Effective and Efficient Security on a SMB Budget
Roger Grimes - October 6th, 2011
For two decades, SMBs have been told their best defenses are frequent patching, up-to-date antivirus software, least privilege users, firewalls, and strong passwords. While they have been doing their best to implement all these defenses, sadly, SMBs are still as exploited as ever. It’s clear that today’s traditional defenses aren’t working.
Today’s threats
Long gone are the days when our biggest worries were teenage hackers out to prove their online technical skills by developing harmless malware. Today’s attacker is much more likely to be a professional criminal out to steal money and/or cause real harm. They used to rob banks and break open mailboxes to steal social security checks and credit cards, they have now found a better payoff with much less risk by stealing what they need online. Online thieves can make off with hundreds of thousands to millions of dollars and very few are ever caught. And let’s be clear, cyber thieves are stealing tens of millions of dollars every day over the Internet.
Why traditional defenses don’t work
Traditional defenses don’t work for a myriad of reasons. Most notably, the biggest risk in most environments is your users being tricked into running a Trojan horse malware program that bypasses installed defenses. Solitary antivirus scanning programs are having great difficulty keeping up with literally millions of new malware programs created every month. Users are tricked into running fake antivirus programs, fake disk scanners, and fake programs they don’t need.
If traditional defenses alone won’t work, what does?
First, I’m not advocating throwing out the traditional defenses. Security is not binary. It’s not black and white; it’s shades of gray. Every additional computer security defense adds to the overall defense-in-depth. So, least-user privileges, up-to-date anti-malware software, firewalls, strong passwords, timely patching, and better end-user education are all good things to do. In fact, the better you do these things, the better you will be defended.
But three additional defenses should be deployed by every company in the fight against malware: Configuration Management, Device Control, and Application Control. It will likely be many years until the inherent flaws in the Internet and personal computers are improved in a way that significantly makes computing safer. Until then, we all have to pick the right tools and fight the good fight.
Learn more in Roger’s new webcast series and whitepaper, Effective and Efficient Security on a SMB budget
FREE Scanner
Free eBook &
Over 48% of IT Directors say that mobile devices represent the greatest network security threat.
[...] For two decades, SMBs have been told their best defenses are frequent patching, up-to-date antivirus software, least privilege users, firewalls, and strong passwords. While they have been doing their best to implement all these defenses, sadly, SMBs are still as exploited as ever. It’s clear that today’s traditional defenses aren’t working. Today’s threats Long gone are the days when our biggest worries were teenage hackers out to prove their online technical skills by developing harmless malware. Today’s attacker is much more likely to be a professional criminal out to steal money and/or cause real harm. They used to rob banks and break open mailboxes to steal social security checks and credit cards, they have now found a better payoff with much less risk by stealing what they need online. Online thieves can make off with hundreds of thousands to millions of dollars and very few are ever caught. And let’s be clear, cyber thieves are stealing tens of millions of dollars every day over the Internet. Why traditional defenses don’t work Traditional defenses don’t work for a myriad of reasons. Most notably, the biggest risk in most environments is your users being tricked into running a Trojan horse malware program that bypasses installed defenses. Solitary antivirus scanning programs are having great difficulty keeping up with literally millions (continue reading…) [...]