August 2008   
 
 

BUSINESS INSIGHT: ANTI-THEFT

Small- and Medium-Size Businesses Do More with Less with McAfee Security Management Option

By Lillian Wai,
Senior Solutions Marketing Manager

When it comes to security, small to medium enterprises (SMEs) with 50 to 1,000 users will tell you that they are under just as much pressure as their big brothers. With a tenfold increase in malware from 2002 to 2007 (Source: Yankee Group) and the number of vulnerabilities in the past two years exceeding that of the past 10 years (Source: McAfee® Avert® Labs), it’s apparent that SMEs face the same security dangers as their giant counterparts. But lacking big-company budgets, they are on a continual quest for new ways to do more with less, investing in innovative technologies that help them maximize efficiencies.

In a study first conducted in Europe, McAfee subsequently surveyed 500 companies in the United States and Canada with two to 1,000 employees. (For more information on McAfee’s Does Size Matter? analysis, visit http://www.mcafee.com/us/local_content/reports/does_size_matter_en_v2.pdf)
We found that there is a predominant belief among SMEs that they are too small to be of any value to cybercriminals. Overall, SMEs expressed confidence that they are adequately protected by default settings on their IT equipment. Here are some of the findings:

  • Ninety-two percent of SMEs claim online access and availability is important to the running of their business

  • Yet 35 percent of SMEs are “not concerned” about being a target of cybercrime

  • And, 45 percent of SMEs do not think they are a valuable target for cybercriminals


But these are dangerous misconceptions, and SMEs need to understand how better to protect their businesses.

Same Expectations, Same Issues
Like larger organizations, SMEs are expected to maintain “business as usual” 24/7. Even in the face of security attacks and threats, SMEs can’t afford business disruptions because they must continue to respond to the ongoing needs of their partners, customers, and stakeholders.

Some of the issues they face as they grapple with these demands include:
  • Increased time and resources spent on security—McAfee’s Does Size Matter? analysis reported that, on average, SMEs have just one hour a week to dedicate to IT security, which is why it’s so important for a business to choose the right, easy-to-manage centralized product. (For a summary and interpretation of the analysis, see Rajesh Venkat’s article in this issue of McAfee Security Insights.)

  • Gaps in protection—By deploying multiple security products, each with its own management software, SMEs run the risk of having undetected gaps in coverage, overlooking critical product updates, or failing to patch vulnerabilities on a timely basis. As a result, exposure to known threats and attacks climb. Also, maintaining and updating multiple products requires increased IT staff resources. Frequently, IT is required to “rip and replace” old solutions with new products or upgrades, which can incur significant costs: annual licensing, maintenance, and support costs.

  • Increasing complexity and risk—Lack of compatibility problems among disparate products means that the next upgrade or patch could bring down the whole “house of cards.” New threats and emerging requirements, such as data loss prevention and content filtering agents, only make the situation more challenging.

  • Poor visibility and a slower response to threats—With non-integrated management consoles and data in different formats, administrators often experience the “swivel-chair effect” of going back and forth between a variety of different products to manage security. Considerable time and effort are required to achieve a limited level of visibility, and a lack of centralized control means a slower response to threats.

  • Lack of accountability—When something goes wrong in a multi-vendor security environment, it is often difficult to pinpoint the problem and identify which vendor should be contacted to resolve the issue. And some vendors don’t like to own up to possible glitches in their products.


McAfee Offers Smart, Simple, and Secure Choices
These shortcomings indicate that SMEs need a new and more efficient approach to system security—a “smart, simple, and secure” solution that helps them strike a balance between uncompromised, comprehensive security and limited time, money, and IT resources. “Smart, simple, and secure” solutions and management options from McAfee help SMEs achieve that balance.

The McAfee set of solutions guards against a wide range of security threats, attacks, and unwanted behavior, providing protection at both the network perimeter (gateways) and endpoints (desktops, laptops, and file servers).The McAfee approach to addressing SME security is to integrate smart protection with simplified management. McAfee solutions provide comprehensive, integrated coverage: spam filtering, anti-virus, anti-spyware, and web security, email content scanning for privacy and compliance—and centralized management.

Single-console management offers quick visibility into a company’s security status 24/7, so problems can be detected and remediated rapidly. For IT professionals who work in an SME environment, this is a real boon. Because SMEs lack the resources to hire an extensive, specialized staff, members of the IT department wear many hats, so time is a precious commodity. With simplified, centralized management, IT can improve responsiveness when an outbreak occurs and still have enough time to attend other important tasks.

