SlideShare ist ein Scribd-Unternehmen logo

When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) Box for Protecting Endpoints

GFI Software
GFI Software

In their “Sector Insight” research study, Aberdeen Group investigated the considerations small business should take when selecting anti-malware solutions. Read this research paper to learn why Aberdeen recommends small businesses be open to endpoint security solutions from vendors other than McAfee and Symantec.

Technologie
1 von 9
Downloaden Sie, um offline zu lesen
February 2009 When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Endpoints Endpoint security issues simply can’t be ignored, regardless of the size of the Sector Insight organization. Small enterprises in particular often need to “do more with Aberdeen’s Sector Insights less” when it comes to protecting their endpoints from Internet-based provide strategic perspective threats and vulnerabilities. Based on Aberdeen's July research on Vulnerability and analysis of primary Management, organizations with up to 1,000 users should make an explicit research results by industry, decision about selecting the best endpoint security solution for their current market segment, or geography. problems, rather than unnecessarily taking on by default the potential complexities, higher costs, or negative performance impact of anti-malware solutions from better-known providers such as McAfee and Symantec. Business Context – Vulnerabilities Affect Us All Size doesn't matter: any organization whose business operations involve Sector Definition networks, computers, and application software is at risk due to For purposes of this Sector vulnerabilities in these assets that can potentially be exploited, leading to Insight, “small enterprise” was unauthorized access, exposure of sensitive data, disruption of services, or analyzed as organizations with failure to comply with regulatory requirements. Vulnerabilities in computing up to 1,000 users, and as those infrastructure stem from many sources, including software defects, with <$50M in annual revenue, improper configurations, and simple human error. Small enterprises are just with substantially the same as susceptible to these threats and vulnerabilities – including viruses, worms, results. In this context, small enterprise includes not only Trojans, spyware, adware, bots and rootkits, to name a few – as any other many thousands of private Internet-connected organization. sector companies, but also The quantity, diversity, and sources of software being installed at the thousands of state and local endpoints exacerbate the problem. About half of all respondents in government and educational institutions. Aberdeen's recent benchmark studies reported a year-over-year increase in the average number of software agents installed and managed on endpoint devices, with no statistically meaningful differences between top performers and lagging performers in this regard. And this does not include the many applications, add-ins, players, readers, gadgets, toolbars and other endpoint software installed and “managed” unofficially by the end-users. Anecdotal conversations with organizations of all sizes indicate a growing concern in Fast Facts general over software "bloat” at the endpoints, the additional security risks it creates, and especially its negative impact on endpoint performance. Anecdotal conversations with organizations of all sizes Although in many ways organizations of all sizes are the same, in certain indicate a growing concern in important aspects the small enterprises are sharply different: general over software "bloat” at the endpoints, the additional • Small businesses are much more likely to “go it alone” with security risks it creates, and their limited in-house resources. For example, 70% of small especially its negative impact on enterprises indicated that they do not use outside vendors or endpoint performance. © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 2 consultants as part of their approach to protecting their endpoints, as compared to about 50% of the companies with top results. • Relative to other activities, small businesses place a lower than average priority on protecting their endpoints. For example, on a scale of 1 (lowest) to 5 (highest), small enterprises ranked endpoint security at 3.03, as compared to a rating of 3.20 by the top companies and 2.97 by those with relatively worst results. • Small businesses are actually spending more than the Industry Average on protecting their endpoints, not only as a percentage of total IT security budget, but also in terms of year-over-year increase (Figure 1). Figure 1: Small Enterprises are Spending More than the Average Maturity Class Definitions Best-in-Class Industry Average Laggards Small Enterprise To distinguish Best-in-Class 24.4% companies from Industry Average and Laggard 20% organizations, Aberdeen used the year-over-year change in 17.0% the following criteria: 14.4% 12.9% 10% 11.9% √ Average time to identify 8.8% 10.0% relevant vulnerabilities and threats 4.0% √ Average time to deploy 0% critical updates to all affected % of IT Security Budget on Securing Year-over-Year Change in Endpoint Endpoints Security Budget systems √ Average time to make Source: Aberdeen Group, February 2009 emergency configuration changes on all affected Small enterprises are spending more, but has it led to better results? systems when no update is Unfortunately, the small enterprises in Aberdeen's benchmark research available were found to be below the Industry Average in most aspects of security and compliance, and well below the leading companies across the board. √ Total number of penetration Figure 2 and Figure 3 present the average year-over-year change reported incidents by respondents in the study for selected security- and compliance-related √ Total number of data loss metrics, respectively indicating the responsiveness and effectiveness of their incidents endpoint security activities. In this case, Best-in-Class results are represented by a year-over-year decrease, while a year-over-year increase is Companies with top outcomes based on these criteria