The enemy within

While phishing is another growing security problem, it's less of a technology attack and more of a social engineering concern. "We'll see more phishing attacks in Australia. It is a manifestation of the human problem and the tendency toward financial fraud," Low said. On the corporate front, it's a race against time as many hackers are able to circumvent the system before it can be patched. In a bid to protect new vulnerabilities before security patches are available, the vendor launched a Zero Day Initiative (ZDI) program last year.

"It's like a finishing line. We have to get there before the hacker does," Low said. TippingPoint found 30 zero day threats had been addressed by ensuring details regarding unknown or undisclosed vulnerabilities remained confidential until the issue could be disclosed with the affected vendor's solution or patch.

Of these 30 issues, seven involved widely used Microsoft software products. Other vulnerabilities over the last year have also affected Mozilla, Symantec, Novell, Adobe and Apple. "We develop a digital vaccine, a filter against the virus, and work concurrently with the vendor, which develops the patch," Low said.

ONE-STOP SHOP

Implementing an all-in-one security hardware and software solution made sense at the SMB level as the threat landscape had changed, Trend Micro SMB director, Dave Patnaik, said. Current software solutions were peppered with antivirus, anti-spyware, anti-spam components, which are top requirements for smaller businesses.

"We've gone from seeing major virus outbreaks that affect everybody to more regionalised, country specific attacks," he said. "We're not expecting a big virus outbreak anytime soon. Spam and spyware are the biggest issues to worry about these days.

"Many SMBs don't have an IT department. It's all run by the owners, so we need to provide a solution that addresses their top business issues, and keep it simple and low-cost."

The mid-market was also considering the all-in-one approach as a cost-effective measure, Patnaik said. He predicted this trend would last for the next 2-3 years.

In contrast, TippingPoint's Low cautioned mid-market companies against all-in-one solutions. Coining it a jack of all trades, but master of none, he claimed the approach was too risky for the top end of town.

He also warned larger companies using an integrated security or unified threat management (UTM) solution against relying on the built-in intrusion prevention system (IPS) to prevent new attacks. While an integrated platform was well suited to the SMB and SME customer, it isn't always recommended for large enterprises and networks because it lacks scale, high availability and redundancy. "A UTM product won't support large networks because its limited processing power cannot support multiple security applications under demanding traffic conditions, causing large performance degradation. This will impede network traffic flow," Low said.

Companies should make IPS technology the main focus of their security policy, he said. Dedicated IPS could offer features such as application, performance and infrastructure protection which guarded a company against internal and external cyber attacks. More recent IPS features coming to the fore included spyware protection and multi-gigabit throughout.

An IPS was a worthwhile purchase as an extension of an Intrusion Detection Solution, Low said. The technologies share a common background as each evolved from network analysis or sniffer technologies. While IDS devices are like motion detectors that monitor movement within houses, IPSs are like another layer of locked doors within the house.

"They are a quantum leap in terms of detecting attacks and reacting proactively," he said. Low said its resellers were starting to see the benefits of peddling IPS to an increasingly interested customer base. He attributed some of the shift to the expense of an IDS install.

WEAPONRY

With the threat landscape constantly evolving, a broad spectrum of weapons was required to combat the threats posed to the corporate network, SonicWall regional manager, Chris Barton, said. Simply installing a firewall didn't cut it anymore.

"A multi-layer strategy is required to solve security threats," he said. "An attack can be just around the corner and as likely to hit a small network as a big one - when it comes to attacks the size of the network is irrelevant."

What this means for resellers is that they need to take a whole business approach to their customers' IT and security needs. Moving into a more consultative role will unearth how the security fits into the IT mix, their overall business strategy, and the primary pain points.