Do Social Network Security Challenges Offer Opportunity For VARs?

In a recent survey of more than 2,700 people, BitDefender revealed that just 43 percent of respondents warn their friends if they noticed suspicious posts or activity in their Facebook News Feed. But that’s not all -- 93 percent said they either did not use or were not aware of solutions to protect their social network accounts.

In an age when corporations are increasingly looking to social networks as a way to expand their online presence, protecting users from malware and data loss on sites like Facebook has become an important focus for security vendors. But how much of an opportunity is there for VARs, and should they treat it as a focus or another item on a security checklist?

Turns out, it depends on who you ask.

“Yes, there is definitely a good opportunity for partners/VARs to start building security tools aimed at social networking sites,” opined Catalin Cosoi, head of BitDefender's Online Threats Lab. “There are at least half a million Facebook users falling for “see who viewed my profile” applications.”

BitDefender’s answer to this is an application called safego, which the company released last year. According to Cosoi, an estimated 23 percent of safego users that scanned their profile -- wall posts, news feed, etc. -- find something malicious.

“Company management should understand that it is extremely difficult to keep employees away from social networks,” he said. “Since they are highly addictive, users will keep searching for ways to access those Web sites, even if the company policy is to completely block them, which means that users might unknowingly open security holes. Instead of blocking them, a better idea would be to educate employees on how to stay safe while using these services.”

This could create a consulting opportunity for VARs, but that would come with its challenges, noted Wendy Nather, an analyst with The 451 Group who expressed skepticism that social network security would ever be split out as a separate security offering.

“Social networking blurs the lines between employees and their personal lives, and it's hard for organizations to formulate a good policy around that,” she said. “In addition, these organizations also find social networking increasingly important for themselves, for information and marketing reasons. So if they're using it themselves, it's harder to just say block for employees' personal use. These are social problems, not technology problems, so unless a VAR is very good at consulting at this policy level, I don't think there's a lot of opportunity to make it a separate offering.”

Social media security requires expertise regarding business needs, legal concerns and technology, which is not a good fit for most VARs, Forrester Research analyst Chenxi Wang told CRN.

“What VARs are really good at doing is selling you a box and manage it…Plus, technological solutions addressing specifically social media control and security are few and far between, so I doubt VARs can actually make any money selling them,” she said.

“What I do see,” she added, “is that they’d use social media control as one of the check list items in selling other security technologies, such as NG firewalls, Secure Web gateways, etc.”

Nevertheless, some vendors told CRN they are making a push around social network security to their channel partners. At Websense, officials announced a partnership with social marketing company Context Optional March 8 that is aimed at extending Websense’s TRITON Defensio app for enterprises leveraging social networks as part of their business.

“Context Optional provides tools and services for enterprises to build, manage, and measure brand presence on social networking platforms such as Facebook, Twitter, and YouTube,” explained Raymond Kruck, senior director of business development at Websense. “Context Optional will offer Websense TRITON Defensio as a premium solution within its Social Marketing Suite to protect brand reputation by analyzing, identifying, and automatically removing profane or inappropriate posts, spam, and malicious links on Facebook Pages.”

Defensio, he said, was specifically created to protect the corporate reputations by ensuring visitors their pages are protected from any malware posted to their walls. “In addition to the Context Optional partnership, we definitely see Defensio as an additional opportunity for organizations to use with current Websense solutions,” he said. “For example, by pairing the Websense Web Security Gateway with Defensio, you are both allowing and protecting your employee access to social media sites (the Gateway would simply just block any malicious content for users) and protecting a corporations presence on Facebook (through Defensio). It gives companies an opportunity for both safe access and a safe presence on and in social networks.”

Daniel Peck, research scientist at Barracuda Networks’ Barracuda Labs, told CRN the company is launching a series of educational Webcasts for partners that will focus specifically on social networking security and inform them of the capabilities of the company’s Profile Protector tool. Profile Protector is currently available for free. As the service grows and more options are added, managing the tool could be an option for businesses that want assistance managing their social network assets, he said.

“Social networking security is a great opportunity for the channel,” he said. “Social network interactions often have consequences that affect not only the user but also those users’ employers…I believe we're at an odd intersection where some people are beginning to really care about their privacy on social networks, clamoring for more control over how their information is shared, and with whom.”