With the advent of virus, spam and phishing and the real risk of casual browsing resulting in a network threatening download this distinction is now blurred and all these can be classified as attacks, direct or indirect. The right solution depends on the organization, its size and the extent to which its IT systems are controlled. My focus here is on businesses of up to 50 staff. Because of management's focus on day-to-day business issues, most operate a pretty liberal attitude to employees' PC usage beyond the basics of prescribing which email and calendaring client to use.
Larger organizations usually operate much stricter regimes with only authorized applications allowed and set up in a consistent way. Add to that, the need for mobile email communication and protecting client machines and the company network, it all becomes a complex issue.
Busy employees in a loosely controlled small company cannot be expected to focus on the security of their data and PC. This is why the concept of gateway or perimeter protection for businesses is important. Technology is available either in the form of conventional server-based software or increasingly in the form of a single or multifunction appliance which provides a high degree of protection for the business pretty much irrespective of the behavior of the employees.
Guarding the gateway with a firewall is a very well established practice. In some cases this has been extended to intrusion detection, although some question whether the significant extra cost and complexity of a device that has to monitor each LAN segment at wire speed is warranted for the SME or most indeed larger organizations. Intrusion prevention an extension of a firewall to be adaptable and updateable may be the more realistic approach for the most paranoid SMEs!
Virus checking of emails is well accepted and most client PCs are delivered with anti-virus software. A gateway appliance can complement and enhance that by performing the virus scanning at the point of entry into the business. The appliance can be set to automatically update both its virus scanning engine and virus signatures at least daily. The third approach to email scanning offered as a service by some ISPs is being increasingly discredited as it does not catch any browser-based email viruses. As virus writers strive to bypass company protection gateway devices offer virus scanning of downloads in addition to store and forward email. This guarantees pick-up of any virus download attempts resulting from virus spam and casual browsing. Download scanning protects against browser-based email viruses, so if employees download private email at work whilst outside the company email system, any viruses will be picked up.
With around 80 per cent of email being unsolicited spam it's essential to filter out as much as possible to both prevent time wasting as employees deal with it and threats, phishing and virus spam. Detecting spam is not a precise science and it's just as important to prevent false positives as it is to block true spam. Spam detection uses lists of known spamming sites, analysis of the source and route of the email, a check of whether the email is from the source it purports to be from, and then statistical analysis of email traffic. Gateway solutions have the advantage of seeing all email to a business and can make better judgements on its nature. That, coupled with quarantining and 'include/exclude' control on a per user basis, gives a high degree of control. However, to get the best performance some user programming is still needed -- if employees can't be bothered to do this, the gateway approach still gives very effective spam filtering.
With the compulsive effect of the internet URL filtering has been mainly to prevent employee time wasting. A wide range of systems offer various degrees of control such as defining time bands and URL categories on a per employee basis, based on URL lists extending to many millions. It's now recognized that casual browsing can be a threat to a network as much from the use of resources as from viruses and worms, and it's commonplace for organizations to block certain file types, e.g. music files and executable files, completely. Further, following some high profile court cases in the US, employers are seeking to prevent access to any form of offensive material that employees might otherwise stumble across by accident.
The gateway or perimeter approach gives pretty effective business protection without placing the responsibility on individual PC users. Off-site employees can connect to base via VPN, with the protection of encryption, and pick-up email and browse through the company gateway without any loss of security or control. Multifunction appliances can provide a set of balanced tools within one unit.
The author is the managing director of Equiinet.