitalists, and institutional investors. The Enterprise Strategy Group offers products and services focused on application infrastructure, information security and information management. Enterprise Strategy Group sets itself apart from legacy analyst firms and boutiques by continuing to build its excellent reputation of assisting clients to make strategic business and IT decisions

About Mazu Networks, Inc.

Mazu Networks is the leading provider of network-wide intrusion prevention solutions for the enterprise. Mazu's systems protect networks from worms, insider threats and denial of service attacks. Our solutions enable enterprises to leverage existing network infrastructure to detect and mitigate new attacks with surgical precision, harden networks against future attacks, and monitor and audit usage of sensitive assets and network services. Mazu is backed by premier venture capital firms, including Greylock, Matrix Partners, Pilot House Ventures Group, Benchmark Capital and StarVest Partners. Symantec Corporation also is an investor in the Company. Mazu is an IBM Business Partner. Headquartered in Cambridge, Mass., Mazu also has locations in New York, San Francisco and Washington, D.C. For more information, please visit www.mazunetworks.com.