Tag Archives: Microsoft Forefront Client Security

About 1935 days ago Computer Security

IT Security: How Much $$ Should You Spend?

our beautiful site

Small and mid-sized businesses typically spend 5 to 10 percent of their IT budgets on security, according to research by Gartner. That’s a bigger slice of the IT pie than for large enterprises, which typically spend 3 to 6 percent of IT money on security, notes Adam Hils, principal research analyst at Gartner who specializes in small and mid-sized business security. “The smaller companies have overall IT budgets that aren’t as large,” he explains. Perhaps surprisingly, the biggest spenders on IT are mid-sized businesses, around the 500 to 1,000 employee range. “They want to be able to compete with larger companies,” Hils notes. “And, especially if they’re in finance or healthcare, they need to be able to offer the same types of security guarantees to their customers as big companies do.” Statistics like these can be helpful for comparing your company to overall IT practices. But figuring out how much of your particular IT budget should go for security requires taking many factors into account, such as your industry, how dependent your company is on technology, and the possible consequences of a security breach. In addition to considering these factors, here are some steps that can help you ensure your IT security spending is on track: 1. Aim for compliance. Increasingly, a review of government regulations or other standards that affect your company may help determine what security you need and how much it will cost. The Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), and Federal Information Security Management Act (FISMA) impose data protection requirements on public companies, health care companies, and those that receive federal funds, respectively. In addition, a growing number of companies find they must also adhere to the Payment Card Industry (PCI) Data Security Standard as a prerequisite for processing credit card payments or other financial information. “Starting in the middle of last year, we see companies like Visa and MasterCard targeting smaller retailers for compliance,” Hils says. And maybe that’s not such a bad thing. “Unlike some of the government regulations, PCI is a very useful standard,” notes Johannes Ullrich, chief technology officer at the SANS Institute, a leading provider of information security and training. “It’s very specific, and incorporates a lot of best practices many companies should be following.” 2. Look for a single solution to multiple problems. Security threats take many forms and come from many different sources. Where once guarding against viruses and hackers seemed sufficient, companies are now faced with spyware, Trojans, staggering volumes of spam, and wrongdoers eavesdropping on wireless networks. Rather than addressing each of these individually, more and more small companies are seeking out unified threat management, single boxes which supply a range of security solutions, filtering spyware, keeping out hackers, and fighting off viruses at the same time. “This way, as future needs change, you’re buying new software licenses rather than new hardware,” Hils says. He predicts that by 2010, 90 percent of small and mid-sized business security purchases will be multi-faceted solutions such as these. 3. Expect more security for less cost. As the large security players acquire smaller companies and fold in their offerings to these multiple solutions, overall costs for security are going down, Hils says. Another price-reducing factor is Microsoft Forefront which has entered the security market and provides affordable security options for small companies. Though Microsoft may never dominate corporate security the way it does so many other areas, it’s still forcing competitors to lower their prices, Hils says. “Microsoft is a big factor in getting [small and mid-sized businesses] more bang for the buck.” 4. Get expert help. It’s tough, if not impossible, for a small or mid-sized business to have the in-house expertise needed to stay up to date on security. “Even if you have full-time IT staff, can they focus on security enough to stay in the loop on the latest threats and products?” Ullrich asks. “Before you deploy an antivirus, you should do some tests to seek which one will work best for you. Independent consultant can help with this, and you get the benefit of what they’ve learned working with other companies similar to yours.” A consultant can also help you understand how adding a new security element will affect your network, he adds. “Whatever you do, don’t just go to Best Buy and grab something off the shelf.” In general, Hils says, “Companies need to figure out if they simply want adequate security, follow all the best practices, or perhaps be on the cutting edge of security technology.” Hils estimates that about 60 percent of small and mid-sized businesses simply want adequate security. The problem, he says, is that, while most companies believe they’re at least up to that level, “Some are falling below the line.” How can you tell if your company is among them? “One sign to look for is how much spam you get,” Ullrich says. “The more spam you get, the more penetrable your boundary is. And, since spam often carries viruses, it increases the possibility that your company is already infected.”