earned indicative of Laggard performance. The relative outcomes of the Industry Best-in-Class status. Average and Small Enterprises are shown as a colored bar, with worse results indicated by the color red and better results indicated by green. Examination of Figure 2 and Figure 3 illustrates that small enterprises in Aberdeen's benchmarks were: • Below the Industry Average in terms of time to identify and address threats and vulnerabilities © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 3 • Above the Industry Average (but well below the level of the Best-in- Class) in terms of the number of penetration incidents or data loss incidents • Below the Industry Average in terms of audit deficiencies related to compliance requirements Figure 2: Small Enterprises are Below Average in Responsiveness Industry Average Best-in-Class Laggards Small Enterprise 10% 5.3% "The scanning time for our incumbent antivirus solution Average Year-over-Year Change 5% LAG 3.7% was unacceptable, and it was a 3.3% 3.4% resource hog especially on some of our older machines. We needed a solution that was 0% -1.1% more streamlined." -1.7% -1.2% -0.7% BIC -1.1% -1.4% ~ Kerry Kirk, -2.1% VP of Information Technology -3.8% -2.7% HCSB, a Texas-based State -5% Banking Association -7.7% -8.4% -8.4% -10% Average time to Average time to Average time to Average time to identify relevent deploy critical deploy non-critical make emergency vulnerabilities and updates on all updates on all configuration threats affected systems affected systems changes on all affected systems when no update is available Source: Aberdeen Group, February 2009 To be clear, the selection and deployment of the optimal solution from a credible vendor is obviously a key success factor for protecting an organization's IT infrastructure from the never-ending flow of new threats and vulnerabilities. As important as the solution itself, however, are the important choices to be made in terms of policy, planning, process, and organizational elements of implementation and ongoing management. As a whole, each organization's unique blend of "people, process and technology" is the key to their ability to manage vulnerabilities in a sustainable, cost- effective way. Solutions whose features can reduce or remove inefficiencies in these areas have the tangible benefits of being faster to get up and running, and more cost-effective to support and manage over time. © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 4 Figure 3: Small Enterprises Can Make Large Gains in Effectiveness Industry Average Best-in-Class Laggards Small Enterprise 5% 2.7% -0.1% 0.6% Average Year-over-Year Change 0% -2.8% LAG -5.9% -5% -3.6% -7.4% -6.4% BIC -10% -10.1% -15% -13.8% -20% -25% -23.8% -23.3% Number of penetration Number of data loss Number of audit incidents incidents deficiencies Source: Aberdeen Group, February 2009 Benchmarking the Small Enterprise: What They Want What are the leading drivers for investments made by small enterprises in protecting their endpoints from network-based vulnerabilities and threats? "A key consideration, which I Relative to the Best-in-Class, Aberdeen's research shows that smaller think is as important as all the enterprises indicated stronger focus on the pressures of keeping the others, is tech support. That business up and running and protecting their IT infrastructure, and alone is reason enough for less focus on pressures related to compliance and data protection. In the IT serious purchase consideration. security version of Maslow's hierarchy of needs, the research indicates that Technicians that communicate small enterprises are focused heavily on the base of the pyramid. well and that really do stay with you until the problem is solved In terms of their strategic responses to these pressures, small enterprises are invaluable." and Best-in-Class organizations indicated similar approaches for protecting their endpoints, for example, conducting regular vulnerability assessment ~ Kerry Kirk, scans and implementing consistent policies and procedures for managing VP of Information Technology HCSB, a Texas-based State threats and vulnerabilities. Unfortunately, good strategy is not always linked Banking Association to good execution. Best-in-Class organizations were about 1.4-times more likely than small enterprises (87% versus 67%) to indicate regular vulnerability scans as a current capability, and about 1.7-times more likely (70% versus 41%) to have consistent threat and vulnerability management policies in place. Examining the inhibitors to investments in endpoint security shows that the perceived absence of compliance as a driver – the number one inhibitor indicated by small enterprises in the study – often means “do not invest.” The second leading inhibitor (and the greatest gap between small enterprises and all respondents) was lack of in-house IT skill sets. This should not be taken as IT staff in small companies being less capable, of course, but rather that in most small companies they tend to be jacks-of-all- © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 5 trades as opposed to the more highly-specialized roles to be found in larger organizations. When one combines the lack of in-house expertise with the fact that small enterprises are more inclined to go it alone, it seems clear that many small enterprises are not doing more with less, but doing less with less. The inhibitor representing the second greatest gap between small enterprises and all respondents was no financial loss expected. Both industry headlines and Aberdeen's benchmark research consistently indicate otherwise, pointing to a high need for additional awareness and education about the probability and financial impact of a material incident. But overall the profile is consistent: small businesses are most likely to invest to keep the business running, if they are compelled to do so (compliance), or if they expect non-investment to cost them money. Selection Criteria for Endpoint Security Solutions / Vendors Small companies participating in Aberdeen's benchmark research placed the Solution Selection Criteria highest priority for selection