With Security, Knowledge Equals Power
The good news about the ideal midmarket security solution is that most of its components exist and already are deployed across a variety of networks; there are few "if only" products that have yet to be created. But as is often the case, how well they work is almost entirely dependent on how well-educated their users are and how diligently they utilize what they've been taught.
Scott Cummings is president of Excalibur Technologies in Barrington, Ill., a technology consulting firm for the SMB market. While some advocate the one-stop shop method for security projects, like many SMB channel partners, Excalibur has taken the multivendor approach to building secure systems rather than going with an all-in-one solution.
Cummings says that when properly executed, the security tools deployed by most organizations should produce nearly airtight results. "You want a solution that has both preventive and proactive features," he says. "Our clients that heed our advice, when they implement all the strategies we suggest, they hardly have any problems."
His ideal midmarket security package consists of firewall and network-management products from WatchGuard, Barracuda Networks' e-mail client tool, Symantec AntiVirus and Webroot Software's Spy Sweeper antispyware product.
There is some functionality overlap between the products, but that helps shore up a network's defenses. The WatchGuard Firebox Vclass (of which there are six different models to choose from) integrates firewall, application-layer intrusion prevention, VPN security and QoS traffic-management functionality with Gigabit and 10/100 Ethernet connections. Certain models also feature application-layer security and multitenant VLAN and quality of service (QoS) for mission-critical network security. The company's Firebox X is for small- to midsize enterprises seeking to secure a central office network with a model-upgradable firewall appliance that integrates firewall, VPN, Gateway AntiVirus for E-mail, zero day protection, Web filtering, spam-blocking and authentication. It also integrates an Intelligent Layered Security (ILS) architecture for cooperative protection between all the security layers, and features intuitive management capabilities. Prices for the Firebox X appliances range from $365 to $508, and the Vclass products range from $1,407 to $1,532 per 1,000 licenses.
For the e-mail client, the Barracuda Spam Firewall provides comprehensive algorithm-based spam-blocking that is updated hourly and is easily adjusted as conditions dictate. Symantec AntiVirus (the latest version is 9.0) provides easy-to-manage protection against viruses, worms and Trojan horses. It also detects nonvirus threats, such as spyware, adware and other emerging techniques, and it scans incoming POP3 attachments for viruses and stops worms from propagating via outgoing e-mail. Available in five models, prices for the Barracuda Spam Firewall range from $1,399 to $19,999 with no per-user licensing fees.
Finally, Webroot's Spy Sweeper Enterprise 2.0 is scalable and offers greater protection from spyware for mobile users of enterprise networks. It also offers centralized controls that simplify security management and enable administrators to make networkwide updates during a virus outbreak. It costs $29.95 per year for the current version.
Ironically, the security tool that's probably the least developed and most underutilized is also the most low-tech device: a simple how-to (or how-not-to) video that can teach users how to properly maintain their security tools after they've been installed. "Education is also very important," Cummings says. "Companies should have access to DVDs or Web seminars that they can make their employees watch so they can learn how to spot trouble before it gets out of control."
He says this would help get to the root of the problem, because as clever as the bad guys can be, they can't do nearly as much damage to a network a neglectful or poorly trained employee could. "You can have all the technological protection in the world, but the point of vulnerability still is the user, so you need to educate people," Cummings says. "They'll still have occasional security problems, but if they're educated, at least the problems won't be self-inflicted."