Risk
3/10/2011
03:10 PM
Connect Directly
RSS
E-Mail
50%
50%

M86 Launches SMB Security Suite

Packaged for organizations with up to 500 seats, M86's new Web and email security software runs on Windows Server or in virtualized environments.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs

M86 Security on Thursday debuted a new software suite designed to protect Web and email traffic on the networks of small and midsize businesses.

The M86 SMB Security Suite includes the company's M86 MailMarshal Secure Email Gateway, M86 WebMarshal, M86 Filter List, and M86 Marshal Reporting Console products. The package ships as software that can run on Windows Server or in virtualized environments and supports up to 500 users, the company said.

The rise of automated toolkits and other factors have shifted the threat balance from email to Web traffic, and traditional filtering approaches no longer work for SMBs, according to Paul Myer, M86's senior vice president of corporate development.

"What used to be considered just an enterprise or big business problem has made its way down -- everybody's being affected," Myer said in an interview. "The requirements for small business when it comes to malware are no different than a large enterprise."

The threat landscape has exploded in such a way that, from Myer's vantage point, the hacking trade is worth a multiple of the network security industry. That has made SMBs more sought-after prey: Even though a small company hack might not come with the same bragging rights as a Fortune 500 break-in, the data can be every bit as lucrative when aggregated over time.

"It used to be people just showing off: 'Hey, I can hack you and cause problems for you.' It's a legitimate business now," Myer said. "There are people all around the world who get up every morning and this is what they do for a living."

To identify exploits, M86's SMB platform taps into the same threat labs that serve the company's enterprise customers. Customers have the option of using Sophos or Norman antivirus modules with the WebMarshal portion of the suite. M86 also enables policy-based rules that govern both email and Web behavior on a corporate network, including controls that can limit user actions on social media sites. Rather than block Facebook entirely, for example, an admin could simply prevent employees from posting updates or uploading files to the site. Pricing is subscription-based at $25 per user, per year. Myer said M86 will offer multi-year discounts.

The M86 SMB Security Suite does not protect mobile devices unless they're connected to the corporate network, though Myer said the company is working on something in that vein. "We realize there's a challenge with mobile devices, and we're working to bring out products for that, but we don't have them on the market yet," he said.

Myer believes the mobile security challenge derives from a very specific source: "We trace it directly to the popularity of the iPad," he said. "Even in organizations that are all Windows-based, you've got executives now bringing iPads into the workplace and asking IT administrators to support that. It's not being driven by IT -- it starts at the upper executive levels and they're driving that into the IT infrastructure."

Myer said M86 has focused its mobile product development on iOS because of the iPad's early leadership in the tablet market, but the company sees Android and other operating systems complicating mobile security in the not-too-distant future. "We can see that tsunami coming," Myer said. "It's a cat-and-mouse game. We're just trying to stay in front of it."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.