About 1935 days ago Antivirus Software

IT Security: How Much $$ Should You Spend?

our beautiful site

Small and mid-sized businesses typically spend 5 to 10 percent of their IT budgets on security, according to research by Gartner. That’s a bigger slice of the IT pie than for large enterprises, which typically spend 3 to 6 percent of IT money on security, notes Adam Hils, principal research analyst at Gartner who specializes in small and mid-sized business security. “The smaller companies have overall IT budgets that aren’t as large,” he explains. Perhaps surprisingly, the biggest spenders on IT are mid-sized businesses, around the 500 to 1,000 employee range. “They want to be able to compete with larger companies,” Hils notes. “And, especially if they’re in finance or healthcare, they need to be able to offer the same types of security guarantees to their customers as big companies do.” Statistics like these can be helpful for comparing your company to overall IT practices. But figuring out how much of your particular IT budget should go for security requires taking many factors into account, such as your industry, how dependent your company is on technology, and the possible consequences of a security breach. In addition to considering these factors, here are some steps that can help you ensure your IT security spending is on track: 1. Aim for compliance. Increasingly, a review of government regulations or other standards that affect your company may help determine what security you need and how much it will cost. The Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), and Federal Information Security Management Act (FISMA) impose data protection requirements on public companies, health care companies, and those that receive federal funds, respectively. In addition, a growing number of companies find they must also adhere to the Payment Card Industry (PCI) Data Security Standard as a prerequisite for processing credit card payments or other financial information. “Starting in the middle of last year, we see companies like Visa and MasterCard targeting smaller retailers for compliance,” Hils says. And maybe that’s not such a bad thing. “Unlike some of the government regulations, PCI is a very useful standard,” notes Johannes Ullrich, chief technology officer at the SANS Institute, a leading provider of information security and training. “It’s very specific, and incorporates a lot of best practices many companies should be following.” 2. Look for a single solution to multiple problems. Security threats take many forms and come from many different sources. Where once guarding against viruses and hackers seemed sufficient, companies are now faced with spyware, Trojans, staggering volumes of spam, and wrongdoers eavesdropping on wireless networks. Rather than addressing each of these individually, more and more small companies are seeking out unified threat management, single boxes which supply a range of security solutions, filtering spyware, keeping out hackers, and fighting off viruses at the same time. “This way, as future needs change, you’re buying new software licenses rather than new hardware,” Hils says. He predicts that by 2010, 90 percent of small and mid-sized business security purchases will be multi-faceted solutions such as these. 3. Expect more security for less cost. As the large security players acquire smaller companies and fold in their offerings to these multiple solutions, overall costs for security are going down, Hils says. Another price-reducing factor is Microsoft Forefront which has entered the security market and provides affordable security options for small companies. Though Microsoft may never dominate corporate security the way it does so many other areas, it’s still forcing competitors to lower their prices, Hils says. “Microsoft is a big factor in getting [small and mid-sized businesses] more bang for the buck.” 4. Get expert help. It’s tough, if not impossible, for a small or mid-sized business to have the in-house expertise needed to stay up to date on security. “Even if you have full-time IT staff, can they focus on security enough to stay in the loop on the latest threats and products?” Ullrich asks. “Before you deploy an antivirus, you should do some tests to seek which one will work best for you. Independent consultant can help with this, and you get the benefit of what they’ve learned working with other companies similar to yours.” A consultant can also help you understand how adding a new security element will affect your network, he adds. “Whatever you do, don’t just go to Best Buy and grab something off the shelf.” In general, Hils says, “Companies need to figure out if they simply want adequate security, follow all the best practices, or perhaps be on the cutting edge of security technology.” Hils estimates that about 60 percent of small and mid-sized businesses simply want adequate security. The problem, he says, is that, while most companies believe they’re at least up to that level, “Some are falling below the line.” How can you tell if your company is among them? “One sign to look for is how much spam you get,” Ullrich says. “The more spam you get, the more penetrable your boundary is. And, since spam often carries viruses, it increases the possibility that your company is already infected.”

