NEW STUDY SHOWS EUROPEAN BUSINESSES OVERWHELMED BY SECURITY DATA

28.04.06



A new study finds that European businesses are unable to deal with the vast amount of data generated from security devices such as firewalls and anti-virus software. The study, sponsored by Micromuse -- which was recently acquired by IBM – reports that almost a third (30%) of IT directors questioned admitted that the amount of security data generated is far too great for them to examine to identify potential security threats.

The findings suggest that many organisations rely on the expertise of a single person, who may not have the time to evaluate all the data and stay informed of which security breaches should be tackled first. Sixty-nine percent of organisations rely on a single IT manager to manually sift through records, or "logs," of security incidents to spot suspicious behavior or potential security threats. This figure rises to 79% in the public sector, a disturbing revelation as the public sector moves towards e-government initiatives and begins to put more and more key services on-line.

The sheer volume of data received by organisations was a common theme throughout the research, with almost half of respondents receiving more than 4,000 security incidents, or "events," per second, and 15% receiving more than 6,000 events per second. A security event is registered whether the action on the device is critical or not, creating masses of security data for examination by the IT department -- clearly in excess of the capabilities of the department. Public sector and finance organisations receive more than double the amount of events than other sectors – 38% and 39%, respectively, admitted to receiving more than 6,000 events per second. This may be due to the confidential nature of the data that their networks contain and could indicate that they are the biggest target for cyber criminals, especially if they aren’t managing their security effectively.

The research also reveals that the amount of time spent by organisations to gather, collate and analyze security log data is consuming a significant proportion of IT resources. In fact, one in ten of those questioned said that their IT department spent more than three days each week analyzing security log data. Across the vertical sectors, the retail and public sectors are experiencing the most difficulties in identifying and prioritizing security threats, with 44% and 41% respectively unable to cope with the vast amount of log data received each second.

Furthermore, 72% of businesses rely on the IT manager’s expertise and experience to prioritize which security events matter most. Unless the IT department is kept up-to-date on its business priorities, then a threat linked to one enterprise application may be resolved first – despite another application being more critical to the security of the business.

"With the volume of security threats received by businesses increasing each day, placing the responsibility in just one person’s hands leaves businesses themselves open to breaches -- especially when the person goes on holiday or leaves the organisation,” said Richard Lowe, Senior Vice President for Business Operations, IBM/Micromuse. "As businesses begin to place more importance on remote and mobile working, on-line transactions, intranets and extranets, a more proactive and self-managing approach to security information management is required. It ensures that serious security breaches can be identified, highlighted to staff, prioritised and resolved quickly before they impact services, customers, and revenue."

The survey, entitled ‘Defining and Prioritizing Security Threats,’ highlights the security approach of IT departments across Europe. The research was conducted by independent researchers, Vanson Bourne, and questioned 700 IT managers in the UK, France, Germany, Italy, Spain, Sweden, and the Netherlands.

In February 2006, Micromuse was acquired by IBM as part of its Tivoli division. Micromuse is a leading provider of network management software used by banks, telecommunications carriers, governments, retailers and other organisations to monitor and manage their sophisticated technology infrastructures. The software helps customers manage increasingly complex IT systems that support the proliferation of voice and video traffic, in addition to data, due to the growing adoption of voice over IP (VoIP), audio and video services delivered over the Internet. The combination of Micromuse’s software and IBM's IT service management technology provide customers with a comprehensive approach for reducing the complexity of their IT environments, lowering operational costs, and addressing compliance mandates.

Netcool®/NeuSecure™ is a security information management (SIM) platform designed to improve the effectiveness, efficiency and visibility of security operations and information risk management. Netcool/NeuSecure centralizes and stores security data from throughout the IT enterprise, automating incident recognition and response, streamlining incident handling, enabling policy monitoring enforcement and providing comprehensive reporting for regulatory compliance.

About Micromuse Ltd.
Micromuse Limited, an IBM company, is the leading provider of ultra-scalable, realtime business and service assurance software solutions. The Netcool® software suite provides organisations with the assurance that their IT systems are supporting and driving profits 24 hours a day. Unlike traditional infrastructure management systems, Netcool solutions provide realtime end-to-end visibility and accurate troubleshooting from a business perspective. Such business intelligence allows organisations to respond to problems quickly, streamline workflow processes and improve business uptime. Micromuse customers include BT, Cable & Wireless, Deutsche Telekom, EarthLink, ITC^DeltaCom, JPMorgan Chase, MCI, T-Mobile, and Verizon. Headquarters are located at 90 Putney Bridge Road, London, SW18 1DA, +44 (0) 208 875 9500. The Web site is at www.micromuse.com.
###
Micromuse and Netcool are registered trademarks of Micromuse Ltd. All other trademarks and registered trademarks in this document are the properties of their respective owners. Any statements contained in this press release that do not describe historical facts may constitute forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995. Any forward-looking statements contained herein are based on current expectations, but are subject to a number of risks.