Business Security Software

Buyer's guide

The IT security market is vast, and business owners have a bewildering array of tools to choose from when deciding how to protect themselves against threats. Indeed there are so many different products and such an overlap of functions it can be difficult to make the right choice.

Before investing in the latest amazing security product then, business owners should think carefully about the nature of their business and what it requires. IT security expert Rick Doten stresses that “security is a risk-based approach.” In other words, security decisions should be decided by first understanding the business and identifying the specific threats to that business before selecting the technology to match.

You might assume, for example, that you need an endpoint protection platform because you want visibility into and control over the security of devices on your network. However, the systems you purchase in this type of suite—be it mobile device management, intrusion protection or something else—will depend on the specific needs of your business.

Endpoint protection platforms allow a central administrator to schedule regular security actions such as virus search to be performed across all the devices on a network (Source: Kaspersky Labs)

Not everybody does a proper risk analysis, and many make the mistake of putting the technology first. This can be an expensive—and dangerous—mistake for businesses of any size. Josh Ablett, a senior risk executive and former bank vice president, says: “I’ve been involved in plenty of projects at top tier banks where they’ll end up spending tens of millions of dollars on security software that turns out to not be what they thought they needed.”

So first, prioritize the risks to your business, develop the process to protect against those risks and then select the technology you need carefully. To help you with the latter, we put together this guide to the basics of the IT security market. We’ll begin with an overview of essential security applications, discuss how they’re bundled together and then dive deeper into the various applications creat ed for specific scenarios. Here’s what we’ll cover:

What Is Business Security Software?
Integrated Suites
Protection Against Traffic Risks
Access Management
Threat Intelligence
Pricing Considerations
Best Software Evaluation Tactics
Recent Events You Should Know About

What Is Business Security Software?

IT security terminology is confusing and prone to change. Applications can be sold separately but they are commonly bundled together. Some tools are software based, others are hardware based, and many can be provided as a hosted service. There is also a strong overlap in functionality across different types of product.

However there are a few basic applications which everybody needs, no matter the size or type of business. These are the applications you can expect to hear in answer to the question, "What is business security software?" So now, let’s take a look at the fundamentals of IT Security:

Integrated Security Suites

It’s possible to buy your security applications as standalone products and configure and maintain them all yourself. It may also be cheaper, but it does require more advanced IT skills, more time spent monitoring and updating your defenses and it may be a lot to ask of an already busy IT department.

Vendors therefore often bundle tools and sell them as “comprehensive” platforms, frequently with a single controlling console, so one administrator can monitor the system. There is also an option for many vendors to select technology as a hosted service, where the vendor (or third party) hosts and manages the product on your behalf. These platforms might combine all or some of the applications listed above (or even add a few more advanced ones). “Bundled” security offerings include:

Endpoint protection. “Endpoint” is tech talk for any device connected to a network, whether it be a laptop, desktop, tablet or mobile phone. Endpoint Protection Platforms (EPP) are bundled software security suites that are installed on the individual “endpoints” in a network. The precise features differ according to the manufacturer, but usually include anti-virus, anti-malware, a firewall, encryption and intrusion prevention. Some also include mobile device management. EPPs can also include a console for central administration, and are typically priced per license per device.

Unified threat management (UTM). Sometimes referred to as the “Swiss Army Knife of IT security,” a UTM is a piece of hardware or hosted service which contains a Next Generation Firewall and security tools such as anti-virus, anti-spam, a network intrusion prevention system and content filtering, among other possible defenses. UTMs are usually recommended for small/medium businesses, since as organizations grow larger it can be more efficient to split the defensive functions. It’s also important to know that since it is a hardware device that sits on the perimeter of the network, if a threat slips by and attacks an endpoint within the system, the UTM will be unable to prevent it at that point.

Mobile device management. A Mobile Device Management (MDM) solution helps you manage all the mobile devices (such as smartphones and tablets) on a network, exclude unauthorized devices and provide necessary security on those devices which you do approve. This can include managing which network resources specific mobile devices are permitted to access, updates, monitoring and even remotely wiping company data from the device. MDM is included in some Endpoint Protection Platforms.