criteria on total cost of ownership – which Based on the research, the includes not only the cost of acquisition, but also the cost of deployment following selection criteria for and the cost of ongoing management – by a factor of 1.6-times more than endpoint security (anti-virus, the Best-in-Class (Figure 4). Although acquisition costs are easiest for anti-malware) solutions are making a direct comparison, Aberdeen's research consistently shows that valued most highly by small top results are actually gained (or not) by top performance in deployment companies: and ongoing management. For the typical small enterprise, solutions that are √ Cost to acquire effective and simplest to manage should be given strong consideration. √ Cost and time to deploy Solution providers with domain expertise, demonstrated success in similar projects, and commitment to customer service are valued highly √ Cost of ongoing operations by all respondents, including the small enterprise. Small organizations also √ "Footprint" of software at place relatively higher value on recommendations made by their the endpoints, particularly in peers. terms of its impact on resources required and Figure 4 also illustrates that breadth of solution offerings, such as the endpoint performance product strategies being pursued by the larger category leaders such as McAfee and Symantec, is much less important to small businesses. The √ Expertise and customer advanced capabilities of these solutions (e.g., data loss prevention, network service of the solution access control, asset management, backup and recovery) are addressing the provider evolving security needs of the Global 2000, but they are beyond the immediate needs of many small enterprise customers, and the additional complexity of the management consoles is an unnecessary burden. It is in this sense that small enterprises focused on anti-virus / anti-malware solutions should think outside the red and yellow boxes of the respective market leaders, and give deliberate consideration to smaller, more focused endpoint security vendors (for an illustrative solutions landscape, see Table 1). © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 6 Figure 4: What Small Businesses Look For in Solutions / Vendors 60% 59% Best-in-Class Small Enterprise 40% 44% 44% 44% 41% 38% 36% 38% 36% 33% 20% 25% 23% 0% Total Cost of Demonstrated Domain expertise Commitment to Recommendations Breadth of solution Ownership success in similar customer service by peers offerings projects Source: Aberdeen Group, February 2009 Case in Point Colonial Mills, Inc. (CMI), based in Pawtucket, Rhode Island, combines "old school craftsmanship" with "new age innovation" to produce braided- texture products such as area rugs, accessories, and custom designs with superior customer service. The company manufactures its award-winning products near the historic Slater Mill (circa 1793) in the Blackstone River Valley, considered to be the birthplace of the American textile industry. CMI has worked hard to drive new efficiencies in a well-established manufacturing process, by aligning its efforts across departments using "lean manufacturing" techniques, in which new orders are typically shipped within 5 days. CMI has made significant investments in technologies to improve its capabilities in order processing and customer relationship management, including real-time queries of order status. In such a lean, focused IT environment, CMI could ill afford the lost "When a scan would kick off productivity caused by excessive viruses, spyware, and other malware with our previous installation of attacking their endpoints. At the same time, they could not afford the lost Symantec Corporate Edition, productivity caused by the performance of their initial endpoint security the PC would be sooo slow. solution. "When a scan would kick off with our previous installation of With [Sunbelt Software's] Symantec Corporate Edition, the PC would be sooo slow," said Bill VIPRE, our users don’t even realize the scan is taking place." Turgeon, Chief Information Officer for Colonial Mills. After evaluating solutions from both Symantec and McAfee, CMI ultimately selected VIPRE ~ Bill Turgeon, Enterprise from Sunbelt Software, with positive results. "With VIPRE, our Chief Information Officer users don’t even realize the scan is taking place," said Turgeon. Colonial Mills, Inc. For CMI, the most importance decision criteria were a combination of performance and price. "We are a small business, with 65 users and a very small budget," notes Turgeon. "For anti-virus / anti-spyware, the VIPRE product simply outperformed the others. The fact that it was about one-half the price was a bonus. Sometimes the ‘big players’ are not the best solution © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 7 for our environment." Performance is "no longer a problem" at Colonial Mills, and disruption due to viruses has been virtually non-existent. Sunbelt's commitment to customer service was also an important element of CMI's decision to go with a smaller provider. "Previously, I would be on hold for long periods, waiting for technical assistance," said Turgeon. "I no longer have that issue with Sunbelt, which has done a great job of communicating with us about new releases. They make it very easy to want to do business with them." Solutions Landscape Solution providers for endpoint security can range from smaller specialists to multi-billion dollar firms. Table 1 provides an illustrative list. Table 1: Solutions Landscape for Endpoint Security (illustrative) Company Solution(s) Description Sunbelt Software's VIPRE Enterprise combines anti-virus, anti-spyware, VIPRE anti-rootkit and other technologies into a single agent, handled through Sunbelt Software Enterprise a central management console, while minimizing the negative performance and resource impact of traditional endpoint security www.sunbeltsoftware.com products. Sunbelt Network Security Inspector provides network vulnerability Sunbelt scanning by IP, port, machine, and service. It detects a broad range of Network vulnerabilities in systems running Windows, Sun Solaris, MAC, HP-UX, Security