About 2119 days ago Computer Security

New Strains of Anti-Virus Protection

Small and mid-size businesses have become increasingly savvy about securing their computers, servers, and networks. At the same time, the hackers, crackers, and other criminal minds have become equally as confident that one Trojan or virus can make conducting business difficult, if not impossible. Many small and mid-size businesses have developed a “sense of complacency” regarding security because large-scale viruses aren’t the main threat anymore, says Adams Hils, small and mid-size business security analyst for Gartner, the Stamford, Conn. research firm. But he and other analysts warn that the danger is now worse because criminals are looking to steal data for financial gain — not merely for mischief-making. “They don’t want to generate headines,” Hils said. “They want to generate revenue.” Furthermore, if your business retains customer data and you do business over the Internet, your business is a potential target. Basic anti-virus tools aren’t enough Firewall misconfigurations, weak encryption and passwords, and lapsed software patchwork can lead to company or customer data theft for a business. Basic anti-virus software isn’t enough to protect many small and mid-size businesses these days, and anti-spyware is becoming increasingly important. Malware from websites has grown 540 percent over the last two years, according to Gartner. Security software maker Symantec, in its most recent Internet Security Threat Report, warned that in addition to other malware problems, phishing was a growing concern for businesses in 2007. Symantec said that servers for small business could be used as hosts for phishers because the companies are often short on IT staff and therefore could be at risk for lapsed security patches. That’s why it’s important for all businesses — no matter what size — to maintain tight security on all data and company information, analysts say. “You’re trying to increase the number of barriers between yourself and the bad guys,” says Anil Miglani, senior vice president at AMI-Partners, a market research firm based in New York. AMI-Partners estimates that security spending among small and mid-size North American companies will be $5.25 billion in 2007 — up from $4.5 billion in 2006. It expects double-digit growth rates for security spending among North American small and mid-size businesses over the next five years. New products offer solutions It’s no surprise, then, that vendors have new security products for small and mid-size businesses, which are prioritizing security upgrades but demand simplicity and affordability, according to Forrester Research. Because of these factors, Microsoft is gaining ground in the security market, according to analysts. Microsoft’s Forefront Client Security is one of the cheapest anti-virus and anti-spyware security solutions on the market, but it may be too basic for some businesses, analysts warn. “For some smaller businesses that are not as exposed to Web threats and outside threats, it might be OK,” Hils said. Security heavyweights McAfee and Symantec offer “the most robust” solutions but are pricier, says Natalie Lambert, an analyst with Forrester Research. Symantec’s Client Security and Anti-Virus products are developed for businesses of varying size, but like most vendors, it does not have a one-size-fits-all solution, Lambert said. McAfee has specific products for small and mid-size businesses such as its Active VirusScan SMB Edition, as well as separate host intrusion products. The company provides management support which is crucial for companies with small IT staffs, Lambert said. Bundled options best for small business McAfee does not combine its anti-virus and anti-spyware solution. Gartner advises small and mid-size businesses to use vendors that bundle anti-spyware with their anti-virus products, such as Symantec, Trend Micro or Panda Software, or to negotiate with their current vendors for a competitive combined anti-virus and anti-spyware price. A smaller competitor, eEye Digital Security’s Blink product, has performed well in independent tests. It covers several security concerns by offering anti-virus, anti-spyware, anti-phishing and firewall protections, as well as intrusion preventions and detections. Whether you need a basic or more sophisticated security product depends on the needs of your business. For example, if you do business on the Web or if you have several employees and want to tighten internal as well as external security. It’s important that you assess your own needs — or have an assessment conducted for you — before shopping for products, Miglani advises. And, he warns, don’t think that your business is immune to threats, no matter how small it might be. “The probably of these [attacks] happening can be low, but the potential damages can be high,” Miglani says.