Business Security Software

Buyer's guide

The IT security market is vast, and business owners have a bewildering array of tools to choose from when deciding how to protect themselves against threats. Indeed there are so many different products and such an overlap of functions it can be difficult to make the right choice.

Before investing in the latest amazing security product then, business owners should think carefully about the nature of their business and what it requires. IT security expert Rick Doten stresses that “security is a risk-based approach.” In other words, security decisions should be decided by first understanding the business and identifying the specific threats to that business before selecting the technology to match.

You might assume, for example, that you need an endpoint protection platform because you want visibility into and control over the security of devices on your network. However, the systems you purchase in this type of suite—be it mobile device management, intrusion protection or something else—will depend on the specific needs of your business.

Endpoint protection platforms allow a central administrator to schedule regular security actions such as virus search to be performed across all the devices on a network (Source: Kaspersky Labs)

Not everybody does a proper risk analysis, and many make the mistake of putting the technology first. This can be an expensive—and dangerous—mistake for businesses of any size. Josh Ablett, a senior risk executive and former bank vice president, says: “I’ve been involved in plenty of projects at top tier banks where they’ll end up spending tens of millions of dollars on security software that turns out to not be what they thought they needed.”

So first, prioritize the risks to your business, develop the process to protect against those risks and then select the technology you need carefully. To help you with the latter, we put together this guide to the basics of the IT security market. We’ll begin with an overview of essential security applications, discuss how they’re bundled together and then dive deeper into the various applications creat ed for specific scenarios. Here’s what we’ll cover:

What Is Business Security Software?
Integrated Suites
Protection Against Traffic Risks
Access Management
Threat Intelligence
Pricing Considerations
Best Software Evaluation Tactics
Recent Events You Should Know About

What Is Business Security Software?

IT security terminology is confusing and prone to change. Applications can be sold separately but they are commonly bundled together. Some tools are software based, others are hardware based, and many can be provided as a hosted service. There is also a strong overlap in functionality across different types of product.

However there are a few basic applications which everybody needs, no matter the size or type of business. These are the applications you can expect to hear in answer to the question, "What is business security software?" So now, let’s take a look at the fundamentals of IT Security:

Integrated Security Suites

It’s possible to buy your security applications as standalone products and configure and maintain them all yourself. It may also be cheaper, but it does require more advanced IT skills, more time spent monitoring and updating your defenses and it may be a lot to ask of an already busy IT department.

Vendors therefore often bundle tools and sell them as “comprehensive” platforms, frequently with a single controlling console, so one administrator can monitor the system. There is also an option for many vendors to select technology as a hosted service, where the vendor (or third party) hosts and manages the product on your behalf. These platforms might combine all or some of the applications listed above (or even add a few more advanced ones). “Bundled” security offerings include:

Endpoint protection. “Endpoint” is tech talk for any device connected to a network, whether it be a laptop, desktop, tablet or mobile phone. Endpoint Protection Platforms (EPP) are bundled software security suites that are installed on the individual “endpoints” in a network. The precise features differ according to the manufacturer, but usually include anti-virus, anti-malware, a firewall, encryption and intrusion prevention. Some also include mobile device management. EPPs can also include a console for central administration, and are typically priced per license per device.

Unified threat management (UTM). Sometimes referred to as the “Swiss Army Knife of IT security,” a UTM is a piece of hardware or hosted service which contains a Next Generation Firewall and security tools such as anti-virus, anti-spam, a network intrusion prevention system and content filtering, among other possible defenses. UTMs are usually recommended for small/medium businesses, since as organizations grow larger it can be more efficient to split the defensive functions. It’s also important to know that since it is a hardware device that sits on the perimeter of the network, if a threat slips by and attacks an endpoint within the system, the UTM will be unable to prevent it at that point.

Mobile device management. A Mobile Device Management (MDM) solution helps you manage all the mobile devices (such as smartphones and tablets) on a network, exclude unauthorized devices and provide necessary security on those devices which you do approve. This can include managing which network resources specific mobile devices are permitted to access, updates, monitoring and even remotely wiping company data from the device. MDM is included in some Endpoint Protection Platforms.

Protection Against Traffic Risks

If we use an airport as a metaphor, then the firewall is where traffic entering and leaving your network shows its passport. The following set of tools represent the point where it takes off its shoes, walks through a scanner and allows its luggage to be searched. After all, in today’s hyper-connected business environment, traffic is constantly traveling in and out of a network and threats can come from outside—in the form of hackers—but also from inside, simply as a result of employee carelessness.

Secure Web Gateway. Traditionally, a firewall blocks traffic at the network level on the basis of where it comes from, where it is going or what type of traffic it is (for instance web or email). A Secure Web Gateway, while also working at the network level, is more sophisticated. It can delve into the content of that traffic, filtering out application-level traffic, web and URL-specific content and more based on predefined policies and rulesets. For instance, a Secure Web Gateway can determine whether to allow an employee to read a Wikipedia entry on gambling, while simultaneously denying the employee access to gambling sites. They scan inbound and/or outbound Web traffic for suspicious activity, require users to authenticate to access the eb, and can provide detailed logging of how long employees spend on specific websites, such as Facebook. A Secure Web Gateway also protects users against potential malware infections, and controls access to unsupported Web-based applications and poten