SMBs in these emerging markets are placed under the dual strain of focusing on business development while never forgetting to maintain adequate levels of network security. These “adequate levels” are dictated by an increasingly developed regulatory environment coupled with the increasing volume of actual security threats. Businesses in these markets often do not have the resources, budget and know-how to bring security in-house. Instead, they favor Managed Service Providers for their expert, effective and cost-efficient processes in helping these companies equip themselves with the necessary security tools to protect their operations.

Countries seeing significant increases in the proliferation of Managed Services include South Africa, India, China, and many other countries spanning the Asia Pacific and South American regions. It is not just larger enterprises utilizing the services of MSPs, but also smaller organizations that are recognizing the value of sturdy, secure management and the benefits of outsourcing.

Frost & Sullivan suggests, for example, that the Asia-Pacific Managed Security Services (MSS) Market grew an estimated 15 percent in 2009, totaling revenues of just over US$1.31 billion. The Asia-Pacific MSS market is forecasted to exceed US$4 billion by the end-2015, with revenues rising at a compounded growth rate of 19.7 percent annually for the next five years.

For companies with expanding and decentralized infrastructures and operations, outsourcing IT security to MSPs is a compelling option as it allows companies to focus on the key components of their business, while remaining confident that their security is safeguarded. This is particularly relevant to companies based in India, where business is often conducted from multiple offices in multiple locations.

The Managed Services Security Market is also gaining traction in Latin America. This is due to increased compliance with global and local legislation, which in turn encourages businesses to turn capital expenditure into funds for outsourcing services. This activity encourages a reduction in IT security spending, in exchange for increased investment in core business activities. Analysis performed by Frost & Sullivan maintains that in 2009, the Latin American MSS market reached a total of $154.3 million USD in revenue with activity in Brazil representing 54.2% of the market.

Sensitive information is typically characterized by keywords, textual or numerical patterns (i.e. credit card number, social security number etc.) and other content-related phrases. PineApp’s policy-driven DLP module, for instance, scans all outgoing emails for the presence of content that has been defined by an organization’s own policy. An email that is flagged, due to these predefined criteria, is immediately intercepted and system administrators are instantly notified.

While it may be obvious to company management that all emails ought to be reviewed and scanned for security purposes, a company must make it clear to their employees that someone is NOT reading every email in their system. This “Big Brother” perception must be acknowledged and addressed from the very beginning stages of a DLP policy development.

When applying DLP to an organization’s email server, IT managers need to maintain a delicate balance between their company’s security interests and the end-user’s privacy. This balance is only possible through a coherent policy that is aligned with the management of sensitive data in all facets of the organization.

For SMB’s and mid-size level businesses, the main consideration in opting for a virtualized IT security solution is, obviously, financial. What’s the point of maintaining a separate web filtering, email security and email archiving hardware platform, and paying a fortune for all of the hardware-related costs (cooling, installation etc), if each one is not using even 1% of its overall capacity most of the time?

When purchasing hardware according to a pre-defined sizing scheme (i.e. number of users, number of mailboxes etc.), the solution is often larger than is needed and built to cope with much more load than will ever be necessary for a midsize business.

In this case, it may be wiser for an organization to migrate all solutions (in a software platform) to a single hardware platform running a VMware instance that will allow a unified, centrally managed yet dedicated solution.

The picture is completely different for ISP’s and enterprise level organizations. When implementing a security solution for an ISP, for example, money is a secondary consideration to performance and reliability. All solutions for large organizations ought to be mission-critical and able to cope with huge, and growing, load of thousands (and sometimes millions) of simultaneous connections.

An operation of this size requires the robustness that a dedicated hardware solution provides.  The scale of these organizations and their service provision necessitates a multi-processor super computer to supply email and web filtering from one hardware platform.

So, when an organization considers the value of moving to a virtual IT security solution….it’s all about the size!

An article by Robert McMillan who covers security issues for the IDG News Service and published in CIO Magazine, warns of hackers and spammers gaining access to your system and desktops through wily means that they believe are so well hidden that it’s difficult to find them.

PineApp’s Technical Training Engineer Tamir Elchayani, offers his comments as well.

In considering all the points McMillan raises in his article, Tamir suggests that PineApp’s Surf SeCure can be used at an organizational level as a highly effective way to assist in blocking Viruses in real-time. These cleverly phrased measures, he states, can be seamlessly implemented thanks to the file type download control component.

In addition, the vast majority of websites that contain Viruses, worms and other types of malware are automatically blocked either by the anti-spyware engine or by the category filtering – eliminating warez, porn and any other potentially risky websites.

The points raise by Robert McMillan include:

Scripting:

“Steer clear of Java script, especially from sites you don’t trust,” McMillan warns.