Red Hat Linux, Mandriva Linux, SUSE Linux, Cisco routers, and HP Inspector printers. AVG Internet The AVG Internet Security Network Edition solution provides anti- AVG Technologies Security virus, anti-spyware, anti-rootkit and other security technologies for www.avg.com Network protecting the endpoints. The solution includes a real-time vulnerability Edition scanner and automatic updates to ensure continuous protection. McAfee Total Protection for Endpoint combines McAfee endpoint Total Protection security technologies, ongoing research into emerging threats, and McAfee for Endpoint scalable management from a single console. Advanced compliance features limit access to non-compliant systems, automate reporting, and www.mcafee.com integrate with third-party compliance tools. McAfee ePolicy Orchestrator is designed to be a central hub for ePolicy managing multiple layers of protection, enforcing policy, monitoring Orchestrator security status, making updates, and generating detailed graphical reports. Endpoint Symantec Endpoint Protection 11.0 integrates anti-virus, anti-spyware, Protection 11.0 personal firewall, intrusion prevention, device control, and application Symantec control in a single agent managed by a single management console. www.symantec.com Endpoint Symantec Endpoint Management Suite 1.0 is designed around a common Management architecture to support security, system management, and recovery Suite 1.0 functionality for advanced automation, system interoperability, and increased visibility and control for Windows-based endpoints. Source: Aberdeen Group, February 2009 © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 8 Summary and Recommendations Based on Aberdeen's benchmark research and interviews with select respondents, small enterprises should consider the following: • Make endpoint security a priority. It may not be pleasant, but managing the threats and vulnerabilities that put your endpoints at risk is a necessary function for any organization with business "It was a wonderful thing to operations that involve Internet-facing networks, computers, and find a nice tight little footprint application software. Improving capabilities in all three phases of the that doesn't kill our client vulnerability management lifecycle (i.e., "assess," "prioritize," and systems while scanning." "remediate") pays off in two ways. First, it reduces the risks and ~ Bill Turgeon, costs associated with the flood of new threats and vulnerabilities Chief Information Officer that emerge on a weekly basis. Second, it reduces the total costs of Colonial Mills, Inc. managing threats and vulnerabilities and protecting the endpoints, which frees up limited resources to invest in more strategic IT initiatives. • Optimize your limited resources. Most small organizations don’t have a large or dedicated IT staff, and the research shows that in spite of having limited internal resources they tend to "go it alone". Small enterprises should make an explicit decision about selecting the best endpoint security solution for their current problems, rather than taking on by default the unnecessary complexities, cost, and performance-crippling bloat of solutions that provide more functionality than the organization currently needs. • Think outside the (red / yellow) box. Small organizations "You don’t always have to go should be open to endpoint security solutions from vendors other with the ‘big guys’ for software. than McAfee and Symantec, especially those that address the key After working with several very selection criteria identified in the research: total cost of ownership, large vendors in the past, domain expertise / demonstrated success in similar projects, working with a smaller minimal footprint and impact on performance, and commitment to provider [Sunbelt Software] has been a breath of fresh air.” customer service. Endpoint security issues simply can’t be ignored, regardless of the size of the ~ Kerry Kirk, VP of Information Technology organization. In a tough economy, small enterprises in particular need to HCSB, a Texas-based state “do more with less” when it comes to protecting their endpoints from banking association Internet-based threats and vulnerabilities. The research shows that they can compete most effectively by consciously choosing the right tool for the job. For more information on this or other research topics, please visit www.aberdeen.com. © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 9 Related Research Unified Threat Management: What's In, Data Loss Prevention: Little Leaks Sink What's Next, and Why; September the Ship; June 2008 2008 PCI DSS and Protecting Cardholder Data; Vulnerability Management: Assess, June 2008 Prioritize, Remediate, Repeat; July 2008 Author: Derek E. Brink, Vice President and Research Fellow, IT Security (Derek.Brink@aberdeen.com) Since 1988, Aberdeen's research has been helping corporations worldwide become Best-in-Class. Having benchmarked the performance of more than 644,000 companies, Aberdeen is uniquely positioned to provide organizations with the facts that matter — the facts that enable companies to get ahead and drive results. That's why our research is relied on by more than 2.2 million readers in over 40 countries, 90% of the Fortune 1,000, and 93% of the Technology 500. As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte- Hanks (Information – Opportunity – Insight – Engagement – Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen http://www.aberdeen.com or call (617) 723-7890, or to learn more about Harte-Hanks, call (800) 456-9748 or go to http://www.harte-hanks.com This document is the result of primary research performed by Aberdeen Group. Aberdeen Group's methodologies provide for objective fact-based research and represent the best analysis available at the time of publication. Unless otherwise noted, the entire contents of this publication are copyrighted by Aberdeen Group, Inc. and may not be reproduced, distributed, archived, or transmitted in any form or by any means without prior written consent by Aberdeen Group, Inc. 043008a © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897

