We wrote this guide to help you determine what kind of system will best suit your organization.
Here’s what we’ll cover:
The IT security market is vast, and business owners have a bewildering array of tools to choose from when deciding how to protect themselves against threats. Indeed there are so many different products and such an overlap of functions it can be difficult to make the right choice.
Before investing in the latest amazing security product then, business owners should think carefully about the nature of their business and what it requires. IT security expert Rick Doten stresses that “security is a risk-based approach.” In other words, security decisions should be decided by first understanding the business and identifying the specific threats to that business before selecting the technology to match.
You might assume, for example, that you need an endpoint protection platform because you want visibility into and control over the security of devices on your network. However, the systems you purchase in this type of suite—be it mobile device management, intrusion protection or something else—will depend on the specific needs of your business.
Endpoint protection platforms allow a central administrator to schedule regular security actions such as virus search to be performed across all the devices on a network (Source: Kaspersky Labs)
Not everybody does a proper risk analysis, and many make the mistake of putting the technology first. This can be an expensive—and dangerous—mistake for businesses of any size. Josh Ablett, a senior risk executive and former bank vice president, says: “I’ve been involved in plenty of projects at top tier banks where they’ll end up spending tens of millions of dollars on security software that turns out to not be what they thought they needed.”
So first, prioritize the risks to your business, develop the process to protect against those risks and then select the technology you need carefully. To help you with the latter, we put together this guide to the basics of the IT security market. We’ll begin with an overview of essential security applications, discuss how they’re bundled together and then dive deeper into the various applications creat ed for specific scenarios. Here’s what we’ll cover:
Essential Security Applications
Protection Against Traffic Risks
Best Software Evaluation Tactics
Recent Events You Should Know About
IT security terminology is confusing and prone to change. Applications can be sold separately but they are commonly bundled together. Some tools are software based, others are hardware based, and many can be provided as a hosted service. There is also a strong overlap in functionality across different types of product. However there are a few basic applications which everybody needs, no matter the size or type of business. Let’s take a look at IT Security fundamentals:
Firewalls. Firewalls are your basic, first line of defense, and can be either hardware, software or a combination of both. The firewall filters the traffic entering your network and enforces policy on what traffic is allowed in and out. However the conventional firewall is neither perfect, nor very specific. More sophisticated Next Generation Firewalls can analyze which applications your employees are using, and implement much more nuanced and targeted threat prevention based on application-specific data. However, they tend to come loaded with features and not all businesses will need everything a Next Generation Firewall does.
Anti-virus/anti-malware. Anti-virus software protects your computer by scanning it for infectious viruses and worms, and quarantining and removing them. However, today’s threats are constantly evolving and are much more sophisticated than they used to be, so although the term anti-virus is still used, it has evolved into the more comprehensive anti-malware, which protects against such dangers as spyware, adware, keylogging, bots and more.
Encryption. Encryption is the process by which you make your data incomprehensible to outsiders by, essentially, translating it into a secret code that can only be deciphered with a key. You can encrypt network traffic and the data you store. Encryption is a key part of data security, as even if you suffer a breach, or for instance a laptop or USB is stolen, hackers and thieves will have a much harder time using your data if they cannot read it.
Email safety. Spam filtering prevents you from drowning in unsolicited emails. This software or hosted service scrutinizes the emails you receive and analyzes attachments. Spam messages are then deleted, diverted to a special folder or quarantined so you can decide whether to keep or discard them. Secure Email Gateways, which also come as hardware, can scan traffic moving in both directions, and include additional security options such as malware scanning. They prevent attacks at the gateway to your network, rather than waiting for the end user to trigger anti-virus protection.
It’s possible to buy your security applications as standalone products and configure and maintain them all yourself. It may also be cheaper, but it does require more advanced IT skills, more time spent monitoring and updating your defenses and it may be a lot to ask of an already busy IT department.
Vendors therefore often bundle tools and sell them as “comprehensive” platforms, frequently with a single controlling console, so one administrator can monitor the system. There is also an option for many vendors to select technology as a hosted service, where the vendor (or third party) hosts and manages the product on your behalf. These platforms might combine all or some of the applications listed above (or even add a few more advanced ones). “Bundled” security offerings include:
Endpoint protection. “Endpoint” is tech talk for any device connected to a network, whether it be a laptop, desktop, tablet or mobile phone. Endpoint Protection Platforms (EPP) are bundled software security suites that are installed on the individual “endpoints” in a network. The precise features differ according to the manufacturer, but usually include anti-virus, anti-malware, a firewall, encryption and intrusion prevention. Some also include mobile device management. EPPs can also include a console for central administration, and are typically priced per license per device.