JavaScript enables bad guys to trick your browser more easily into doing something that it shouldn’t. For example, scammers recently set up illegitimate Facebook pages offering free $500 gift cards if you cut and paste some code into your browser’s address bar: that code is JavaScript–and you should never add it to your browser, he warns.

Reject Rogue Antivirus Offers:

Scary-looking warning messages pop up suddenly telling you that your computer is infected. You try to get rid of it, but more windows keep popping up, urging you to scan your computer. If you do this, the scan invariably finds security problems and offers to sell you software that will take care of the problem. This is rogue antivirus software. The only thing the software does is put money into the pockets of criminals.

Never buy the software, he says. It simply doesn’t work, and often it will trash your system. Either press Alt-F4 to close your browser directly or press Ctrl-Alt-Delete to open your system’s task manager and shut the browser down from there. Closing the browser generally puts an end to the pop-up problem.

Watch out for Hot News Stories:

Be careful when reading up on a hot news story: the bad guys follow Google Trends and Twitter’s Trending topics, and they can quickly promote one of their malicious Web pages to the top of Google search results. Google tries to control this activity, but when a breaking news story is involved, the evil doers are often one step ahead. Only read news sources you trust.

Use Less-Popular Apps and Verify That Your Programs Are Up-to-Date:

Don’t Depend on Microsoft Word or Adobe Reader: they are not the strongest applications from a security perspective–especially when it comes to opening files that you think are probably okay but aren’t sure about, McMillan warns.

Most bad guys usually aim at the most widely used software programs, which is one reason why Windows gets hit so much more often than Linux or Mac operating systems. Stay a step ahead of them by using less-popular apps that crooks target relatively infrequently. The downside is that, in a nonstandard application, files may not look exactly as they should but even so you should consider using them to open dubious documents.

Use Gmail or VirusTotal to check documents that you do open

We’ve been warned for years not to open attachments that come from untrusted sources: .exe files are a sure sign of trouble, but hackers have also found ways to break into computers by tricking users into opening maliciously encoded documents.

Find an alternative document reader, but if that doesn’t work for you, consider adopting other methods to double-check documents and avoid viruses.

Know What Programs You Use, and Verify That They’re Up to Date

The old version of RealPlayer you downloaded a few years ago may be nothing more than a security hole today. If you don’t use a program, consider uninstalling from your PC. To trim unwanted apps, visit the Windows Install/Uninstall section of the Control Panel. As a rule of thumb, if you’re not using a program, lose it.

It’s also a good idea to check your Facebook applications to make sure that you don’t have the Facebook equivalent of software bloat. While logged in, click Account, Application Settings, and see what apps you have installed. If you don’t use one, delete it.

Sharpen Your Password Game

People have to remember too many passwords on the Internet. Everyone knows this, but most of us get around the problem by using the same username and password over and over.

Hackers know this as well, and they’re happy to use it against you. Often they steal a person’s password and user name, perhaps via a phishing attack, and then try that combination on other popular services–Facebook, Gmail, PayPal, Yahoo—to see if it works there, too.

Welcome to the PineApp blog, where PineApp experts address the latest in email and web security for businesses, including attacks and vulnerabilities, content compliance, and virtualization of security. I’m Hezi Erez, PineApp’s CEO, and I look forward to sharing our insights with you.

One of the challenges is data leakage by employees who accidentally or intentionally transfer confidential information to third parties. Another major challenge is through infected hosts (ISPs and Telecom) which black-list the enterprise’s IP address.

We’ll address these and other issues connected to effective enterprise security. PineApp provides email and web security solutions for enterprises of all sizes, including schools, banks and major ISPs, so our team is comprised of experts on all the security issues that plague an organization. Join us daily for new insights, market analyses, reports and musings on the important issues affecting security at your company.

Enjoy!

Hezi Erez, CEO

The anti-blacklisting presentation tackles the global problem of the exploitation of innocent ISP subscribers when their personal computers and IP address are unscrupulously used to mass-deliver Spam messages. ISPs are having many of their IP addresses placed on global Anti-Spam blacklists and as a result, customers with these addresses are unable to deliver any email messages.

Considering the fact that IP addresses used to connect are dynamic and can be replaced upon disconnecting and reconnecting from the internet (aka DHCP), many innocent customers are unjustifiably blacklisted, for crimes they (or their computer) did not commit.

The presentation details the processes and considerations of IP blacklisting and creation of Spam slave computers (“Zombies”), details the requirements for creating and implementing a formidable preventive solution for this problem, and finally displays PineApp unique Anti Blacklisting solution for ISP’s.