Empfohlen

Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid TechnologyGFI Software
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Patch management
Patch managementPatch management
Patch managementGFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 

Empfohlen

Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid TechnologyGFI Software
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Patch management
Patch managementPatch management
Patch managementGFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Web Werks Data Centers
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationIBM Security
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 
Va\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutionsVa\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutionsiansadler
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIAGILLY
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Effective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningEffective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningCloudnition Web Development & Online Marketing
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityPeopleWorks IN
 
The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014Symantec
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
The C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe Economist Media Businesses
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 

Weitere ähnliche Inhalte

Was ist angesagt?

The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Web Werks Data Centers
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationIBM Security
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 
Va\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutionsVa\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutionsiansadler
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIAGILLY
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityPeopleWorks IN
 
The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014Symantec
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 

Was ist angesagt? (20)

The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clients
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and Reputation
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
 
Va\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutionsVa\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutions
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
Effective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningEffective Communications in Business Continuity Planning
Effective Communications in Business Continuity Planning
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and Simplicity
 
The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 

Ähnlich wie When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) Box for Protecting Endpoints

Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
Machinesafety ni-07
Machinesafety ni-07Machinesafety ni-07
Machinesafety ni-07achalconst
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application SecurityVeracode
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom LineKPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom LineJeff Gustafson
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)GuardEra Access Solutions, Inc.
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Businessat MicroFocus Italy ❖✔
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education ConferanceTommy Riggins
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 

Ähnlich wie When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) Box for Protecting Endpoints (20)

The C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defense
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
Machinesafety ni-07
Machinesafety ni-07Machinesafety ni-07
Machinesafety ni-07
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
 
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom LineKPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)
 
ROI On DLP
ROI On DLPROI On DLP
ROI On DLP
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Business
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
BCI Counting The Cost
BCI Counting The CostBCI Counting The Cost
BCI Counting The Cost
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
 

Mehr von GFI Software

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013GFI Software
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data BackupsGFI Software
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class SeriesGFI Software
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™GFI Software
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementGFI Software
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerGFI Software
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security SolutionsGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR SpamGFI Software
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Binary translation
Binary translationBinary translation
Binary translationGFI Software
 

Mehr von GFI Software (20)

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Data Backups
Data BackupsData Backups
Data Backups
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class Series
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log Management
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManager
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security Solutions
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylisting
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your Network
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR Spam
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Greylisting
GreylistingGreylisting
Greylisting
 
Binary translation
Binary translationBinary translation
Binary translation
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping Malware
 

Kürzlich hochgeladen

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) Box for Protecting Endpoints

