Multilevel Security Strategy Needed, but SMBs Face Tough Battle

NEWS ANALYSIS: Antivirus software isn't dead but needs to be supplemented with additional resources that are often beyond the means of SMBs.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

security strategy

First of all, don't run out and cancel your anti-malware subscriptions just because you heard that antivirus software is dead. It's not dead. Instead, what got picked up in some of the headlines is only part of the truth.

In reality, you still need your endpoint-security software just as much as you always did. So whether you're running Norton Antivirus, Norton Internet Security or Symantec Endpoint Security or the equivalent software from other companies, you should keep using it. Just be aware that it's not, by itself, a complete solution. In addition to the anti-malware software you already use, you also need additional defenses.

Problem is, most of the defenses being mentioned so far are aimed at large enterprises. The company's new Advanced Threat Protection package of products and services included managed security services, an incident response team, and an agreement with three major next-generation firewall vendors to integrate threat intelligence with the firewall's screening abilities.

But these services and products are beyond the means of small and midsized businesses (SMBs). More important, these companies are the least able to field the kind of expertise necessary to protect themselves against attackers. To find out what these companies can do, I got in touch with Piero DePaoli, Symantec's senior director of global product marketing.

DePaoli said that Symantec is already working on a new security product for smaller businesses that would provide some of the security protection of a next-generation firewall, but it would be provided by Symantec rather than a firewall company. "It is a new advanced threat protection solution," he said. "It will be available in beta in six months, available in 12.

"At the core of the Advanced Threat Protection solution will be a Symantec gateway security product. It will have the ability to do that correlation between what it sees with data from the endpoint and e-mail security," he continued.

The new Symantec gateway would be able to look for the same suspicious code in data coming through the gateway and through Symantec's cloud email security products, and then use that information to see who got the malware so it can be cleaned up. "This helps bring the most important threats to the top."

Initially, Symantec is working with Palo Alto Networks, Cisco Sourcefire and Checkpoint to provide malware screening and malware intelligence. DePaoli noted that one challenge with next-generation firewalls is that they produce so much data that screening for actual threats is time-consuming and difficult. Equally important, few small companies have the skills or resources to work with next-generation firewalls and find any threats they may uncover. In addition, few have the resources to remediate any malware invasions they do find.

The Symantec gateway product would integrate with the company's Email Security Cloud to screen incoming email for malware, phishing attacks and other security risks. The cloud security product works with cloud-based email as well as with on-site servers such as Microsoft Exchange.

While antivirus software has lost much of its effectiveness, Symantec hasn't delivered pure antivirus for several years, DePaoli said. Current antivirus products include technology to monitor the behavior of potentially harmful software, intrusion protection, heuristics and other advanced protection measures. He also noted that anti-malware products, including Norton Power Eraser, are very effective.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...