Do you currently use Security software?
IT security management is a broad discipline with lots of moving parts, and the software market is equally diverse. There are hundreds of available solutions that address different functions of IT security — from malware protection to encryption or data backup — and inconsistent terminology between vendors. All of these factors can make it difficult for a buyer to understand the market and choose the best solution for their business.
This guide will help new and veteran buyers navigate the purchasing process by identifying best security software vendors through analysis of common trends, feature sets, and case studies.
Across all industries, digital growth and globalization are raising the stakes for data security. According to a recent study by IBM, the average cost of an enterprise data breach is now $3.5 million.1 With the potential damage so severe, many companies are taking proactive steps to protect their information and systems, and to seek out risks before they actualize. Gartner analysts predict that at least a third of all enterprises will have a dedicated “digital risk officer” filling this role by 2017.2
There are a number of recent trends that make it a challenge to control and monitor the flow of information, and by extension, the security of networks, data, and devices.
As businesses depart from old-fashioned rack servers, adopt cloud-based solutions, and rely on Infrastructure-as-a-Service (IaaS) for their core business models, there is a growing need for cloud security services. In fact, 44 percent of IT decision-makers cite this need as their top security challenge.3 Cloud security management can reduce capital expenditures, administrative demands, and free up company bandwidth, but many experts are still unsure of its ability to protect the whole network.
Mobile devices are now a common part of the workplace. Many of those devices see both personal and professional use, which creates a grey area for security. IT leaders are often unsure whether they should manage mobile device activity, or whether this constitutes an invasion of privacy. TechnologyAdvice performed a study on employee monitoring that revealed employees are concerned. Companies must temper this concern with the very real threat of device compromise.In their 2014 trends report, Sophos noted “exponential growth” in mobile targeted malware, especially for Android devices.4
The proliferation of digital mediums (cloud, mobile, third-party portals) and the expansion of infrastructure (to remote employees and global networks) creates new vulnerabilities. Cybercriminals are doubling down on their attempts to exploit these new attack surfaces. About one in five organizations suffered a malware infection-related outage in 2014.4 Cisco alone detects 50,000 network intrusions per day through its solutions and intelligence.5
Even if their internal network is secure, many companies have limited visibility into the security of partner networks (vendors, suppliers, service providers, etc.). When the two environments overlap, it often creates a backdoor for intrusion or data breach. For example, the infamous 2013 breach of Target’s payment card system was traced to a web application the company used for transacting with its HVAC vendor.6 This vulnerability compromises the integrity of the supply chain.
Security software providers help businesses overcome many of these challenges by monitoring data and network entities, blocking intrusions, and strengthening infrastructure against anticipated attacks. The software market offers a broad spectrum of solutions, with labeling and feature sets that differ from vendor to vendor. This makes it difficult to compare security software, but also means you’re more likely to find a solution that aligns with your needs. In a general sense, there are two main classes of security software:
Software pricing is usually calculated by the number of “nodes” (devices that communicate on the network) and whether the solution is on-premise (upfront license) or hosted off-site (typically an annual or semi-annual subscription).
Before you consider specific solutions, it’s good to have a working knowledge of what features are available. Along with an internal needs assessment, this step can help you shape your business goals and decide which products are the most relevant. Here are some common functional areas of business-grade security software:
The phrase, “anti-virus” is often used interchangeably with “anti-malware,” but this is a bit of a misnomer. A virus is only one type of malware, among others (spyware, adware, nagware, trojans, scareware, ransomware, worms). Malware protection identifies these threats and prevents them from causing harm to a device or network. In some cases, protection may also extend to advanced persistent threats (APTs) when combined with a security information and event management (SEIM) tool.7
One of the more traditional components of IT security, a firewall is a mechanism for filtering traffic as it passes into and out of a network. Using pre established rules set up by an administrator, the firewall either accepts or rejects data packets as they move at the network level or at the application level. Firewalls can be used to protect email and web servers, extranets, file repositories, and data centers.
Data encryption uses complex algorithms to render data indecipherable to unauthorized parties. The “scrambled” version of the data is referred to as ciphertext and requires a unique decryption key to translate. Encryption can be applied to specific files, device storage, or across an entire network.
