10 Security Services Options for SMBs
Outsourcing security remains one of the best ways for small to midsize businesses to protect themselves from cyberthreats.
For small and midsize businesses, cyberattacks can hurt in a big way – and if they lead to data breaches, the pain can be devastating.
A landmark survey of more than 1,000 SMBs last fall by the National Cyber Security Alliance found that while 88% believe they are "somewhat likely" a target for cybercriminals, nearly 30% already experienced a data breach in the past year. And of the group that was breached, 37% suffered a financial loss, 25% filed for bankruptcy, and 10% went out of business.
SMBs today have a wide range of security outsourcing options to choose from to tighten up their security defenses. While it remains unclear just how much the rapidly changing economic impact of the COVID-19 pandemic will affect small (less than 100 employees) and midsize (100 to 999 employees) business in the long term, cybercriminals aren't slowing down their activity, either.
Here is a look at some providers of security services for SMBs. This list draws from reports and research on managed security service providers (MSSPs) published in the past year by analysts including Gartner, Forrester, and IDC. Through extensive interviews with the vendors, only the companies that actually have programs for SMBs made the list.
This is not a comprehensive list of all security services out there for SMBs, so feel free to add others in our Comments section below.
Comcast Business Services has some 2 million SMB customers, so it views this market as vital to its business model. Shena Tharnish, vice president of cybersecurity product management, says above all, the security for SMBs has to be simple and easy to understand.
Toward that end, Comcast Business Services offers SecurityEdge for $29.95 a month. Security Edge includes the following: automated blocking of malicious sites, Web filtering, and weekly dedicated reports of the malicious activity that customers can view and analyze on a portal.
Tharnish says SecurityEdge protects all devices an SMB may have exposed to the network. This includes Internet-enabled printers, coffee machines, thermostats, guest clients, and employees who come to work with their own devices. "The beauty of SecurityEdge is if the devices access your network, they will get blocked from malicious traffic," she says.
SMBs can also opt to get their connectivity via Comcast Business Services. Small business prices start at $69.95 for download speeds of 35 Mbps with a two-year agreement.
John Loveland, global head of cybersecurity strategy and marketing at Verizon, says while the company has not announced any specific packages to date, SMBs are looking for security features to be packaged with their Internet connectivity.
"People are looking for a single bill for all these services," he says.
Loveland points out that along with connectivity, SMBs need services such as DNS network protection, DDoS services, and endpoint protection. Some SMBs will then move up the stack to managed detection and response services, Loveland says. Verizon also plans to start offering mobile device management (MDM) and mobile threat data protection services during the second half of 2020.
Verizon charges SMBs $69 per month for 100-Mbps service, with a one-year price guarantee. Basic digital security costs $10.99 per month and comes comes with antivirus and anti-spyware protection and 1 TB of cloud storage.
Chris McDonald, head of Sprint's security products design team, says the company has been keying in on a mobile security package for SMBs. Too often, he says, small companies lack visibility and control, lose devices, and can't wipe them, and employees don't use public Wi-Fi properly.
Sprint's Mobile Management and Security package lets SMBs remotely manage and control all their mobile devices, apps, and access from a single screen. The package also includes what Sprint describes as AI-driven threat detection and automated remediation, and mobile data encryption over Wi-Fi. It also includes help from Sprint security experts for integration and deployment as well as for ongoing support. Pricing starts at less than 25 cents per day, per device, plus a one-time $750 set-up charge.
Small businesses typically don't have an IT staff. Danielle Russell, associate director of product marketing management at AT&T Cybersecurity, recommends that SMBs start off with AT&T's Cyber Risk Posture Assessment. The service runs $6,000 for the full program. While that's a big investment for a small business, Russell says the service helps SMBs more effectively target their overall security spend. The assessment provides information on their business risk, the extent to which they can absorb risk, and what similar companies tend to spend on security in their industry. In addition, AT&T Cybersecurity Consulting Services also offers Cybersecurity IQ training -- a cyber-awareness program that costs $1,200 for up to 100 employees.
Russell says many customers opt to purchase connectivity along with DDoS security services, but that's not enough to combat today's threat landscape. AT&T Dedicated Internet service starts at $599 per month and DDoS Defense costs $98 per month. AT&T also has a full range of managed security services it offers SMBs, including: Global Security Gateway, $2.46 per user/per month; Secure Email Gateway, $1.35 per user/per month; and Managed Firewall, $501 per month (prem-based).
Major security providers such as Sophos work with MSSPs to deliver packages of security services to SMBs. Scott Barlow, vice president and global channel executive at Sophos, says most SMBs need help with endpoint security and that Sophos works with its MSSPs to deliver a holistic package of services that includes endpoint protection, firewalls, and email and device encryption. SMBs also can opt for mobile security and security awareness training.
The Sophos products available via MSSP include Sophos Intercept X for endpoint, mobile, and server; Sophos Cloud Optix (analytics for cloud apps); and Sophos PhishThreat (phishing attack simulation and training for end users).
Pricing varies depending on a number of factors, including solution type, number of users, and term length. For example, pricing of the recently launched Sophos XG Firewall starts at $359 per year for new customers and scales based on term length and model.
Lamon Gorman, service provider channel program manager at Trend Micro, says he works with MSSPs to get SMBs to think of security as less of a checklist item and more of how to deploy a full security system.
"We try to get the SMBs to think of security beyond just the endpoint," Gorman says.
Trend Micro markets its Worry Free XDR service offering through its MSSPs. The service includes endpoint, email, and advanced analytics services. Gorman says one MSSP the company works closely with charges $1.25 per user/per month for the endpoint service. The full package of services with endpoint, email, and security analytics costs $5.50 per user/per month.