Protection Against Traffic Risks

If we use an airport as a metaphor, then the firewall is where traffic entering and leaving your network shows its passport. The following set of tools represent the point where it takes off its shoes, walks through a scanner and allows its luggage to be searched. After all, in today’s hyper-connected business environment, traffic is constantly traveling in and out of a network and threats can come from outside—in the form of hackers—but also from inside, simply as a result of employee carelessness.

Secure Web Gateway. Traditionally, a firewall blocks traffic at the network level on the basis of where it comes from, where it is going or what type of traffic it is (for instance web or email). A Secure Web Gateway, while also working at the network level, is more sophisticated. It can delve into the content of that traffic, filtering out application-level traffic, web and URL-specific content and more based on predefined policies and rulesets. For instance, a Secure Web Gateway can determine whether to allow an employee to read a Wikipedia entry on gambling, while simultaneously denying the employee access to gambling sites. They scan inbound and/or outbound Web traffic for suspicious activity, require users to authenticate to access the eb, and can provide detailed logging of how long employees spend on specific websites, such as Facebook. A Secure Web Gateway also protects users against potential malware infections, and controls access to unsupported Web-based applications and potentially dangerous sites (or just company policy violations). Sometimes they are included in Next Generation Firewalls or UTMs, but organizations which have a lot of traffic may find a separate Secure Web Gateway more efficient. They can be used by any size of organization and are available as either hardware or software or hosted service.

Data Loss Prevention (DLP). DLP defends against the loss or theft of confidential data by scrutinizing your outbound traffic, and checking to see whether the sender is allowed to transmit specific data outside of the corporate network, or to a specific recipient. DLP cannot prevent an intrusion, but by determining whether to send, encrypt or prevent the transmission of data, it serves as a crucial defense against hackers who may have gained access to your system, or from authorized users inside your network sending out data that should remain inside.

Intrusion Prevention System (IPS)/Intrusion Detection System (IDS). These systems give enhanced network protection above and beyond the filtering a firewall performs, and help identify and possibly block network-level attacks that pass through the firewall. To extend our airport analogy, a person might have a passport from a trusted country, but that doesn’t mean that he won’t wreak havoc after he gains entry. IDS and IPS differ in that while IDS detects something malicious on the network, an IPS can automatically block that threat, based on rules or policy.

Access Management

Another important aspect of IT security is ensuring that individuals in organizations have appropriate credentials to access the data within the network that they need to see. Access management tools help regulate who has access to what within a network.

Identity Access Management (IAM). IAM software helps businesses manage electronic identities inside a network, authenticating, authorizing and auditing those identities and managing the degree of access each user on the network has to resources. This type of software is more applicable to large enterprises. As IT security expert Tim Singleton points out: “If someone walks into a small business and starts typing on a computer, everyone knows if they are an intruder or not. If that happens at an enterprise, everyone assumes they have a right to be there. So small businesses and large businesses do face different security challenges from that point of view.”

Network Access Controls (NAC). If IAM systems administer access at the employee level, then Network Access Control software helps decide which “endpoints” or devices are allowed onto a network before deciding what degree of access to give each user. These are important in large organizations and/or organizations which permit employees to use their own devices at work. They are also appropriate to networks which are open to guests, and in that context make sure that visitors can only access what they are supposed to.

Threat Intelligence

Finally, although it’s essential to have good defenses, businesses also need to monitor what’s happening inside the computers within their networks. No system of protective defenses is 100 percent foolproof, and these tools can help you detect when and where a breach has occurred so you can effectively respond before it causes harm.

SIEM combines two concepts, Security Information Management (SIM) and Security Event Management (SEM), in order to collate logs and other data from multiple computers, servers and network devices, analyzing it all with the goal of identifying and responding to suspicious activity and potential security events. It's the first system many companies turn to after a security event to understand what happened. It is often implemented to comply with government regulations. It is available as a software solution applicable to all sizes of business, or as a piece of hardware.

