SMB networks said at risk

Communications News, Dec, 2005

Prior to deploying intrusion-prevention firewalls, the Nederland Independent School District (ISD), located south of Beaumont, Texas, was faced with a myriad of unauthorized access and major hacking attempts by students, and constant external threats from the Internet. Since being installed, the firewalls have blocked thousands of worms and threats, with no hacking incidents since their deployment.

Fortunately, the school district is large enough to have a fairly sophisticated IT department that is able to spend time and resources evaluating, installing and maintaining such security solutions. Not all organizations, however, are so lucky.

Organizations with limited or no IT departments are experiencing growing encounters with security threats--from spam to spyware to phishing--according to a recent study conducted by security vendor Trend Micro. End-users are encountering malware more often, particularly in smaller companies, according to the findings, especially disquieting for resources-trapped organizations with little or no IT support.

The findings spotlight the challenge smaller organizations face in scaling IT resources to provide technical advice, conduct system scans, clean machines manually, deploy patches and security policies, and educate staff in order to enable a secure working environment.

"Smaller businesses face a dilemma," says Steve Quane, general manager of Trend Micro's small and medium business operations. "Encounters with security threats are rising faster in smaller organizations, but these same organizations are restricted by time, cost and available resources. Whether they have an IT organization or not, these businesses need solutions that make their lives easier, where security protection and threat prevention can be automated. Assessing the efficiency and cost of ownership of current security measures--measures that should protect all layers of a network against unpredictable threats--will help businesses to stay a step ahead of malicious attacks."

The Trend Micro survey of 1,200 companies in the United States, Germany and Japan found that only about 54% of small and medium-sized businesses in the U.S. have an IT department. Yet, phishing encounters have increased in the past three months for about 40% of United States-based workers in small and midsize businesses, and spyware is becoming an increasing threat.

Given the growing complexity of corporate security needs and the evolving security landscape, companies need multilayered security strategies. Smaller organizations, however, often do not have the resources or staff for such multilayered approaches, leaving their networks more vulnerable to security threats.

At the Nederland ISD, eight iPolicy Networks IPF3300 firewall systems have been deployed, one in each of the schools and one in the district administration office. All eight firewalls are centrally managed by a single management system, the iPolicy ISM-Express. The ISM central management console provides one-point configuration, monitoring and reporting control across the entire school district network spread over a three-mile radius campus.

"The firewalls have helped us stop more than 20,000 internal and external worms, viruses and attacks," says Cindy Laird, director of instructional technology. "The best part was that we did not have to change our existing network and the firewalls were quick and easy to deploy."

"Providing secure, legitimate network access to our students and faculty without compromising network security is a vital part of our mission," explains Andre Rosales, Nederland ISD's network administrator. "We needed a security product that would protect us now and in the future."