Security infrastructure for small- or medium-sized businesses should target malware - the generic term for viruses, worms, Trojans, spyware and botnets.
The age of innocence, when companies could rely on only basic security to keep their systems safe, is sadly long gone. This presents a challenge for smaller organizations: How do they keep their computers and data secure without having to spend a lot of time and money?
With a threat landscape that is populated with well-funded, devious criminals who are no longer in the game for notoriety, but for profit, even small slips can result in the compromise of data. Running a properly managed security infrastructure can be an expensive proposition.
It is not, however, more expensive than the consequences of a data breach. The Ponemon Institute's 2009 annual cost of a data breach study revealed that the cost per compromised record was, on average, $142 (U.S.) globally, and a whopping $204 per record in the United States. This included both the hard costs and the value of lost business and reputation.
Fortunately, security vendors have developed mitigations for organizations that lack the funds, the resources or the expertise to build their own infrastructure.
"The hosting of endpoint protection is a relatively recent phenomenon but one that is not surprising, and in some ways even makes sense," says James Quin, lead research analyst for Info-Tech Research Group in London, Ont. "Not surprising because the anti-malware vendors are all looking at ways to extend their revenue streams and value propositions, and it makes sense because small enterprises [at whom these services are targeted]generally have fewer resources available to manage technology issues."
Both McAfee and Symantec, publisher of the popular Norton Anti-Virus, have stepped up to the plate with hosted services that remove the need to build and manage infrastructure in-house. McAfee's hosted offering, announced in July of 2009, now boasts more than half a million customers.
Symantec announced its Symantec Hosted Endpoint Protection in May. Notes Mr. Quinn, "Symantec has been making a heavy investment in its managed services capabilities [punctuated by the MessageLabs acquisition last year]" Here's a look at the result.
For a monthly fee starting at $2.15 (U.S.) per user per month, customers receive anti-malware software ("malware" is the generic term for viruses, worms, Trojans, spyware, botnets, and all of the other nasty things that invade PCs), updates, and cloud-based management for their Windows servers, desktops and laptops. Adding security for e-mail and Web increases the cost to $5.90 (U.S.) per user per month.
For the price, users receive the full Symantec Endpoint Protection client - the same program they can purchase in a shrink-wrapped package and install on their systems - but with a twist. As long as the monthly subscription is continued, the software will be automatically kept up-to-date, both with malware detection signatures and with patches and version upgrades. That eliminates the hassles involved in upgrading to a new version of the software each year or two and guarantees access to new developments in anti-malware technology as they become available. All of the updates are deployed over the Internet, so protected nodes are safe whether the user is in or out of the office.
The subscription also grants the organization's administrator access to a Web-based portal where he or she defines the software deployment method (via a software distribution program such as Symantec's Altiris, manual installation from a file share, or user installation from a link sent by e-mail) and monitors that deployment. There is one potential challenge to overcome with the last option: users will need administrative rights on their PCs to install the software. Since best practice dictates that users do not have those rights, the administrator may have to resort to other means for the initial deployment.
An agent installed on each machine regularly reports the software's status to the portal so the administrator can find and fix any problems such as failure to update or suspicious behaviour. And if a computer doesn't report in, that information is flagged, too.
The administrator also gets an easy-to-use interface from which to set policies to manage which software computers receive, which features are activated, to set schedules for automatic scans, push out updates and to determine what, if any, control the user has over the software (an anti-virus program is, after all, useless if it's been turned off by the user). A single policy may be set for the entire company, or separate ones created for administrator-defined groups.
There is, of course, reporting provided. The administrator can choose from a set of canned reports such as alert history, risks detected, intrusion attempts (Symantec Endpoint Security includes a firewall), and a security overview. Report runs may be scheduled or ad hoc. And if a look at a single machine is all that's needed, that's easily done with a click on the machine name on the portal.
If a security event such as a virus attack occurs, after-the-fact reports aren't much use - there have to be real-time alerts. The portal has that covered too, and allows the administrator to decide what kind of event is worthy of immediate notification via e-mail and/or SMS. He may choose, for example, to only receive alerts of events that need action, and opt to occasionally check the portal for a log of successfully blocked infection or intrusion attempts.
When compared to McAfee's portal, which is based in its e-Policy Orchestrator (ePO) management tool, Symantec's portal may seem a bit basic, but it does contain the elements needed to manage protection. For a small- to medium-business, any additional bells and whistles may be a distraction.
Symantec offers a free 14-day trial; to sign up, visit www.messagelabs.com/trials/hep. McAfee's free trial is 30 days; sign up at http://www.mcafeeasap.com/MarketingContent/Products/TrialLanding.aspx.