Two Management Choices for SMEs: Hosted or Onsite
Whether hosted online by the McAfee SecurityCenter or onsite with one centralized management console, McAfee ePolicy Orchestrator® (ePO™), McAfee’s all-in-one solutions provide integrated management of multiple protection tiers for maximum control and visibility into your business security. This integrated approach to security includes simplified, centralized management, regardless of whether the organization chooses McAfee’s hosted or onsite option. From a single management console, administrators have complete visibility and control of the security environment, both accessed in the office or remotely. As we’ve already mentioned, this level of accessibility results in better security and a more efficient use of time.

What are the factors that determine whether an SME manages security onsite or with a hosted solution?

The McAfee hosted solution is generally suitable for organizations with less than 250 users. These companies are likely to have smaller IT departments, where personnel can only spend a limited amount of time on security versus other critical needs. They might opt for a Security-as-a-Service (SaaS) solution that reduces onsite infrastructure costs and in-house maintenance by having the SaaS vendor host infrastructure offsite and automate security updates and software upgrades. As SME IT personnel may not have the time or the expertise to deploy and configure a software-based solution and then manage, update, and support it on a continual basis, a SaaS solution saves on total cost of ownership and reduces daily maintenance and monitoring.

Rather than deploy a hosted solution, SMEs with 250 to 1,000 users often prefer to deploy an onsite solution to provide greater flexibility and control of security management. At this end of the spectrum, the IT infrastructure closely resembles an enterprise, with dedicated mail servers, data servers, and remote locations. Larger companies are more likely to have their own onsite infrastructure as well as an experienced IT staff with the skills to deploy, manage, and tailor security configurations to meet changing business needs.

The chart below offers a side-by-side comparison of the advantages of each security management option.

McAfee SecurityCenter
Hosted Management Solution 		McAfee ePolicy Orchestrator®,
Onsite Management Solution
  • McAfee’s Security-as-a-Service (SaaS) provides a hosted infrastructure that requires no added hardware, software, or support investments
    		•
  • The infrastructure is deployed, configured, and supported by in-house IT staff
    		•
  • With a single agent, multiple protection tiers are deployed across the board, reducing installation time and giving all users immediate protection via the Internet
    		•
  • A single agent provides continuous security updates and deployment to all systems from a centralized management console
  • McAfee automates continuous security updates and provides default settings for security best practices
    		•
  • Onsite management maximizes control and flexibility in customizing security policies and settings; it also provides robust and detailed reporting
  • Web-based remote access of centralized management console from any standard browser offers simplified visibility and reporting
  • Remote, web-based management is also available, so that administrators are no longer tied to their workstations
    		•
  • Annual subscription pricing for predictable cost that includes around-the-clock technical support

    		•
  • Added host intrusion prevention, policy auditing, and network access control to detect noncompliant systems, reduce the frequency and urgency of patch rollout (on Patch Tuesdays, for example) to save time, money, and resources
    		•
     
  • The initial solution investment lowers annual costs for continuous technical support

    		•

    Maximum Security for Every Dollar Invested
    By offering comprehensive protection and centralized management, a McAfee solution—whether hosted or onsite—allows SMEs to achieve a broad set of goals for protecting information resources with limited resources. By deploying a single agent, businesses get multiple layers of protection, including advanced network access control and host intrusion prevention. By leveraging McAfee’s integrated technology, it is possible for SMEs to do more with less.

    Regardless of which management option they go with, McAfee’s “smart, simple, and secure” solution help SMEs in many ways:

    • Enhance visibility and responsiveness—Replacing manual correlation and reporting with integrated, automated capabilities vastly improves visibility of the security environment, so that IT can respond more quickly to potential threats and attacks

    • Enhance operational efficiencies while reducing costs—Centralized management of an integrated solution is more efficient than supporting multiple vendor solutions and frees up IT for more productive tasks

    • Increase availability and reduce helpdesk calls—McAfee eliminates the compatibility problems that frequently arise between different vendors’ security packages and software agents

    • Ensure investment protection—Unified and scalable security architecture allows the security environment to grow as the organization grows, readily adapt to future threats, and incorporate emerging technologies at a reasonable cost


    For a deeper discussion of onsite versus hosted security management for SMEs, take a look at the white paper entitled Smart, Simple, Secure Management Options for Small to Medium Enterprises.


     

     

    Useful Links
    Recent articles
    Send to a friend
    Add me to the newsletter list
    Change my subscription to text
     



             
     

    McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee Inc. and/or its affiliates in the United States and/or other countries. McAfee red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

    Copyright 2007 McAfee, Inc. All rights reserved | Privacy Policy | Anti-Piracy Policy | unsubscribe