Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices.
What's more, while yesterday's attack activity consisted of a single compromise aimed at gaining access to the data on a computer, current attack techniques are multi-staged. Hackers use their initial compromise to establish a beachhead from which they can launch subsequent attacks.
With an estimated 1.25 ...view middle of the document...
Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop.
Tiers of Protection
The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Outgoing mail is also checked to prevent viruses and inappropriate content from being sent from the company's email addresses.
Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution should work together with the email program to provide a greater degree of protection against malicious code.
One of the most convenient and hassle-free ways to protect servers and gateways is to use a security appliance. These preconfigured and tuned, self-contained units are easy to integrate into an existing network, and they work together with the email server or gateway. Known for their quick setup and low maintenance, appliances automatically perform a number of critical security tasks, including updating firewall rules and virus signatures, and can provide extensive reporting and personalization.
Desktops and laptops are one of the most important tiers to protect. These systems should be outfitted with a combination of security technologies, and many integrated security suites are available that provides antivirus, antispyware, firewall, intrusion detection, and other critical capabilities. Emerging suites are also offering identity protection capabilities as well as browser and phishing protection.
Even with the use of security technologies, small businesses can be open to attack by malicious users. New vulnerabilities-that is, design or implementation errors, usually in software and applications-appear every day. These vulnerabilities may be triggered passively during routine system operation or actively either by malicious users or even automated malicious code.
According to the most recent Internet Security Threat Report from Symantec Corp., nearly 2,500 vulnerabilities were documented just in the first six months of 2007. Vulnerabilities in Web applications and Web browsers represent one of the most serious security concerns for businesses as well as consumers. Malicious code designed to exploit such vulnerabilities are a threat to confidential information
Consequently, it is essential that small businesses keep their software and applications up-to-date with the latest patches....