Unified threat management (UTM). Sometimes referred to as the “Swiss Army Knife of IT security,” a UTM is a piece of hardware or hosted service which contains a Next Generation Firewall and security tools such as anti-virus, anti-spam, a network intrusion prevention system and content filtering, among other possible defenses. UTMs are usually recommended for small/medium businesses, since as organizations grow larger it can be more efficient to split the defensive functions. It’s also important to know that since it is a hardware device that sits on the perimeter of the network, if a threat slips by and attacks an endpoint within the system, the UTM will be unable to prevent it at that point.
Mobile device management. A Mobile Device Management (MDM) solution helps you manage all the mobile devices (such as smartphones and tablets) on a network, exclude unauthorized devices and provide necessary security on those devices which you do approve. This can include managing which network resources specific mobile devices are permitted to access, updates, monitoring and even remotely wiping company data from the device. MDM is included in some Endpoint Protection Platforms.
If we use an airport as a metaphor, then the firewall is where traffic entering and leaving your network shows its passport. The following set of tools represent the point where it takes off its shoes, walks through a scanner and allows its luggage to be searched. After all, in today’s hyper-connected business environment, traffic is constantly traveling in and out of a network and threats can come from outside—in the form of hackers—but also from inside, simply as a result of employee carelessness.
Secure Web Gateway. Traditionally, a firewall blocks traffic at the network level on the basis of where it comes from, where it is going or what type of traffic it is (for instance web or email). A Secure Web Gateway, while also working at the network level, is more sophisticated. It can delve into the content of that traffic, filtering out application-level traffic, web and URL-specific content and more based on predefined policies and rulesets. For instance, a Secure Web Gateway can determine whether to allow an employee to read a Wikipedia entry on gambling, while simultaneously denying the employee access to gambling sites. They scan inbound and/or outbound Web traffic for suspicious activity, require users to authenticate to access the eb, and can provide detailed logging of how long employees spend on specific websites, such as Facebook. A Secure Web Gateway also protects users against potential malware infections, and controls access to unsupported Web-based applications and potentially dangerous sites (or just company policy violations). Sometimes they are included in Next Generation Firewalls or UTMs, but organizations which have a lot of traffic may find a separate Secure Web Gateway more efficient. They can be used by any size of organization and are available as either hardware or software or hosted service.
Data Loss Prevention (DLP). DLP defends against the loss or theft of confidential data by scrutinizing your outbound traffic, and checking to see whether the sender is allowed to transmit specific data outside of the corporate network, or to a specific recipient. DLP cannot prevent an intrusion, but by determining whether to send, encrypt or prevent the transmission of data, it serves as a crucial defense against hackers who may have gained access to your system, or from authorized users inside your network sending out data that should remain inside.
Intrusion Prevention System (IPS)/Intrusion Detection System (IDS). These systems give enhanced network protection above and beyond the filtering a firewall performs, and help identify and possibly block network-level attacks that pass through the firewall. To extend our airport analogy, a person might have a passport from a trusted country, but that doesn’t mean that he won’t wreak havoc after he gains entry. IDS and IPS differ in that while IDS detects something malicious on the network, an IPS can automatically block that threat, based on rules or policy.
Another important aspect of IT security is ensuring that individuals in organizations have appropriate credentials to access the data within the network that they need to see. Access management tools help regulate who has access to what within a network.
Identity Access Management (IAM). IAM software helps businesses manage electronic identities inside a network, authenticating, authorizing and auditing those identities and managing the degree of access each user on the network has to resources. This type of software is more applicable to large enterprises. As IT security expert Tim Singleton points out: “If someone walks into a small business and starts typing on a computer, everyone knows if they are an intruder or not. If that happens at an enterprise, everyone assumes they have a right to be there. So small businesses and large businesses do face different security challenges from that point of view.”
Network Access Controls (NAC). If IAM systems administer access at the employee level, then Network Access Control software helps decide which “endpoints” or devices are allowed onto a network before deciding what degree of access to give each user. These are important in large organizations and/or organizations which permit employees to use their own devices at work. They are also appropriate to networks which are open to guests, and in that context make sure that visitors can only access what they are supposed to.