Network access controls let administrators limit which employees have access to specific systems, files, etc., based on their login credentials and permission level. Role-based access control is often an important part of compliance for a number of different industry regulations (HIPAA, or PCI-DSS, for example). According to Forrester Research, 61 percent of data breaches are caused by malicious insiders or employee mistakes.8
In the event of a catastrophic event (fire, flood, electrical storm), irrevocable system failure, or a large scale breach, data backup can be the difference between recovery and implosion. Businesses sometimes practice their own, internal backup procedures, but most third-party services are hosted in the cloud — referred to as “backup-as-a-service,” or BaaS. This service is especially valuable to smaller businesses, considering less than 50 percent regularly backup their data.9
Endpoint security software protects a TCP/IP network by monitoring activity and gating access requested by devices (endpoints) on the network. An endpoint could include an employee laptop, smartphone, an office printer, or specialized hardware such as barcode readers and POS terminals.
Endpoint security software ensures that each endpoint meets certain criteria before it is granted access to the network. This process almost always entails malware and threat detection, and often extends to real-time activity monitoring, including web filters. Administrators manage endpoint software from a central server component that monitors the client components. The goal is to ensure that all devices are in sound condition before they exchange information. Some solutions also include vulnerability assessment features that seek out endpoint weaknesses and deliver “patches” to fix them.
Data loss prevention (DLP) software is designed to detect and prevent data breaches in order to preserve the integrity of information that is in use, at rest, or in motion.10 DLPs solutions can monitor network egress points, endpoints, storage databases, and network and device drives (depending on the solution) to prevent intentional or accidental data leakage.
Backup service is often a key component of DLP solutions, but there are also standalone backup services that provide less sophisticated DLP capabilities. Encryption and access control are important features for most products in this category, since they pertain directly to data security.
UTM products are usually part of an end-to-end IT security management suite, although their core component is almost always a hardware-based firewall. Other functions may include malware protection, spam filtering, intrusion detection, virtual private networks (VPNs), content filtering, load balancing, DLP, application control, web filtering, and reporting.
As you can see, UTMs are the most robust of the available products — intended, in most cases, to serve as an all-in-one security solution. Many small and medium-sized businesses favor UTMs because they eliminate the need for multiple, disparate systems.
Mobile device management (MDM) software — sometimes referred to as enterprise mobility management — is the enterprise security answer to “bring your own device.” MDM extends data control and visibility to work-use mobile devices and gives employees secure access to corporate content and applications.
Administrators can use MDM solutions to enforce passcode and encryption policies, block unknown devices, distribute native malware protection and web filters, and remotely lock devices or erase company data in the event of loss or theft. Some solutions also support “containerization” techniques, which partition an encrypted area of the device as a contained environment for corporate use. Some MDMs are sold as standalone tools, while others are included in an IT management suite.
Company: Wayne State University11
Solution: Symantec Data Protection
Wayne State University is a public research college located in midtown Detroit, with 32,000 students across 13 schools and 400 degree programs. In 2012, they launched an initiative to centralize IT operations across the university, hoping to bring greater efficiency and remove the burden of administration from researchers and professors. Initially, they hired a new director to manage delivery of shared services and transition to an all-cloud environment: the university virtualized 250 of its 300 servers in the data center.
Wayne State couldn’t afford to increase their data management staff, but they needed a solution to protect their ever-growing stores of hosted data. “A traditional approach to backup simply won’t work any longer,” said Robert Hogle, director of computer operations support. “You simply cannot conduct a weekly or monthly full backup with daily incrementals.”
Hogle started by upgrading to Symantec’s NetBackup 7.5, which allowed the school to divide the backup window into manageable pieces and balance loads between servers. He also implemented NetBackup Data Protection Optimization to reduce duplication in departmental file share backups, as well as Symantec’s endpoint protection and analytics tools. Wayne State reported a number of key benefits in operational efficiency and cost savings:
At TechnologyAdvice, our goal is to connect businesses with the technology that best meets their needs. We’ve compiled product information, reviews, case studies, features lists, video walkthroughs, and research articles on hundreds of leading IT solutions, all to make the buying process more straightforward for decision makers like you.
If you’re curious about any of the security software listed in this guide, we’d love to talk to you. Call one of our experts for a free consultation, or use the Product Selection Tool on our site to get a personalized recommendation based on your industry and desired features.
Our team of experts is ready to help! 877.702.2082