From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget

Friday, June 14, 2013

Vinod Mohan


The rising demand of affordable IT security tools and the concept of security commoditization make it difficult to choose the right security solution for organizational networks of any size. Especially for SMBs whose budgets are a key determining factor, it becomes all the more difficult to accommodate a variety of tools for different purposes such as IT security, operations and compliance. And while IT professionals from SMBs may find it easy to ignore screaming headlines announcing the latest enterprise security breach, it doesn’t mean they have the luxury of ignoring security altogether.

In fact, the same security threats enterprise organizations face should also be taken seriously by SMBs, especially: targeted espionage, unintentional or accidental loss of data, Denial of Service (DoS) and Distributed Denial of Service (DDos) attacks, understaffed IT teams, phishing attempts and malware exploiting common vulnerabilities in Java and Flash runtimes.

Given the expanding threat landscape for the SMB and the increased demand for affordable IT security tools, here are five valuable tips for IT pros that help shed light on managing enterprise security on a budget:

1. Demonstrate Value: Show how powerful analytics, incident awareness, change modeling, automated audits and built-in reporting convert to operational efficiencies, and in turn, major cost savings for the company.

  • Analytics and Incident Awareness: The combination of real-time analytics and incident awareness of operational and policy-driven events happening on the network ensures continuous monitoring and the ability to identify potential security threats. Real-time event log correlation provides granular analytics to detect and alert on threats sooner, and results in quicker and more efficient remediation measures.
  • Change Modeling: There’s a great deal of time and effort invested in implementing firewall rule changes, and if this fails, networks may be exposed to security risks and firewall irregularities. Predictive change modeling helps evaluate the impact of proposed changes to ACL, NAT, and route rules on network operations before going live on the production environment, which augments the operational efficiency of managing firewalls.
  • Built-in and Automated Reporting: Security tools with these features save manual hours spent generating detailed and customized compliance and management-level reports, and they also keep pace with network and security audits.

2. Combine Visibility and Control: Visibility from monitoring tools combined with the ability to take control and manage rules, roll back device settings, identify rogue devices, and quarantine systems to pre-empt security disasters, will ultimately help avert security risks.

  • Roll Back Network Device Settings: Many times there’s a security mishap due to unwarranted configuration changes. Having visibility over these changes, comparing configurations over time, and being able to roll back to an earlier, good configuration is a powerful security remedy.
  • Identify Rogue Devices: With the BYOD explosion, it’s become more complex to manage and maintain visibility on all user devices on the network. When a rogue device connects or an error is caused by an offending device, it’s important to be able to identify it and shut down the port to mitigate security risks and prevent network problems.
  • Quarantine Infected Systems: It is possible that when security is breached and any system is infected by malware, phishing, spyware, etc., the infection could spread to other machines on the network. This has to be detected in real time and the infected machine has to be shut down and disconnected from the network.

3. Bang for Your Buck: Use best-of-breed security tools that also render functionality to address and simplify IT operational challenges alongside securing IT assets from vulnerability exploits. Establish integration between security and network management tools to simplify management and centralize security and operations control.

  • Patch management is a strong security measure that prevents vulnerability exploits by patching applications with security updates. Besides the security viewpoint, centralized and automated patch management reduces manual patching efforts and simplifies IT operations.
  • Firewall change management is another key security frontier that provides tremendous functionality to simplify rule and object management and thereby enhance security.
  • User device tracking tools integrated with IP address management solutions allow IT pros to gain extended visibility into the organization’s IP space and help manage BYOD.
  • Network performance monitoring solutions integrated with SIEM systems provide correlation of network events with other events across the enterprise, perform root-cause analysis of problems across systems, and triage or respond to issues.

There are various combinations to put the network and security pieces together, and they need to be tailored to the organization’s specific requirements. For what it’s worth, this is definitely more affordable than larger and more complex enterprise security solutions.

4. Prepare Failover, DR and Backup Plans: Should there be a security mishap, avoid data loss and service downtime. Here are some tips:

  • Have a secondary network line as backup to ensure high availability in the event the network goes down.
  • Back up as often as possible – at least important data. Avoid using partitioning on the same disk to back up and instead use a different storage device.
  • Consider affordable cloud storage options to back up corporate data.
  • Have failover servers to switch over should the primary server fail or crash.
  • Prepare failover options for network monitoring tools in order to monitor network performance.
  • Have the capability to monitor logs and identify anomalies in order to understand if security systems function as expected or are breached.
  • Put remote connectivity options in place should employees need to work from home.

These are a few cost-effective tips for ensuring the network and services are up and running without interruptions. Many SMBs do not have a proper DR and backup plan in place and thus fall victim to crashes and downtime, as well as the inability to redeem lost data and service.

5. Education and Training: Educate and train employees and IT teams on corporate IT security policies, violations, and security risks.

  • Make employees personally feel they are also responsible for corporate IT security.
  • Spread awareness via emails and short group sessions on the impact of not being alert and prudent when it comes to actions that could sprout security risks.
  • Have security FAQs in the help desk knowledge base.
  • Conduct internal IT security policy quizzes or tests for employees and encourage them to learn policy violations and their impact on business.
  • Consider registering employees for free daily online security tips, like these from the SANS institute.
  •  Leverage peer-to-peer online communities for security mindshare.

Security education is part of smart security preparation. Better awareness and preparedness will help avoid many commonplace security lapses.

When selecting security tools, keep in mind that budgetary restrictions don’t have to entirely compromise IT functionality. Based on the information outlined above, SMBs do not have to invest in costly and sophisticated enterprise solutions for IT security. The trick is to find the optimum tools that are affordable and efficiently serve multiple network and security requirements while accounting for cost savings.

About the Author: Vinod Mohan is a senior product marketing specialist for SolarWinds, a provider of products and tools that help solve a broad range of IT management challenges.

Possibly Related Articles:
Cloud Security Firewalls Network->General Enterprise Security Policy Security Awareness
Information Security
Network Security smb security IT Management
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.