Content compliance – both with regulation and company policy – is an ever-growing issue for enterprises. Compliance with regulations such as SOX and HIPAA requires protection for certain types of personal and financial data. In addition, company policies are in place (and for good reason!) to protect intellectual property, both from accidental leaks and from disgruntled employees, who may intentionally sabotage data.  Of course, email has increasingly become a primary source and storage platform for these data, so content compliance is crucially dependent on email protection and archiving.

What’s so important about email archiving anyway?

Regulatory content compliance includes audits and logs, which means information sent through emails must be retained, handled properly, and logged with history and analysis.  We all know that all receipts and past contracts must be kept for seven years – and with so many deals and official business done directly through email, all the last seven years’ emails must be kept, too. 

A nightmare, you say?  With the multiple large files exchanged daily through email, it could be a nightmare if it weren’t managed properly. That’s why it’s important not only to retain the emails, but archive them in an easy-to-search, redundancy-eliminating system. You want all important information retained and backed up for recovery. But you don’t want to house a server farm just because of your company’s email back-up. Proper email archiving purges multiple copies, saving space rather than using it up.

Remember that each year, 1% of computers collapse, which spells loss of valuable information – and money – for any mid-to-large firm.  In addition, disgruntled employees have been known to pose a threat, by simply eliminating data.  Email archiving prevents loss of data and leakage of confidential intellectual property, in the case of either technical failure or human insider threat.  Disaster recovery and data loss prevention, necessary to content compliance, are actually made possible through email archiving.

DLP is a term being thrown around quite a bit in the IT security world, and for good reason, as it’s an important element of security that every SO should consider, but it’s not always used equally.  When asked to explain the term, many sources (including Wikipedia) say that it refers to data loss prevention, while others use data leakage prevention, and still others use both and cite them as interchangeable.  As a tech security professional, what do these terms refer to, and more importantly, how are they useful for helping to find a proper security solution for your firm?

In fact, there’s a well defined difference between the two.  Data leakage prevention refers to “securing the exiting”–making sure that no one, whether it’s a disgruntled employee, a cyber criminal, or just an employee who thinks it’s no big deal to break the rules a little, will be able to export any private information out of the organization.  Data leakage prevention protects privacy, and keeps confidential records from falling into the wrong hands.  For this reason, most enterprises have specific policies dictating who is allowed to have access to what information, and who can email that information.  Data leakage prevention solutions should be able to enforce such policies for email, and even notify the SO if someone attempts to send something that policy doesn’t allow for.

Now, on to data loss prevention which refers to practices ensuring that no digital information would be lost as a result of possible hardware failure.  This could refer to large scale failure, such as server malfunction, or even the crash of one executive’s laptop – with all of this year’s contracts on it.  Loss of information can be extremely costly, and organizations are often slow to recover, so proper back-up of information is at the heart of data loss prevention.  Since more and more important information is exchanged and even stored through email, email archiving is a big part of data loss prevention, as it bypasses local storage and dependence on the end-user to retain this valuable, email-borne intellectual property.

DLP solutions are not all created equal – make sure as you search for one for your firm that it includes both leakage prevention (privacy security) and loss prevention (back-up).

So, why is the security situation so dire right now?  Tamir Elchayani, our technologies expert, gets right to the point.

Web filtering is considered to be extremely tricky, by far the hardest IT practice of all.

The main issue is that the world-wide web is, to some extent, a live organism. It evolves and grows at enormous speed, with thousands of websites being added daily.

Any kid with basic knowledge can open a new website, and in the majority of case, we’re talking about newly added porn websites or other malicious content (legitimate websites usually take more significant work to be constructed).

Trying to maintain a database including all (or at least most) known threats, is much like trying to list each drop in the pacific ocean and sort it by name and location. In other words – it’s impossible. That’s why name databases or lists of known “bad” URLs are only partially effective. The problem is other methods don’t prove to be too effective either…

There are dynamic content recognition engines, which attempt to use real-time AI in order to differentiate obscene from legitimate web content (in addition to blocking malware and automatically downloaded files). However, as these are mostly based on the “best guess”, and as image and content scanning are very far from being accurate, it is not a rare occurrence that websites containing horrific images are permitted, whereas innocent looking websites are blocked. It appears that mathematic calculations and algorithms have a very limited efficiency for moral judgment…

The human solutions are not necessarily accurate either: some web filtering solutions use personal classification and rating tools, powering users to help them in real-time classification. However, this is a limited solution, due to most people’s tendency to stay in the “safe water” of their few regular websites, and the fact that pornography, in many occasions, is a matter of geography (one area’s offensive material can be completely normal and legitimate content in another location).

As such, this practice of personal solutions ought to be reinforced, reworked and reshaped, in order to create the requested turnover, and reach the necessary sophistication, evasiveness and speed of web malicious content distributors.

To see the original PCWorld article, click here