"It takes some explaining, but the SMBs tend to understand that in today's threat environment, they need more than traditional antivirus software," Gorman says. "They need something that can feed all their log data into a data lake and run analysis using artificial intelligence and machine learning so they can keep up with unknown threats."
SMBs typically take two approaches to security. Dan Larson, senior vice president of marketing at Arctic Wolf, explains that the first one is a tactical approach -- in which a business buys new security tools to address its needs, but once purchased, it often realizes it lack the resources to properly implement and manage them. The second option revolves around a more strategic approach in which an SMB understands that good security extends beyond just deploying new tools, and that it's critical to have 24x7 monitoring for new threats across its network, endpoints, and cloud infrastructure.
Arctic Wolf's SOC-as-a-Service offering is aimed at SMBs taking the strategic approach, he says. The service includes 24x7 monitoring, detection and response services, and recovery. Larson notes that Arctic Wolf's SOC-as-a-Service package offers a predictable pricing model that includes unlimited log ingestion and consultation with Arctic Wolf's Concierge Security Team, as well as no requirement to purchase an incident response retainer. Managed Detection and Response starts at $15 per user/per month and $7.50 per user/per month for Managed Risk.
Bharath Varudevan, vice president of product and technical marketing at Alert Logic, says his teams start by assessing the security maturity of an organization. A company's security maturity typically correlates to the company's overall IT maturity, he says.
The company offers its Alert Logic Essentials service to SMBs: It starts at $550 a month with a three-year term and includes vulnerability and asset visibility with extended endpoint protection. Essentials is typically used by companies with up to 100 employees. Next up the stack is Alert Logic Professional, which includes Essentials, plus threat detection and incident management. Professional, which is aimed at organizations with around 250 employees, starts at $2,400 a month with a three-year term.
Alert Logic Enterprise, typically for midsize organizations with more than 500 users, comes in two flavors: For $4,300 a month with a three-year term, customers get Alert Logic Professional with Web Application Firewall protection; for $4,500 a month (also with a three-year term), they receive Alert Logic Professional and the services of a security analyst who does threat hunting and customized policy configurations.
Clone Systems features its Clone Guard ONE package targeted for SMBs from 50 to up to 250 employees. Scot LeVan, the company's chief operating officer, says with more states passing privacy laws like the one that recently went into effect in California, many companies will need to have the kind of basic security services that Clone Guard ONE offers.
Clone Guard One includes managed intrusion prevention, vulnerability assessments, PCI compliance scanning geared for retailers and companies that accept credit cards, and a managed security information and event management (SIEM) service. SMBs can also opt for an on-demand penetration test as an add-on, a feature LeVan says most companies authorize once or twice a year. Customers can access their security information and data through a Web-based dashboard, and Clone Systems offers 24x7 monitoring at two SOCs, one at its Philadelphia headquarters, the other in Athens, Greece. The Clone Guard ONE service costs about $700 a month to support 100 employees.
Peter Bartlett, director of product management and strategic business development at Secureworks, says many SMB customers start with its iSensor intrusion detection system that monitors all incoming and outgoing traffic. SMBs that want to step up their security opt for the Detect & Prevent package, which includes iSensor, plus monitoring for all devices. This includes all servers, devices, firewalls, and Web application firewalls.
Pricing for iSensor starts at less than $10,000 annually and scales up to larger environments for a higher price. The Detect & Prevent package (which includes iSensor) runs for less than $20,000 annually for the smallest solution and scales up to much larger environments for a higher price. And by Q2 of this year, Secureworks also expects to have a managed detection and response (MDR) offering based on its Threat Detection and Response software specifically targeted to SMBs.
Peter Bartlett, director of product management and strategic business development at Secureworks, says many SMB customers start with its iSensor intrusion detection system that monitors all incoming and outgoing traffic. SMBs that want to step up their security opt for the Detect & Prevent package, which includes iSensor, plus monitoring for all devices. This includes all servers, devices, firewalls, and Web application firewalls.
Pricing for iSensor starts at less than $10,000 annually and scales up to larger environments for a higher price. The Detect & Prevent package (which includes iSensor) runs for less than $20,000 annually for the smallest solution and scales up to much larger environments for a higher price. And by Q2 of this year, Secureworks also expects to have a managed detection and response (MDR) offering based on its Threat Detection and Response software specifically targeted to SMBs.
For small and midsize businesses, cyberattacks can hurt in a big way – and if they lead to data breaches, the pain can be devastating.
A landmark survey of more than 1,000 SMBs last fall by the National Cyber Security Alliance found that while 88% believe they are "somewhat likely" a target for cybercriminals, nearly 30% already experienced a data breach in the past year. And of the group that was breached, 37% suffered a financial loss, 25% filed for bankruptcy, and 10% went out of business.
SMBs today have a wide range of security outsourcing options to choose from to tighten up their security defenses. While it remains unclear just how much the rapidly changing economic impact of the COVID-19 pandemic will affect small (less than 100 employees) and midsize (100 to 999 employees) business in the long term, cybercriminals aren't slowing down their activity, either.
Here is a look at some providers of security services for SMBs. This list draws from reports and research on managed security service providers (MSSPs) published in the past year by analysts including Gartner, Forrester, and IDC. Through extensive interviews with the vendors, only the companies that actually have programs for SMBs made the list.
This is not a comprehensive list of all security services out there for SMBs, so feel free to add others in our Comments section below.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024