BOCA RATON, Fla. and ALBUQUERQUE, N.M. – As Halloween approaches, a VanDyke Software-commissioned survey of 360 enterprise IT security professionals reflects a scary dynamic: one in four enterprises acknowledged they have been victims of intrusions to their office networks and office servers in the last two years, with more than 40% of companies with 20,000 or more employees indicating a successful intrusion.

Commented Steve Birnkrant, CEO of Amplitude Research [1]: "Despite the high percentage of successful intrusions, the responses also indicate a strong resolve by IT security decision makers to tackle challenges to the security of their enterprise computers, servers and networks. Enterprises — small, medium, and large — are responding to vulnerabilities by locking down office machines, networks, and servers through the use of firewalls, scanners, detection systems, or other security measures. Overall, more than 50% of the respondents indicate security monitoring of their office servers using scripts running across all machines on an automated, scheduled basis."

The following provides a snapshot of what tactics various-sized enterprises are employing to meet the challenge of intrusions to office computers and/or office networks:

How enterprises are meeting the challenge of security intrusions:

92.26% installed a network firewall
53.56% use a network analyzer (e.g., Microsoft Baseline Security Analyzer)
53.25% turn off nonsecure protocols like Telnet or FTP
51.70% installed an intrusion detection system
50.77% installed a user-based firewall
42.11% implemented WiFi security (WEP, WAP, proprietary like 3Com)
39.63% set up a DMZ
37.77% use a port scanner to locate out-of-policy services on the network
3.72% stated "other"

Commented Jeff P. VanDyke, president of VanDyke Software [2], which provides a number of solutions to enterprises for data protection and commissioned the Amplitude Research survey: "In the final quarter of 2005, it is somewhat surprising that only slightly more than half of enterprises indicated they have turned off nonsecure protocols like Telnet or FTP. It is an important step to decreasing intrusion vulnerability and yet the number of enterprises that actually do so is far from being an 'overwhelming majority'."

Where Enterprises Are Finding Information About Security Best Practices:

69.17% Security-related websites
67.50% Trade magazines (eWEEK, Network Computing, Secure Enterprise)
53.06% Training courses from professional organizations (e.g., SANS)
50.00% Conferences (e.g., NetSec, USENIX, SANS)
49.17% Newsletters
49.17% Online discussion forums
48.61% Books (e.g., O'Reilly, Wiley, Addison-Wesley, Microsoft Press)
36.94% Local training courses (e.g., college or university, user groups)
33.06% USENET groups
33.06% Security-related blogs
5.00% Other
0.56% None of the above