Risk
3/10/2011
03:10 PM
Connect Directly
RSS
E-Mail
50%
50%

M86 Launches SMB Security Suite

Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs

M86 Security on Thursday debuted a new software suite designed to protect Web and email traffic on the networks of small and midsize businesses.

The M86 SMB Security Suite includes the company's M86 MailMarshal Secure Email Gateway, M86 WebMarshal, M86 Filter List, and M86 Marshal Reporting Console products. The package ships as software that can run on Windows Server or in virtualized environments and supports up to 500 users, the company said.

The rise of automated toolkits and other factors have shifted the threat balance from email to Web traffic, and traditional filtering approaches no longer work for SMBs, according to Paul Myer, M86's senior vice president of corporate development.

"What used to be considered just an enterprise or big business problem has made its way down -- everybody's being affected," Myer said in an interview. "The requirements for small business when it comes to malware are no different than a large enterprise."

The threat landscape has exploded in such a way that, from Myer's vantage point, the hacking trade is worth a multiple of the network security industry. That has made SMBs more sought-after prey: Even though a small company hack might not come with the same bragging rights as a Fortune 500 break-in, the data can be every bit as lucrative when aggregated over time.

"It used to be people just showing off: 'Hey, I can hack you and cause problems for you.' It's a legitimate business now," Myer said. "There are people all around the world who get up every morning and this is what they do for a living."

To identify exploits, M86's SMB platform taps into the same threat labs that serve the company's enterprise customers. Customers have the option of using Sophos or Norman antivirus modules with the WebMarshal portion of the suite. M86 also enables policy-based rules that govern both email and Web behavior on a corporate network, including controls that can limit user actions on social media sites. Rather than block Facebook entirely, for example, an admin could simply prevent employees from posting updates or uploading files to the site. Pricing is subscription-based at $25 per user, per year. Myer said M86 will offer multi-year discounts.

The M86 SMB Security Suite does not protect mobile devices unless they're connected to the corporate network, though Myer said the company is working on something in that vein. "We realize there's a challenge with mobile devices, and we're working to bring out products for that, but we don't have them on the market yet," he said.

Myer believes the mobile security challenge derives from a very specific source: "We trace it directly to the popularity of the iPad," he said. "Even in organizations that are all Windows-based, you've got executives now bringing iPads into the workplace and asking IT administrators to support that. It's not being driven by IT -- it starts at the upper executive levels and they're driving that into the IT infrastructure."

Myer said M86 has focused its mobile product development on iOS because of the iPad's early leadership in the tablet market, but the company sees Android and other operating systems complicating mobile security in the not-too-distant future. "We can see that tsunami coming," Myer said. "It's a cat-and-mouse game. We're just trying to stay in front of it."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.