  • 1. February 2009 When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Endpoints Endpoint security issues simply can’t be ignored, regardless of the size of the Sector Insight organization. Small enterprises in particular often need to “do more with Aberdeen’s Sector Insights less” when it comes to protecting their endpoints from Internet-based provide strategic perspective threats and vulnerabilities. Based on Aberdeen's July research on Vulnerability and analysis of primary Management, organizations with up to 1,000 users should make an explicit research results by industry, decision about selecting the best endpoint security solution for their current market segment, or geography. problems, rather than unnecessarily taking on by default the potential complexities, higher costs, or negative performance impact of anti-malware solutions from better-known providers such as McAfee and Symantec. Business Context – Vulnerabilities Affect Us All Size doesn't matter: any organization whose business operations involve Sector Definition networks, computers, and application software is at risk due to For purposes of this Sector vulnerabilities in these assets that can potentially be exploited, leading to Insight, “small enterprise” was unauthorized access, exposure of sensitive data, disruption of services, or analyzed as organizations with failure to comply with regulatory requirements. Vulnerabilities in computing up to 1,000 users, and as those infrastructure stem from many sources, including software defects, with <$50M in annual revenue, improper configurations, and simple human error. Small enterprises are just with substantially the same as susceptible to these threats and vulnerabilities – including viruses, worms, results. In this context, small enterprise includes not only Trojans, spyware, adware, bots and rootkits, to name a few – as any other many thousands of private Internet-connected organization. sector companies, but also The quantity, diversity, and sources of software being installed at the thousands of state and local endpoints exacerbate the problem. About half of all respondents in government and educational institutions. Aberdeen's recent benchmark studies reported a year-over-year increase in the average number of software agents installed and managed on endpoint devices, with no statistically meaningful differences between top performers and lagging performers in this regard. And this does not include the many applications, add-ins, players, readers, gadgets, toolbars and other endpoint software installed and “managed” unofficially by the end-users. Anecdotal conversations with organizations of all sizes indicate a growing concern in Fast Facts general over software "bloat” at the endpoints, the additional security risks it creates, and especially its negative impact on endpoint performance. Anecdotal conversations with organizations of all sizes Although in many ways organizations of all sizes are the same, in certain indicate a growing concern in important aspects the small enterprises are sharply different: general over software "bloat” at the endpoints, the additional • Small businesses are much more likely to “go it alone” with security risks it creates, and their limited in-house resources. For example, 70% of small especially its negative impact on enterprises indicated that they do not use outside vendors or endpoint performance. © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 2. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 2 consultants as part of their approach to protecting their endpoints, as compared to about 50% of the companies with top results. • Relative to other activities, small businesses place a lower than average priority on protecting their endpoints. For example, on a scale of 1 (lowest) to 5 (highest), small enterprises ranked endpoint security at 3.03, as compared to a rating of 3.20 by the top companies and 2.97 by those with relatively worst results. • Small businesses are actually spending more than the Industry Average on protecting their endpoints, not only as a percentage of total IT security budget, but also in terms of year-over-year increase (Figure 1). Figure 1: Small Enterprises are Spending More than the Average Maturity Class Definitions Best-in-Class Industry Average Laggards Small Enterprise To distinguish Best-in-Class 24.4% companies from Industry Average and Laggard 20% organizations, Aberdeen used the year-over-year change in 17.0% the following criteria: 14.4% 12.9% 10% 11.9% √ Average time to identify 8.8% 10.0% relevant vulnerabilities and threats 4.0% √ Average time to deploy 0% critical updates to all affected % of IT Security Budget on Securing Year-over-Year Change in Endpoint Endpoints Security Budget systems √ Average time to make Source: Aberdeen Group, February 2009 emergency configuration changes on all affected Small enterprises are spending more, but has it led to better results? systems when no update is Unfortunately, the small enterprises in Aberdeen's benchmark research available were found to be below the Industry Average in most aspects of security and compliance, and well below the leading companies across the board. √ Total number of penetration Figure 2 and Figure 3 present the average year-over-year change reported incidents by respondents in the study for selected security- and compliance-related √ Total number of data loss metrics, respectively indicating the responsiveness and effectiveness of their incidents endpoint security activities. In this case, Best-in-Class results are represented by a year-over-year decrease, while a year-over-year increase is Companies with top outcomes based on these criteria earned indicative of Laggard performance. The relative outcomes of the Industry Best-in-Class status. Average and Small Enterprises are shown as a colored bar, with worse results indicated by the color red and better results indicated by green. Examination of Figure 2 and Figure 3 illustrates that small enterprises in Aberdeen's benchmarks were: • Below the Industry Average in terms of time to identify and address threats and vulnerabilities © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 3. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 3 • Above the Industry Average (but well below the level of the Best-in- Class) in terms of the number of penetration incidents or data loss incidents • Below the Industry Average in terms of audit deficiencies related to compliance requirements Figure 2: Small Enterprises are Below Average in Responsiveness Industry Average Best-in-Class Laggards Small Enterprise 10% 5.3% "The scanning time for our incumbent antivirus solution Average Year-over-Year Change 5% LAG 3.7% was unacceptable, and it was a 3.3% 3.4% resource hog especially on some of our older machines. We needed a solution that was 0% -1.1% more streamlined." -1.7% -1.2% -0.7% BIC -1.1% -1.4% ~ Kerry Kirk, -2.1% VP of Information Technology -3.8% -2.7% HCSB, a Texas-based State -5% Banking Association -7.7% -8.4% -8.4% -10% Average time to Average time to Average time to Average time to identify relevent deploy critical deploy non-critical make emergency vulnerabilities and updates on all updates on all configuration threats affected systems affected systems changes on all affected systems when no update is available Source: Aberdeen Group, February 2009 To be clear, the selection and deployment of the optimal solution from a credible vendor is obviously a key success factor for protecting an organization's IT infrastructure from the never-ending flow of new threats and vulnerabilities. As important as the solution itself, however, are the important choices to be made in terms of policy, planning, process, and organizational elements of implementation and ongoing management. As a whole, each organization's unique blend of "people, process and technology" is the key to their ability to manage vulnerabilities in a sustainable, cost- effective way. Solutions whose features can reduce or remove inefficiencies in these areas have the tangible benefits of being faster to get up and running, and more cost-effective to support and manage over time. © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 4. