Setting up and maintaining a reliable defense around your network takes hardware, software, diligence and a good measure of security expertise. That’s a tall order for a small business. But that’s exactly what it takes to track constantly evolving threats, to monitor network activity and to maintain the collection of tools required to combat attacks.
For many small businesses, it makes sense to shift some or all of these requirements outside of the company by making use of either managed security services or an integrated security appliance. If you choose to go the security service route, all security concerns simply become the concern of the service provider, and your company connects to the Internet only through that provider. Since all of the work is done before any traffic ever reaches the customer’s site, managed security services are described as “in-the-cloud,” or hosted services.
A security appliance consists of a collection of security tools built into a single box, and the box is installed at the customer site, typically between customer equipment and the Internet. Security tools may be automatically updated over the network through a subscription service. Such appliances are often called Unified Threat Management (UTM) devices.
There’s some overlap between the service and appliance models and a great deal of variation between products, so it can be hard to work out exactly what each vendor has to offer. We’ll take a look at a few representative products and services a bit later.
Whether as a service or in an appliance, vendors provide a variety of different security technologies, each of which addresses a different kind of threat. The integration of these component technologies, as well as the effectiveness of each, determines the level of protection that each bundle provides.
The five most common components are a firewall, virus detector, spam filter, an intrusion detection system and content filtering.
- A firewall is a network filter, blocking or allowing network traffic to pass according to attributes such as the destination port, or the IP address of the sender
- A virus detector blocks traffic that includes certain patterns that match signatures of known viruses
- A spam filter identifies and blocks spam e-mail
- An intrusion detection system/intrusion prevention system (IDS /IPS) looks for unusual access patterns that might indicate an attack is underway and may take action to block the attack
- A content filter blocks content from a list of Web sites, blocking illegal, objectionable or non-business-related content
Virus detection, spam filtering and content filtering require regular updates to remain effective. For in-the-cloud services, these updates are the responsibility of the service provider and, from a customer perspective, they just happen. For appliances, too, vendors provide these updates automatically, through a subscription program.
Having a suite of security tools available in a single appliance, or in a single service, clearly simplifies security management and configuration. It can also mean more effective security if these tools can work in concert. For example, the IDS component might update the firewall to block traffic from an IP address where an attack originated.
Managed security services and UTM appliances have been a hot area of late, with a number of vendors rolling out new services or features last month. Here is a sampling of some of the offerings in the field.
Check Point’s [email protected] is a UTM appliance that includes all the basic security tools plus some additional routing and wireless features. In May, the company introduced its 500/500W ADSL model, which completes the connectivity part of the package by including a DSL modem.
[email protected] includes firewall, IPS and anti-virus components. It also provides VPN (Virtual Private Network) connections, and content filtering is available as an option. “The [email protected] appliance line is geared to put all of the individual security solutions that companies have into one appliance that’s easy to use, easy to set up and easy to keep current,” says James Mabie, sales manager at Check Point subsidiary, Zone Labs.
Check Point’s appliance bundles just about everything you need to make a secure network connection in a single box. Combining router and security appliance provides some synergy. For example, VPN and wireless connections can be made subject to access controls, allowing you to set firewall rules for each type of connection.
The [email protected] 500W ADSL comes in several configurations, supporting different numbers of users, and optionally including wireless networking. The model with wireless support sells for $849 for up to 25 users; an update subscription at the same level costs $299 per year.
Perimeter offers an array of security services through its in-the-cloud hosted solution. The managed security service provider lets you select from around 60 services, including the basic tools described above and a number of more-specialized technologies. Pricing varies depending upon which options you select, but most customers pay between $200 and $2,000 per month, according to the company.
Businesses work with Perimeter by connecting to the Internet through its data centers. In a typical case, Perimeter will act as an ISP as well as a security provider, although there are other ways to set it up.
Perimeter handles both software updates and hardware upgrades. As a service provider, the company also rolls out new security technologies and makes them available to current customers. “We have a team of people who research the latest problems, look at all the solutions out there, pick the solutions that matter to our clients and find the right vendor or build it themselves,” says Brad Miller, the company’s CEO. “Then we take that technology, integrate it into our infrastructure and make it available on-demand.”
Perimeter’s customers benefit from the economies of scale offered by the service model, according to Miller. “What we’ve designed and engineered as an in-the-cloud service is not inexpensive at all — it’s incredibly expensive — but on a per-unit basis it’s very affordable,” he says.
Trend Micro, familiar as the maker of PC-Cillin desktop anti-virus software, rolled out its E-mail Security Services (ESS) in May. Trend Micro’s ESS is a managed security service that can filter spam, viruses and other harmful content before it reaches a customer’s gateway.
Unlike Perimeter’s service offering, which covers all Internet traffic, ESS works with e-mail only. That means that customers don’t have to connect to Trend Micro to take advantage of the service. Instead, mail traffic is simply routed through Trend Micro’s data center before it is sent on to the customer’s e-mail server.
“Since we’re hosting detection, we can move much more quickly than a company where IT might be [unavailable] at the time of an outbreak,” says Jon Clay, product marketing manager.
Pricing for ESS is set according to number of users and which filters are applied. As an example, spam and virus filtering costs $1,596 per year for 100 users.
Trend Micro tailors ESS for resellers, providing a console that lets resellers manage several customers’ service accounts through a single Web interface. “We designed the console so that the reseller can stay in constant touch with the customer about what’s going on with the traffic,” says Clay.
TrustEli’s Eli appliance is a UTM, but with centralized management that gives it some of the benefits of a hosted solution as well. “The key part is that Eli is the first and only professionally managed UTM appliance,” says Susan Lutz, CEO of TrustEli.
As with [email protected], the Eli appliance includes a DSL modem, routing and wireless capabilities as well as a full complement of security features. Eli’s list of protection technologies includes firewall, anti-virus, anti-spam and content filtering. TrustEli manages all of Eli’s features through a subscription service that includes firmware updates as well as updated virus and spam signatures. Customers configure devices through an Internet portal, not a Web interface on the appliance, so you can configure the device remotely.
Centralized management makes it especially easy to set up VPNs, a capability the company announced in May. Customers can configure an Eli-to-Eli VPN through the Internet portal, just as with any other configuration task. “It takes VPN from static and stationary to very fluid and temporary, even on the fly, and you can actually do it in just a few clicks,” says Lutz.
The Eli appliance sells for $249.99 for 25 users, and subscription to the management service costs $479.88 per year at that level.
WatchGuard’s May announcements included faster hardware configurations and software improvements to its Firebox collection of UTM devices. Firebox models are divided into three separate lines. Most SMB customers will probably find a match in the company’s Firebox Core line.
Fireware is the software that runs on the Firebox UTM. “Fireware offers what we call ‘Intelligent Layered Security,'” says Joe Peck, senior product manager at WatchGuard. “You’ve got multiple levels of protection that are able to work together to get better overall protection.”
Intelligent layered security refers to a collection of technologies designed to defend against “zero-day” attacks, or to prevent threats before signatures have been identified. These include scanning packets for adherence to protocols and reacting to suspicious activity such as DoS attacks and port scanning.
Firebox Core offers other security tool options such as anti-virus, anti-spam and IPS. In addition to security features, the Firebox can provide load balancing for better network performance and WAN failover for higher reliability. Prices on Firebox Core models range from around $1,900-$3,500.
Steve Apiki is a freelance writer and software developer who works for a small business in Peterborough, New Hampshire. He’s been a contributing editor at BYTE and FamilyPC magazines.
This article was first published on SmallBusinessComputing.com.