Risk
3/10/2011
03:10 PM
50%
50%

M86 Launches SMB Security Suite

Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs

M86 Security on Thursday debuted a new software suite designed to protect Web and email traffic on the networks of small and midsize businesses.

The M86 SMB Security Suite includes the company's M86 MailMarshal Secure Email Gateway, M86 WebMarshal, M86 Filter List, and M86 Marshal Reporting Console products. The package ships as software that can run on Windows Server or in virtualized environments and supports up to 500 users, the company said.

The rise of automated toolkits and other factors have shifted the threat balance from email to Web traffic, and traditional filtering approaches no longer work for SMBs, according to Paul Myer, M86's senior vice president of corporate development.

"What used to be considered just an enterprise or big business problem has made its way down -- everybody's being affected," Myer said in an interview. "The requirements for small business when it comes to malware are no different than a large enterprise."

The threat landscape has exploded in such a way that, from Myer's vantage point, the hacking trade is worth a multiple of the network security industry. That has made SMBs more sought-after prey: Even though a small company hack might not come with the same bragging rights as a Fortune 500 break-in, the data can be every bit as lucrative when aggregated over time.

"It used to be people just showing off: 'Hey, I can hack you and cause problems for you.' It's a legitimate business now," Myer said. "There are people all around the world who get up every morning and this is what they do for a living."

To identify exploits, M86's SMB platform taps into the same threat labs that serve the company's enterprise customers. Customers have the option of using Sophos or Norman antivirus modules with the WebMarshal portion of the suite. M86 also enables policy-based rules that govern both email and Web behavior on a corporate network, including controls that can limit user actions on social media sites. Rather than block Facebook entirely, for example, an admin could simply prevent employees from posting updates or uploading files to the site. Pricing is subscription-based at $25 per user, per year. Myer said M86 will offer multi-year discounts.

The M86 SMB Security Suite does not protect mobile devices unless they're connected to the corporate network, though Myer said the company is working on something in that vein. "We realize there's a challenge with mobile devices, and we're working to bring out products for that, but we don't have them on the market yet," he said.

Myer believes the mobile security challenge derives from a very specific source: "We trace it directly to the popularity of the iPad," he said. "Even in organizations that are all Windows-based, you've got executives now bringing iPads into the workplace and asking IT administrators to support that. It's not being driven by IT -- it starts at the upper executive levels and they're driving that into the IT infrastructure."

Myer said M86 has focused its mobile product development on iOS because of the iPad's early leadership in the tablet market, but the company sees Android and other operating systems complicating mobile security in the not-too-distant future. "We can see that tsunami coming," Myer said. "It's a cat-and-mouse game. We're just trying to stay in front of it."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1449
Published: 2014-12-25
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVE-2014-2217
Published: 2014-12-25
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2014-7300
Published: 2014-12-25
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.