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 4 Figure 3: Small Enterprises Can Make Large Gains in Effectiveness Industry Average Best-in-Class Laggards Small Enterprise 5% 2.7% -0.1% 0.6% Average Year-over-Year Change 0% -2.8% LAG -5.9% -5% -3.6% -7.4% -6.4% BIC -10% -10.1% -15% -13.8% -20% -25% -23.8% -23.3% Number of penetration Number of data loss Number of audit incidents incidents deficiencies Source: Aberdeen Group, February 2009 Benchmarking the Small Enterprise: What They Want What are the leading drivers for investments made by small enterprises in protecting their endpoints from network-based vulnerabilities and threats? "A key consideration, which I Relative to the Best-in-Class, Aberdeen's research shows that smaller think is as important as all the enterprises indicated stronger focus on the pressures of keeping the others, is tech support. That business up and running and protecting their IT infrastructure, and alone is reason enough for less focus on pressures related to compliance and data protection. In the IT serious purchase consideration. security version of Maslow's hierarchy of needs, the research indicates that Technicians that communicate small enterprises are focused heavily on the base of the pyramid. well and that really do stay with you until the problem is solved In terms of their strategic responses to these pressures, small enterprises are invaluable." and Best-in-Class organizations indicated similar approaches for protecting their endpoints, for example, conducting regular vulnerability assessment ~ Kerry Kirk, scans and implementing consistent policies and procedures for managing VP of Information Technology HCSB, a Texas-based State threats and vulnerabilities. Unfortunately, good strategy is not always linked Banking Association to good execution. Best-in-Class organizations were about 1.4-times more likely than small enterprises (87% versus 67%) to indicate regular vulnerability scans as a current capability, and about 1.7-times more likely (70% versus 41%) to have consistent threat and vulnerability management policies in place. Examining the inhibitors to investments in endpoint security shows that the perceived absence of compliance as a driver – the number one inhibitor indicated by small enterprises in the study – often means “do not invest.” The second leading inhibitor (and the greatest gap between small enterprises and all respondents) was lack of in-house IT skill sets. This should not be taken as IT staff in small companies being less capable, of course, but rather that in most small companies they tend to be jacks-of-all- © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 5. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 5 trades as opposed to the more highly-specialized roles to be found in larger organizations. When one combines the lack of in-house expertise with the fact that small enterprises are more inclined to go it alone, it seems clear that many small enterprises are not doing more with less, but doing less with less. The inhibitor representing the second greatest gap between small enterprises and all respondents was no financial loss expected. Both industry headlines and Aberdeen's benchmark research consistently indicate otherwise, pointing to a high need for additional awareness and education about the probability and financial impact of a material incident. But overall the profile is consistent: small businesses are most likely to invest to keep the business running, if they are compelled to do so (compliance), or if they expect non-investment to cost them money. Selection Criteria for Endpoint Security Solutions / Vendors Small companies participating in Aberdeen's benchmark research placed the Solution Selection Criteria highest priority for selection criteria on total cost of ownership – which Based on the research, the includes not only the cost of acquisition, but also the cost of deployment following selection criteria for and the cost of ongoing management – by a factor of 1.6-times more than endpoint security (anti-virus, the Best-in-Class (Figure 4). Although acquisition costs are easiest for anti-malware) solutions are making a direct comparison, Aberdeen's research consistently shows that valued most highly by small top results are actually gained (or not) by top performance in deployment companies: and ongoing management. For the typical small enterprise, solutions that are √ Cost to acquire effective and simplest to manage should be given strong consideration. √ Cost and time to deploy Solution providers with domain expertise, demonstrated success in similar projects, and commitment to customer service are valued highly √ Cost of ongoing operations by all respondents, including the small enterprise. Small organizations also √ "Footprint" of software at place relatively higher value on recommendations made by their the endpoints, particularly in peers. terms of its impact on resources required and Figure 4 also illustrates that breadth of solution offerings, such as the endpoint performance product strategies being pursued by the larger category leaders such as McAfee and Symantec, is much less important to small businesses. The √ Expertise and customer advanced capabilities of these solutions (e.g., data loss prevention, network service of the solution access control, asset management, backup and recovery) are addressing the provider evolving security needs of the Global 2000, but they are beyond the immediate needs of many small enterprise customers, and the additional complexity of the management consoles is an unnecessary burden. It is in this sense that small enterprises focused on anti-virus / anti-malware solutions should think outside the red and yellow boxes of the respective market leaders, and give deliberate consideration to smaller, more focused endpoint security vendors (for an illustrative solutions landscape, see Table 1). © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 6. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 6 Figure 4: What Small Businesses Look For in Solutions / Vendors 60% 59% Best-in-Class Small Enterprise 40% 44% 44% 44% 41% 38% 36% 38% 36% 33% 20% 25% 23% 0% Total Cost of Demonstrated Domain expertise Commitment to Recommendations Breadth of solution Ownership success in similar customer service by peers offerings projects Source: Aberdeen Group, February 2009 Case in Point Colonial Mills, Inc. (CMI), based in Pawtucket, Rhode Island, combines "old school craftsmanship" with "new age innovation" to produce braided- texture products such as area rugs, accessories, and custom designs with superior customer service. The company manufactures its award-winning products near the historic Slater Mill (circa 1793) in the Blackstone River Valley, considered to be the birthplace of the American textile industry. CMI has worked hard to drive new efficiencies in a well-established manufacturing process, by aligning its efforts across departments using "lean manufacturing" techniques, in which new orders are typically shipped within 5 days. CMI has made significant investments in technologies to improve its capabilities in order processing and customer relationship management, including real-time queries of order status. In such a lean, focused IT environment, CMI could ill afford the lost "When a scan would kick off productivity caused by excessive viruses, spyware, and other malware with our previous installation of attacking their endpoints. At the same time, they could not afford the lost Symantec Corporate Edition, productivity caused by the performance of their initial endpoint security the PC would be sooo slow. solution. "When a scan would kick off with our previous installation of With [Sunbelt Software's] Symantec Corporate Edition, the PC would be sooo slow," said Bill VIPRE, our users don’t even realize the scan is taking place." Turgeon, Chief Information Officer for Colonial Mills. After evaluating solutions from both Symantec and McAfee, CMI ultimately selected VIPRE ~ Bill Turgeon, Enterprise from Sunbelt Software, with positive results. "With VIPRE, our Chief Information Officer users don’t even realize the scan is taking place," said Turgeon. Colonial Mills, Inc. For CMI, the most importance decision criteria were a combination of performance and price. "We are a small business, with 65 users and a very small budget," notes Turgeon. "For anti-virus / anti-spyware, the VIPRE product simply outperformed the others. The fact that it was about one-half the price was a bonus. Sometimes the ‘big players’ are not the best solution © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 7. