IT on the defensive

22 Jun 2006

Many small businesses could be forgiven for thinking that the IT security industry is winning the battle against email viruses, since we seldom hear reports of high-profile attacks causing widespread damage.

If the level of media noise is any barometer, there has been nothing recently to match Mydoom — which infected around 250,000 computers in one day in January 2004 — or Melissa, whose spread in 1999 was so virulent that many companies had to shut down their email systems in order to cope with it. It would be pleasing to report that the reason we don’t hear about such incidents any more is because viruses are being repelled by tighter IT defences; but it also would be untrue.

IE Internet, a Dublin-based email hosting and security firm, tracks levels of virus activity in Irish emails and has seen a steady rise in virus volume since it began reporting in late 2003.

In May, more than one in five Irish emails (21.72pc) were found to contain some form of malicious code. To put that in context, a year previously the level had been less than one in 10 (7.59pc). Either way, the figures add up to a costly headache for small businesses — not only in terms of the time it takes to keep their systems updated to protect against the latest threats but also the financial outlay.

In addition to the money needed to maintain the security systems, there’s also the money lost because a good chunk of the company’s internet connection is being taken up downloading potentially damaging emails. Then there’s the risk of company downtime if employees’ PCs stop working or are disabled.

The good news is, there are solutions and the latest versions are easier to manage and maintain than their predecessors. These one-stop-shop security devices carry the tag of ‘unified threat management’ or UTM. As the name suggests, these appliances are designed to handle most major security risks, from stopping viruses, spam and spyware to intrusion prevention and protecting a company’s network via a firewall.

These UTM appliances are usually priced somewhere between €699 and €1,000, typically serving up to 25 users from a single machine. According to Jim Lehane, sales director of the security consultancy Espion, they are efficient to run. “You only have to learn one thing, rather than to have to manage five or six different boxes,” he says. “A lot of people are still being sold a firewall, a separate content filter and antivirus. That’s too complicated to manage.” The exact specification varies according to manufacturer, but names to watch out for in this space include Fortinet, Sonicwall, Netscreen and Symantec.

David Burke, security sales specialist with BT, advises companies to choose an appliance that will best suit their needs. This is because the UTM space largely developed from providers that historically specialised in one particular area, such as antivirus, and then bolted on new features in more recent product releases. “Not all of these appliances are going to be the best fit for each customer,” Burke cautions, suggesting that SMEs should consult a trusted partner or systems integration firm to help them to make the right choice.

Lehane points out that a UTM device still requires some maintenance, making it possibly better suited to a company with some in-house IT knowledge. “You have to keep an eye out for what’s going on and you have to have some technical expertise to configure the box correctly and make it work,” he states. “In saying that, the technology is becoming easier and the user interface is better.”

Although UTM appliances are useful for controlling what happens at the perimeter of the network, Sean Rooney, technical services director with Integrity Solutions, points out that endpoint security — that is, on individual devices within the network — is also very important. “There is a move towards having a small piece of software on the client machine which takes the onus from the user to have to update his or her security all the time,” he says.

If staff members take their laptops home and connect them to the internet from there, they potentially run the risk of downloading some malicious code and then bringing it back into the office — from where it could spread further.

It’s possible to install software on the PC that keeps its security settings up to date and can block the computer from connecting to the network until it has been verified that the machine is ‘clean’. “Before the machine connects to the network, the [endpoint] software would verify that the antivirus and anti-spyware is up to date,” he adds.

Having the company’s email hosted by a third-party provider is another way of getting around the problem of viruses and spam. This kind of service has advantages in that the business doesn’t have to be concerned with keeping up to date with the latest security threats. “A managed service means that nothing gets down the pipe without being cleaned first,” says Lehane, who points out that a “dirty pipe” costs money.

“If 70pc of my bandwidth is clogged up with spam or people using the internet are doing something they shouldn’t be doing, that means I’m paying for something I’m not getting.”

It also gets around the time and resources issue that affect many small businesses, particularly where security is concerned; after all, how many of us have installed antivirus software on our computers, only to let the subscription lapse? It’s an easy trap for SMEs to fall into, but any IT professional will tell you that week-old or month-old security is little better than none at all.

Get IT right

1 Do look at installing a unified threat management (UTM) system. It’s relatively inexpensive and takes care of a range of different security threats

2 Do discuss your security requirements with a trusted partner or technology specialist

3 Don’t just concentrate on protecting the network perimeter. Investigate installing software on every company PC that will keep it up to date and secure

4 Don’t buy security software and then forget about it; it will only work if it’s kept constantly up to date

5 Do consider having the company email hosted by a specialist provider if you don’t have many technically minded staff.

By Gordon Smith