Finally, although it’s essential to have good defenses, businesses also need to monitor what’s happening inside the computers within their networks. No system of protective defenses is 100 percent foolproof, and these tools can help you detect when and where a breach has occurred so you can effectively respond before it causes harm.
SIEM combines two concepts, Security Information Management (SIM) and Security Event Management (SEM), in order to collate logs and other data from multiple computers, servers and network devices, analyzing it all with the goal of identifying and responding to suspicious activity and potential security events. It's the first system many companies turn to after a security event to understand what happened. It is often implemented to comply with government regulations. It is available as a software solution applicable to all sizes of business, or as a piece of hardware.
Vulnerability scanning software searches for weaknesses inside your system. There are two approaches to vulnerability scanning—you can scan from the outside as if simulating a hacker breaking in; or from the inside to check the inventory and health of your internal computers, servers, printers, network devices, endpoints and software. This helps you make sure your system configuration is secure, and that defenses are working.
The central console on an endpoint protection platform can give a single administrator visibility into and control over the security of all the individual devices on a network (Source: Kaspersky Lab)
Most of these security tools are priced by software license per device, with maintenance per device (either per user or based on network bandwidth levels). Hardware can be included in the license, although sometimes this can be listed separately. Many tools can be run on virtual environments and so companies are also starting to move towards offering tools as hosted services, which is priced per user, per set of users or based on network bandwidth. Some however require special hardware. For instance, UTMs are typically sold as a piece of hardware.
However, there’s more to consider when it comes to pricing than merely tallying the costs going in. IT management software expert Nicole Pauls says small and midsize businesses should also consider ”whether they can take on not just the initial cost but the ongoing maintenance cost (in people and dollars) of a certain product, and whether products can meet their needs in an extremely functional way.”
She adds: “At the large enterprise, key selection criteria will involve whether products can scale to meet their needs. Key for all audiences are flexible, understood deployment strategies appropriate for their environment and ensuring integration points with existing infrastructure.”
Although the world of IT security is undeniably complex, the fundamental principle regarding how to decide which tools you need is easy to grasp. As we said at the beginning: the more you know about your business and the risks you face before making a purchase, the greater the likelihood that you will find the right security solution to suit your needs.
Selecting the right security tools for your business can be challenging. In such a diverse and fragmented market, there are literally hundreds of options, each offering complex solutions to multifaceted problems. So, how do you know which software selection tactics will help you choose the right system for your needs?
Recently, Software Advice surveyed hundreds of software buyers across a range of industries to determine which of 14 potential software selection techniques led to the highest satisfaction rates. To help buyers understand this data, we created a quadrant that provides a visual breakdown of where each tactic falls on the “impact” and “satisfaction” spectrum:
The X-axis (the horizontal line) represents the percentage of people who applied a given tactic and rated their satisfaction as being “extremely high” (meaning they rated it a “9” or “10” on a 10-point scale). The numbers on the Y-axis (the vertical line) show the impact score. This score is based on how different the outcomes were for people who did apply the tactic, versus those who didn’t. Using this logic, tactics that were the most up and to the right in the quadrant were considered the “most effective” because they scored high for both satisfaction and impact.
Click here to read the full report and learn more about the research methodology.
We would like to thank Tim Singleton, Nicole Pauls, Josh Ablett and Rick Doten for their help with this guide.
Cisco to acquire Neohapsis. In December 2014, Cisco announced its intent to acquire security firm Neohapsis, a provider of risk management, compliance, cloud, application, mobile and infrastructure security solutions. In an official announcement, Cisco said the deal is intended to enable its organization to deliver comprehensive services to help its customers remain secure and competitive.
Symantec splits into two publicly traded companies. In October 2014, antivirus firm Symantec announced plans to split itself into two publicly traded companies, separating security from its information management business. According to Symantec, the division is intended to maximize growth and shareholder values.
IBM acquires Lighthouse Security Group. In August 2014, IBM announced the acquisition of cloud security services provider Lighthouse Security Group, LLC. Lighthouse’s Gateway platform is an identity management solution, which enables businesses to control who can access sensitive corporate information. IBM announced that the platform will be integrated into its managed security services offering.
We're able to offer this service to buyers for free, because software vendors pay us on a "pay-per-lead" basis. Buyers get great advice. Sellers get great referrals.