Vulnerability scanning software searches for weaknesses inside your system. There are two approaches to vulnerability scanning—you can scan from the outside as if simulating a hacker breaking in; or from the inside to check the inventory and health of your internal computers, servers, printers, network devices, endpoints and software. This helps you make sure your system configuration is secure, and that defenses are working.

The central console on an endpoint protection platform can give a single administrator visibility into and control over the security of all the individual devices on a network (Source: Kaspersky Lab)

Pricing Considerations

Most of these security tools are priced by software license per device, with maintenance per device (either per user or based on network bandwidth levels). Hardware can be included in the license, although sometimes this can be listed separately. Many tools can be run on virtual environments and so companies are also starting to move towards offering tools as hosted services, which is priced per user, per set of users or based on network bandwidth. Some however require special hardware. For instance, UTMs are typically sold as a piece of hardware.

However, there’s more to consider when it comes to pricing than merely tallying the costs going in. IT management software expert Nicole Pauls says small and midsize businesses should also consider ”whether they can take on not just the initial cost but the ongoing maintenance cost (in people and dollars) of a certain product, and whether products can meet their needs in an extremely functional way.”

She adds: “At the large enterprise, key selection criteria will involve whether products can scale to meet their needs. Key for all audiences are flexible, understood deployment strategies appropriate for their environment and ensuring integration points with existing infrastructure.”

Although the world of IT security is undeniably complex, the fundamental principle regarding how to decide which tools you need is easy to grasp. As we said at the beginning: the more you know about your business and the risks you face before making a purchase, the greater the likelihood that you will find the right security solution to suit your needs. 

Best Software Evaluation Tactics

Selecting the right security tools for your business can be challenging. In such a diverse and fragmented market, there are literally hundreds of options, each offering complex solutions to multifaceted problems. So, how do you know which software selection tactics will help you choose the right system for your needs?

Recently, Software Advice surveyed hundreds of software buyers across a range of industries to determine which of 14 potential software selection techniques led to the highest satisfaction rates. To help buyers understand this data, we created a quadrant that provides a visual breakdown of where each tactic falls on the “impact” and “satisfaction” spectrum:

The X-axis (the horizontal line) represents the percentage of people who applied a given tactic and rated their satisfaction as being “extremely high” (meaning they rated it a “9” or “10” on a 10-point scale). The numbers on the Y-axis (the vertical line) show the impact score. This score is based on how different the outcomes were for people who did apply the tactic, versus those who didn’t. Using this logic, tactics that were the most up and to the right in the quadrant were considered the “most effective” because they scored high for both satisfaction and impact.

Click here to read the full report and learn more about the research methodology.

We would like to thank Tim Singleton, Nicole Pauls, Josh Ablett and Rick Doten for their help with this guide.

Recent Events You Should Know About

Mainstream media coverage increases awareness of the need for IT security. Accusations of hacking and private emails going public during a contentious national election in the United States received widespread media attention in 2016. So did a major DDoS attack that temporarily cut off access to major sites for Internet users on the East Coast of the US, as well as several high-profile data breaches at Yahoo!. As a result, the necessity for good IT security became clearer than ever to many companies. This might lead to more companies seeking software solutions in 2017.

Evernote faces backlash over plan to let staffers read customer notes. Cross-platform note-taking app Evernote faced huge backlash in December when it revealed plans to let its staffers read and review private customer notes as a means of assessing the accuracy of its new machine learning technology. The backlash caused the company to abandon this plan. They admitted that they had made a mistake in judgment and failed to provide the type of transparent decision making that would cultivate customer trust. This highlighted the importance of transparency by vendors when it comes to their customers believing in the company/brand’s security.

Oracle acquires security broker Palerra. In September 2016, Oracle acquired cloud access security broker Palerra, whose LORIC software manages security and compliance for applications, workloads and sensitive data stored across cloud services. According to Peter Barker, Oracle's SVP of identity management and security products, the combination of Oracle Identity Cloud Service and Palerra's solution will "deliver comprehensive protection for users, applications, APIs, data and infrastructure to secure customer adoption of cloud.”