Multilevel Security Strategy Needed, but SMBs Face Tough Battle

By Wayne Rash  |  Posted 2014-05-07
security strategy

Multilevel Security Strategy Needed, but SMBs Face Tough Battle

First of all, don't run out and cancel your anti-malware subscriptions just because you heard that antivirus software is dead. It's not dead. Instead, what got picked up in some of the headlines is only part of the truth.

In reality, you still need your endpoint-security software just as much as you always did. So whether you're running Norton Antivirus, Norton Internet Security or Symantec Endpoint Security or the equivalent software from other companies, you should keep using it. Just be aware that it's not, by itself, a complete solution. In addition to the anti-malware software you already use, you also need additional defenses.

Problem is, most of the defenses being mentioned so far are aimed at large enterprises. The company's new Advanced Threat Protection package of products and services included managed security services, an incident response team, and an agreement with three major next-generation firewall vendors to integrate threat intelligence with the firewall's screening abilities.

But these services and products are beyond the means of small and midsized businesses (SMBs). More important, these companies are the least able to field the kind of expertise necessary to protect themselves against attackers. To find out what these companies can do, I got in touch with Piero DePaoli, Symantec's senior director of global product marketing.

DePaoli said that Symantec is already working on a new security product for smaller businesses that would provide some of the security protection of a next-generation firewall, but it would be provided by Symantec rather than a firewall company. "It is a new advanced threat protection solution," he said. "It will be available in beta in six months, available in 12.

"At the core of the Advanced Threat Protection solution will be a Symantec gateway security product. It will have the ability to do that correlation between what it sees with data from the endpoint and e-mail security," he continued.

The new Symantec gateway would be able to look for the same suspicious code in data coming through the gateway and through Symantec's cloud email security products, and then use that information to see who got the malware so it can be cleaned up. "This helps bring the most important threats to the top."

Initially, Symantec is working with Palo Alto Networks, Cisco Sourcefire and Checkpoint to provide malware screening and malware intelligence. DePaoli noted that one challenge with next-generation firewalls is that they produce so much data that screening for actual threats is time-consuming and difficult. Equally important, few small companies have the skills or resources to work with next-generation firewalls and find any threats they may uncover. In addition, few have the resources to remediate any malware invasions they do find.

The Symantec gateway product would integrate with the company's Email Security Cloud to screen incoming email for malware, phishing attacks and other security risks. The cloud security product works with cloud-based email as well as with on-site servers such as Microsoft Exchange.

While antivirus software has lost much of its effectiveness, Symantec hasn't delivered pure antivirus for several years, DePaoli said. Current antivirus products include technology to monitor the behavior of potentially harmful software, intrusion protection, heuristics and other advanced protection measures. He also noted that anti-malware products, including Norton Power Eraser, are very effective.

Multilevel Security Strategy Needed, but SMBs Face Tough Battle

While the new gateway will include features such as dynamic malware analysis and a cloud-based sandbox for finding the true nature of suspected malware, right now, it's important for companies to use the resources that are available.

Some advanced solutions planned for introduction in the next few months, such as an incident-response service for use when a company is breached or a managed adversary service for use when a company is the victim of a targeted attack. These services are available on an engagement basis to any company, according to DePaoli.

For SMBs, the arsenal of weapons isn't as extensive as it is for larger enterprises, but there are still steps they can take that are within their means. They include maintaining the existing endpoint protection software that's already in use. While antivirus is not the only solution, it's still essential as a first line of defense.

Along with antivirus, small and midsize companies need to make sure they enable the advanced protection that's available, but not always turned on, as part of their endpoint security. They should also make sure all of their bases are covered by making sure to search for malware as well as viruses.

But ultimately, the best solution, according the DePaoli, is vigilance. "Don't click on things," he said, unless you already know what they are. But of course vigilance goes beyond just that. It includes auditing your existing security measures to ensure that they're still working, making sure your training reflects the latest threats and practices and making sure your software—all of it—stays updated. And unfortunately, there's no software out there that's a substitute for vigilance.

Rocket Fuel