Anti-virus, malware signatures and firewalls used to be good enough. Web content has changed all that, but for businesses with 100 to 1,000 employees, UTM is helping.For the vast majority of companies across the continent, the message sunk in long ago—your files, networks and applications are at risk, and protecting them is extremely important.
As a result, most companies today have at least the basics of a security infrastructure, which most often include anti-virus software and firewalls. But the landscape has changed, experts say, and if executives expect these tools to ensure the security of their Web- and e-mail-based communications and access, they are sadly mistaken.
"We've noticed that the attack vectors of malicious content have changed and evolved over time," said Steve Kelley, senior director of product management at Websense, a security software company based in San Diego, Calif. "Early on, viruses and worms were being spread by e-mail, so anti-virus took care of it by stopping malware at the mail gateway, but the Web has become a significant attack vector, which changes everything."
Today, anti-virus products simply can't keep up with constant new versions of malware for which there are no signatures, said Chenxi Wang, principal analyst for security and risk management at Forrester Research of Cambridge, Mass.
"Anti-virus products work by comparing files or content against the signature and flagging it as a virus if there is a match," Wang said. "Traditionally, this was sufficient because there weren't that many viruses and the rate of new viruses was slow enough that signature development could keep up. That's not the case anymore."
Similarly, firewalls aren't enough anymore, either. Firewalls examine packets, ports and IP addresses but don't look into the payload of the packet, Wang said.
"Everybody uses Web-based communications, and there are a lot of threats coming in through the Web channel together with legitimate Web content. Firewalls can't do anything about that," she said.
Last year's annual CSI/FBI Computer Crime and Security Survey back that up. The survey found that even though 97 percent of organizations have anti-virus and 98 percent have firewalls, 65 percent of companies were hit by viruses during the previous 12 months.
The situation is particularly dire with smaller companies, which often don't have the money or staff to monitor security effectively. According to a Dynamic Markets Ltd. survey commissioned by Websense, only 22 percent of companies with 100 to 1,000 employees feel they are 100 percent protected, and 20 percent don't have any specific Internet security software in place in addition to their firewall and anti-virus solutions.
What's more, a survey by eMediaUSA on behalf of network security vendor GFI Software found that 40 percent of small and mid-size businesses believe their networks are not secure enough, and named e-mail viruses as the biggest security threat.
To be fully protected today, companies need not only anti-virus and firewall protection, but more proactive, content-aware security measures. One such method is Web filtering, offered by vendors like Websense and Secure Computing. These tools examine all communication in the Web channel and use real-time detection capabilities to allow or disallow communication.
Another proactive tool is e-mail filtering, from vendors like Symantec and SonicWALL. These tools examine the content of incoming e-mail.
Although it's possible to install these types of point solutions, some recommend moving to a comprehensive, unified threat management product, which includes firewall, anti-virus, VPN (virtual private network), Web filtering, e-mail filtering and more. Vendors offering UTMs include Fortinet, Check Point Software, Cisco and Symantec.
"Companies have to deal with security aspects in three different areas: endpoint/desktop, infrastructure [networks and servers] and applications, and UTMs can help address all of these aspects," said Mike Rothman, president and principal analyst of Security Incite in Atlanta.
"UTMs are great for businesses that are constrained by funds or IT personnel," Rothman said. "It reduces the number of things a company has to manage."
But don't discount the managed services model, where appropriate, Rothman says. Virtually any security-based service, from anti-spam to e-mail security services, are available in a hosted model, where companies pay another company to host and manage the security process.
"That's stuff you don't have to manage, and infrastructure you don't have to make sure is up and available," Rothman said.
Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.
