Business Security Software

Buyers guide

The IT security market is vast, and business owners have a bewildering array of tools to choose from when deciding how to protect themselves against threats. Indeed there are so many different products and such an overlap of functions it can be difficult to make the right choice.

Before investing in the latest amazing security product then, business owners should think carefully about the nature of their business and what it requires. IT security expert Rick Doten stresses that “security is a risk-based approach.” In other words, security decisions should be decided by first understanding the business and identifying the specific threats to that business before selecting the technology to match.

You might assume, for example, that you need an endpoint protection platform because you want visibility into and control over the security of devices on your network. However, the systems you purchase in this type of suite—be it mobile device management, intrusion protection or something else—will depend on the specific needs of your business.

Endpoint protection platforms allow a central administrator to schedule regular security actions such as virus search to be performed across all the devices on a network (Source: Kaspersky Labs)

Not everybody does a proper risk analysis, and many make the mistake of putting the technology first. This can be an expensive—and dangerous—mistake for businesses of any size. Josh Ablett, a senior risk executive and former bank vice president, says: “I’ve been involved in plenty of projects at top tier banks where they’ll end up spending tens of millions of dollars on security software that turns out to not be what they thought they needed.”

So first, prioritize the risks to your business, develop the process to protect against those risks and then select the technology you need carefully. To help you with the latter, we put together this guide to the basics of the IT security market. We’ll begin with an overview of essential security applications, discuss how they’re bundled together and then dive deeper into the various applications creat ed for specific scenarios. Here’s what we’ll cover:

What Is Business Security Software?
Integrated Suites
Protection Against Traffic Risks
Access Management
Threat Intelligence
Pricing Considerations
Best Software Evaluation Tactics
Recent Events You Should Know About

What Is Business Security Software?

IT security terminology is confusing and prone to change. Applications can be sold separately but they are commonly bundled together. Some tools are software based, others are hardware based, and many can be provided as a hosted service. There is also a strong overlap in functionality across different types of product.

However there are a few basic applications which everybody needs, no matter the size or type of business. These are the applications you can expect to hear in answer to the question, "What is business security software?" So now, let’s take a look at the fundamentals of IT Security:

Integrated Security Suites

It’s possible to buy your security applications as standalone products and configure and maintain them all yourself. It may also be cheaper, but it does require more advanced IT skills, more time spent monitoring and updating your defenses and it may be a lot to ask of an already busy IT department.

Vendors therefore often bundle tools and sell them as “comprehensive” platforms, frequently with a single controlling console, so one administrator can monitor the system. There is also an option for many vendors to select technology as a hosted service, where the vendor (or third party) hosts and manages the product on your behalf. These platforms might combine all or some of the applications listed above (or even add a few more advanced ones). “Bundled” security offerings include:

Endpoint protection. “Endpoint” is tech talk for any device connected to a network, whether it be a laptop, desktop, tablet or mobile phone. Endpoint Protection Platforms (EPP) are bundled software security suites that are installed on the individual “endpoints” in a network. The precise features differ according to the manufacturer, but usually include anti-virus, anti-malware, a firewall, encryption and intrusion prevention. Some also include mobile device management. EPPs can also include a console for central administration, and are typically priced per license per device.

Unified threat management (UTM). Sometimes referred to as the “Swiss Army Knife of IT security,” a UTM is a piece of hardware or hosted service which contains a Next Generation Firewall and security tools such as anti-virus, anti-spam, a network intrusion prevention system and content filtering, among other possible defenses. UTMs are usually recommended for small/medium businesses, since as organizations grow larger it can be more efficient to split the defensive functions. It’s also important to know that since it is a hardware device that sits on the perimeter of the network, if a threat slips by and attacks an endpoint within the system, the UTM will be unable to prevent it at that point.

Mobile device management. A Mobile Device Management (MDM) solution helps you manage all the mobile devices (such as smartphones and tablets) on a network, exclude unauthorized devices and provide necessary security on those devices which you do approve. This can include managing which network resources specific mobile devices are permitted to access, updates, monitoring and even remotely wiping company data from the device. MDM is included in some Endpoint Protection Platforms.

Protection Against Traffic Risks

If we use an airport as a metaphor, then the firewall is where traffic entering and leaving your network shows its passport. The following set of tools represent the point where it takes off its shoes, walks through a scanner and allows its luggage to be searched. After all, in today’s hyper-connected business environment, traffic is constantly traveling in and out of a network and threats can come from outside—in the form of hackers—but also from inside, simply as a result of employee carelessness.

Secure Web Gateway. Traditionally, a firewall blocks traffic at the network level on the basis of where it comes from, where it is going or what type of traffic it is (for instance web or email). A Secure Web Gateway, while also working at the network level, is more sophisticated. It can delve into the content of that traffic, filtering out application-level traffic, web and URL-specific content and more based on predefined policies and rulesets. For instance, a Secure Web Gateway can determine whether to allow an employee to read a Wikipedia entry on gambling, while simultaneously denying the employee access to gambling sites. They scan inbound and/or outbound Web traffic for suspicious activity, require users to authenticate to access the eb, and can provide detailed logging of how long employees spend on specific websites, such as Facebook. A Secure Web Gateway also protects users against potential malware infections, and controls access to unsupported Web-based applications and potentially dangerous sites (or just company policy violations). Sometimes they are included in Next Generation Firewalls or UTMs, but organizations which have a lot of traffic may find a separate Secure Web Gateway more efficient. They can be used by any size of organization and are available as either hardware or software or hosted service.

Data Loss Prevention (DLP). DLP defends against the loss or theft of confidential data by scrutinizing your outbound traffic, and checking to see whether the sender is allowed to transmit specific data outside of the corporate network, or to a specific recipient. DLP cannot prevent an intrusion, but by determining whether to send, encrypt or prevent the transmission of data, it serves as a crucial defense against hackers who may have gained access to your system, or from authorized users inside your network sending out data that should remain inside.

Intrusion Prevention System (IPS)/Intrusion Detection System (IDS). These systems give enhanced network protection above and beyond the filtering a firewall performs, and help identify and possibly block network-level attacks that pass through the firewall. To extend our airport analogy, a person might have a passport from a trusted country, but that doesn’t mean that he won’t wreak havoc after he gains entry. IDS and IPS differ in that while IDS detects something malicious on the network, an IPS can automatically block that threat, based on rules or policy.

Access Management

Another important aspect of IT security is ensuring that individuals in organizations have appropriate credentials to access the data within the network that they need to see. Access management tools help regulate who has access to what within a network.

Identity Access Management (IAM). IAM software helps businesses manage electronic identities inside a network, authenticating, authorizing and auditing those identities and managing the degree of access each user on the network has to resources. This type of software is more applicable to large enterprises. As IT security expert Tim Singleton points out: “If someone walks into a small business and starts typing on a computer, everyone knows if they are an intruder or not. If that happens at an enterprise, everyone assumes they have a right to be there. So small businesses and large businesses do face different security challenges from that point of view.”

Network Access Controls (NAC). If IAM systems administer access at the employee level, then Network Access Control software helps decide which “endpoints” or devices are allowed onto a network before deciding what degree of access to give each user. These are important in large organizations and/or organizations which permit employees to use their own devices at work. They are also appropriate to networks which are open to guests, and in that context make sure that visitors can only access what they are supposed to.

Threat Intelligence

Finally, although it’s essential to have good defenses, businesses also need to monitor w