Consolidating the SMB Security Tool Hodgepodge

As the frequent news reports of data breaches attest, maintaining data security is a tough row to hoe — even for large enterprises. It’s even harder for small and medium-sized businesses (SMBs), which don’t have the money or IT resources their larger counterparts have.

The plethora of threats is daunting, and new forms of attack have made the situation worse for SMBs.

Until recently, security solutions were often inadequate because too many vendors focused on a select few threat areas. That often meant businesses would have to buy a combination of products from different vendors and spend resources to manage each one, a solution not usually very appealing to SMBs.

The situation is changing. Many vendors are beginning to roll up multiple security features into their products, providing SMBs a security umbrella to hide behind and making their products easier and more efficient to manage. Some are offering their solutions on a subscription basis — Software as a Service (SaaS).

The Rising Tide of Evil

Perhaps driven in part by the recession, hackers are getting busy. The Identity Theft Resource Center has counted over 200 notable corporate computer security breaches involving the loss of personal data in 2009 alone (though some of these occurred in 2008 and were only reported this year).

The result: 11.5 million records exposed. Meanwhile, according to antivirus vendor Symantec’s MessageLabs intelligence report from last month, spam levels increased 10 percent between March and April. The most spammed industry sector was retail, where spam levels rose to nearly 83 percent of all emails.

Malicious Web sites also increased by more than 27 percent in April. That month, Symantec intercepted more than 3,500 new Web sites per day day containing malware, spyware and adware.

In another form of attack, hackers are hijacking legitimate Web sites’ pages to host their poisoned content. Images containing malicious content are being hosted on apparently trustworthy sites, and spammers are pasting links to them on reputable sites to avoid detection.

The Global Village

Despite the dangers, having an Internet presence is almost a precondition of doing business these days, even for SMBs. That opens them up to new attacks, Dan Woodward, director of product marketing for SMBs at Trend Micro, told the E-Commerce Times.

The danger comes from both within and outside the business.

“There’s no such thing as a safe Web site any more,” Joan Fazio, director of product marketing for endpoint security at Symantec, told the E-Commerce Times. “Sometimes you don’t even have to click on a link — just viewing a Web page could initiate a download onto your computer that is an executable or a virus.”

Less Is More

Until recently, security vendors have typically offered solutions targeted to one type of threat only. The result was a plethora of security systems in the IT environment.

“Years ago, an investment bank wrote a report that said most enterprises had 31 different security systems,” Gartner analyst Adam Hils told the E-Commerce Times. “For SMBs, it was maybe 15 systems.”

Now, vendors are consolidating their systems, and solutions from three to four vendors will provide good protection, Hils said. “For the small business, three vendors are manageable; once you get above four vendors, the situation becomes unmanageable.”

Many vendors are now offering multifunction firewall or end-point protection platforms that are designed to meet SMBs’ requirements.

“They’re no longer performance hogs and cost pretty much the same as antivirus software,” Hils said, “and as those tools get better, more and more SMBs are starting to consider replacing their antivirus solutions with these platforms.”

Rolling Out Multifunction Products

Trend Micro’s Worry-Free Business Security, Version 6, which was unveiled on Tuesday, provides SMBs with Web protection, email protection and file protection, Woodward said. It automatically updates its security database from the vendor’s worldwide Smart Protection Network.

In early May, Symantec unveiled its Symantec Protection Suite, which offers three layers of protection: end-point security; messaging security; and backup and disaster recovery. This is tied to Symantec’s Deep Sight advanced alert system. Changes in the threat level can trigger an automatic backup if the user sets the system to do so.

In late April, McAfee unveiled a family of seven appliances in its McAfee Unified Threat Management Firewalls family, which integrate intrusion prevention, network firewall protection and virtual private network (VPN) services. Reputation ratings for mail filtering and Web filtering, as well as antimalware, antispyware and antivirus capabilities, are optional.

Getting SaaS-y

In these tight economic times, anything that will save a buck is attractive, and some SMBs are turning to security Software as a Service (SaaS) solutions.

SaaS solutions can sometimes save time and money, as the customer pays a subscription instead of having to pay for the hardware and software up front. The vendor takes care of the maintenance.

“SaaS has begun to catch on in the past 24 months or so,” Trend Micro’s Woodward said. “Small business users are picking it up quickly, because they want to set it and forget it.”