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 7 for our environment." Performance is "no longer a problem" at Colonial Mills, and disruption due to viruses has been virtually non-existent. Sunbelt's commitment to customer service was also an important element of CMI's decision to go with a smaller provider. "Previously, I would be on hold for long periods, waiting for technical assistance," said Turgeon. "I no longer have that issue with Sunbelt, which has done a great job of communicating with us about new releases. They make it very easy to want to do business with them." Solutions Landscape Solution providers for endpoint security can range from smaller specialists to multi-billion dollar firms. Table 1 provides an illustrative list. Table 1: Solutions Landscape for Endpoint Security (illustrative) Company Solution(s) Description Sunbelt Software's VIPRE Enterprise combines anti-virus, anti-spyware, VIPRE anti-rootkit and other technologies into a single agent, handled through Sunbelt Software Enterprise a central management console, while minimizing the negative performance and resource impact of traditional endpoint security www.sunbeltsoftware.com products. Sunbelt Network Security Inspector provides network vulnerability Sunbelt scanning by IP, port, machine, and service. It detects a broad range of Network vulnerabilities in systems running Windows, Sun Solaris, MAC, HP-UX, Security Red Hat Linux, Mandriva Linux, SUSE Linux, Cisco routers, and HP Inspector printers. AVG Internet The AVG Internet Security Network Edition solution provides anti- AVG Technologies Security virus, anti-spyware, anti-rootkit and other security technologies for www.avg.com Network protecting the endpoints. The solution includes a real-time vulnerability Edition scanner and automatic updates to ensure continuous protection. McAfee Total Protection for Endpoint combines McAfee endpoint Total Protection security technologies, ongoing research into emerging threats, and McAfee for Endpoint scalable management from a single console. Advanced compliance features limit access to non-compliant systems, automate reporting, and www.mcafee.com integrate with third-party compliance tools. McAfee ePolicy Orchestrator is designed to be a central hub for ePolicy managing multiple layers of protection, enforcing policy, monitoring Orchestrator security status, making updates, and generating detailed graphical reports. Endpoint Symantec Endpoint Protection 11.0 integrates anti-virus, anti-spyware, Protection 11.0 personal firewall, intrusion prevention, device control, and application Symantec control in a single agent managed by a single management console. www.symantec.com Endpoint Symantec Endpoint Management Suite 1.0 is designed around a common Management architecture to support security, system management, and recovery Suite 1.0 functionality for advanced automation, system interoperability, and increased visibility and control for Windows-based endpoints. Source: Aberdeen Group, February 2009 © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 8. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 8 Summary and Recommendations Based on Aberdeen's benchmark research and interviews with select respondents, small enterprises should consider the following: • Make endpoint security a priority. It may not be pleasant, but managing the threats and vulnerabilities that put your endpoints at risk is a necessary function for any organization with business "It was a wonderful thing to operations that involve Internet-facing networks, computers, and find a nice tight little footprint application software. Improving capabilities in all three phases of the that doesn't kill our client vulnerability management lifecycle (i.e., "assess," "prioritize," and systems while scanning." "remediate") pays off in two ways. First, it reduces the risks and ~ Bill Turgeon, costs associated with the flood of new threats and vulnerabilities Chief Information Officer that emerge on a weekly basis. Second, it reduces the total costs of Colonial Mills, Inc. managing threats and vulnerabilities and protecting the endpoints, which frees up limited resources to invest in more strategic IT initiatives. • Optimize your limited resources. Most small organizations don’t have a large or dedicated IT staff, and the research shows that in spite of having limited internal resources they tend to "go it alone". Small enterprises should make an explicit decision about selecting the best endpoint security solution for their current problems, rather than taking on by default the unnecessary complexities, cost, and performance-crippling bloat of solutions that provide more functionality than the organization currently needs. • Think outside the (red / yellow) box. Small organizations "You don’t always have to go should be open to endpoint security solutions from vendors other with the ‘big guys’ for software. than McAfee and Symantec, especially those that address the key After working with several very selection criteria identified in the research: total cost of ownership, large vendors in the past, domain expertise / demonstrated success in similar projects, working with a smaller minimal footprint and impact on performance, and commitment to provider [Sunbelt Software] has been a breath of fresh air.” customer service. Endpoint security issues simply can’t be ignored, regardless of the size of the ~ Kerry Kirk, VP of Information Technology organization. In a tough economy, small enterprises in particular need to HCSB, a Texas-based state “do more with less” when it comes to protecting their endpoints from banking association Internet-based threats and vulnerabilities. The research shows that they can compete most effectively by consciously choosing the right tool for the job. For more information on this or other research topics, please visit www.aberdeen.com. © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897
  • 9. When Less is More: Why Small Companies Should Think Outside the (Red / Yellow) Box for Protecting Their Endpoints Page 9 Related Research Unified Threat Management: What's In, Data Loss Prevention: Little Leaks Sink What's Next, and Why; September the Ship; June 2008 2008 PCI DSS and Protecting Cardholder Data; Vulnerability Management: Assess, June 2008 Prioritize, Remediate, Repeat; July 2008 Author: Derek E. Brink, Vice President and Research Fellow, IT Security (Derek.Brink@aberdeen.com) Since 1988, Aberdeen's research has been helping corporations worldwide become Best-in-Class. Having benchmarked the performance of more than 644,000 companies, Aberdeen is uniquely positioned to provide organizations with the facts that matter — the facts that enable companies to get ahead and drive results. That's why our research is relied on by more than 2.2 million readers in over 40 countries, 90% of the Fortune 1,000, and 93% of the Technology 500. As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte- Hanks (Information – Opportunity – Insight – Engagement – Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen http://www.aberdeen.com or call (617) 723-7890, or to learn more about Harte-Hanks, call (800) 456-9748 or go to http://www.harte-hanks.com This document is the result of primary research performed by Aberdeen Group. Aberdeen Group's methodologies provide for objective fact-based research and represent the best analysis available at the time of publication. Unless otherwise noted, the entire contents of this publication are copyrighted by Aberdeen Group, Inc. and may not be reproduced, distributed, archived, or transmitted in any form or by any means without prior written consent by Aberdeen Group, Inc. 043008a © 2009 Aberdeen Group. Telephone: 617 854 5200 www.aberdeen.com Fax: 617 723 7897