Behind these walls

The increasing range and sophistication of security threats need to be repelled by an equally sophisticated, multi-layered, security strategy to protect an SMB IT infrastructure

  • E-Mail
By  Peter Branton Published  March 26, 2006

|~|Isaacbody.jpg|~|Kevin Isaac, regional director, Symantec MEA .|~|There are two parallel developments that make security a critical issue for SMBs. The first is the ever-increasing range of threats including malicious malware such as adware and spyware. Then there is the fact that increasing use of the internet makes companies ever more vulnerable to these threats. The situation is further aggravated by the fact that SMBs often have little or no in-house security expertise while those trying to hack their website or sneak into their networks are likely to be rather more sophisticated. In the US, where SMBs may be more technologically savvy than their Middle East counterparts, nearly 40% said they had trouble dealing with threats such as spyware and phishing, according to a recent Trend Micro study. “The threats SMBs face are pretty much the same as those an enterprise faces,” says Ned Jaroudi, area marketing director for CA EMEA and Eastern markets. “We’re talking about anti-virus and spyware,” he says. “But it’s even more important for SMBs: imagine a virus coming in and shutting down their environment. A big corporate will have different mirror sites where they can recover and go back to another site: SMBs don’t have that. They probably have one server which holds all the data and if something goes wrong, their bu- siness suffers tremendously,” he warns. Generally, SMBs in the region seem to be aware of the risks: companies that don’t necessarily take other aspects of IT seriously are likely to worry about security. However vendors warn, for many SMBs in the region, security often equates with installing an anti-virus solution on the desktop — which may even be an illegal copy. “Often, you pick up some pirated copy of Norton anti-virus from one of your friends and install it,” says Kevin Isaac, regonal director, Symantec MEA. Ethical issues aside, there is no way of knowing if all the functionalities of the solution are actually working, he points out. Even when a genuine version is used, it is hardly enough, Isaac warns: “We all know that unless you have multiple layers of security [anti-virus, intrusion detection and firewall], you are not at all secure,” he says. Unfortunately, anti-virus solutions aret not geared to deal with today’s more sophisticated security threats. And installing security solutions and installing and managing them properly are two different things. As Justin Doo, managing director, Trend Micro Middle East and Africa, explains: “Half of those that have deployed firewalls don’t configure it correctly. There is a feeling that once they have put in the anti-virus or firewall, they don’t need to do anything,” he says adding, “We found, in one case, a company had not updated its definitions for three months after installing the solution.” Vendors will concede that it is not entirely surprising that SMBs struggle with security. “Most of them barely have enough IT skills. They don’t have any security expertise in-house,” admits Doo. And Isaac believes the onus is on security vendors to make things simple and affordable for SMB customers. He feels vendors should foll- ow the lead of telecom firms that have come up with ‘packages’ for different types of users. Symantec for instance, has launched an initiative with the telecom operator Etisalat for its UAE customers. Those subscr-ibing to Etisalat’s broadband ser- vices got a Norton anti-virus sol-ution free with an ADSL modem. At the same time, most security vendors have come up with solutions that integrate products such as firewall, anti-virus, and protection against spyware in one package. While the large enterprises that have well-staffed IT departments are likely to continue to buy these solutions from different ‘best-of-breed’ vendors, SMBs may be better off going for packages such as Client Security from Symantec — as they eliminate the hassle of installing and managing different software. “The idea for SMBs is that they need to have an integrated suite offering for security,” says Jaroudi. “It has to be easy-to-use and easy to install, because they don’t have the manpower or the training or IT budgets to go out and spend [on different products],” he states. “So a single integrated suite that is flexible enough to be available for the servers or for the laptops or for the desktops that includes backup and recovery that is automatically updated on a daily basis with the latest finds for signature viruses, this kind of solution will give them peace of mind,” he claims. CA offers its own protection suite tailored for the SMB sector, which Jaroudi says the company has increasingly focused on in the past year and a half. The other route security vendors have taken to simplifying things for SMBs is to come up with appliances. Symantec has launched a hardware appliance the Symantec Gateway Security 360R with an impressive feature list; Stateful Packet Inspection (SPI) firewall, IPSec virtual private network (VPN) gateway support, intrusion detection and prevention and content filtering. The VPN part of the solution is particularly useful for companies that have a lot of people on the road. They can connect to the company network over a secure, encrypted tunnel. “It is quite simple to install and takes away the headache of updating definition, installing pat- ches etc,” says Isaac. Trend Micro is taking a somewhat different approach but the idea is the same; keep it simple, affordable and take over the task of managing the security solution. It has added a service module to its security solutions called Worry Free Security. The initiative is ideally suited for firms that have little or no IT support to manage network security. All updating, monitoring and so on of the solution is done remotely by Trend Micro specialists who are trained in security management. “You get the same level of expertise that we use to protect data for some of world’s largest corporations such as Boeing,” claims Doo. HP also stresses the importance of a multiple-layered security infrastructure with its solution that comes under its Smart Office Security Solution. Apart from the traditional anti-virus solutions, it lays great emphasis on the ‘enemy within’. For this reason, HP has incorporated technologies such as local data encryption. Data stored on a notebook, for instance, is encrypted and can be accessed only if the user has properly authenticated him or herself. It even has biometric identification — the user is identified on the basis of his fingerprints. The cost of technology have come down to a point where mu- ch of what was affordable only if you were a large company, has fallen within the SMB range. From a security point-of-view it means SMBs have access to a range of applications designed to protect their data assets and allow them to get on with the important task of runnning a successful enterprise. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code