Tag Archives: Security

Email Backup vs Archiving Graphic

Email backup, email archiving: what’s the difference, and why shouldn’t businesses just rely on one or the other? We explain.

 

Email is alive and well – and growing!

The daily business email volume worldwide will increase from 112.5 billion in 2015 to 128.8 billion in 2019, according to this downloadable report from The Radicati Group.

So there’s an enormous challenge involved in ensuring copies of emails are retained in a manner that both enables them to be quickly accessed in order to support ‘business as usual’ activities, but delivers more extensive and detailed transparency for the purposes of regulatory compliance.

This is the essential difference between email backup and email archiving. Email backup is largely about business continuity, whereas email archiving is largely about protecting a business’s ‘licence to operate’.

Email archiving: a matter of legal record

Email archiving and email backup are two very different beasts – and here’s why.

Email archiving focuses on retaining emails and associated data to ensure legal and regulatory compliance.

Archiving solutions can therefore hold many years’ worth of data demanded by compliance requirements, even for heavily regulated industries like healthcare, banking and finance, pharma, and so on. Email backup does not retain data this long.

Also, email archiving can hold a 100% faithful copy of the email that has been received or sent, because it retains even deleted mails, which backup does not.

Lastly, email backup typically has very granular tools to satisfy compliance requirements around considerations like access control, audit trails, content integrity, and so on – not something you’d typically find in a backup solution.

As an example, take a look at the features in the Libraesva Email Archiver. You’ll see a whole host of refinements that email backup doesn’t offer, including, amongst others:

  • 80 separate permissions to create finely differentiated user roles and restrict access to sensitive information (important for GDPR compliance!)
  • Trusted time-stamping of each email, to securely keep track of creation and modification times
  • Legal hold, to freeze email and data pending litigation or investigation
  • Anti-tampering, to prevent retrospective adulteration of email content and data

Email backup: copy, restore, recover

The objective of email backup, on the other hand, is to easily recover and restore email that is essential to business activity, when that email has either been deleted or made inaccessible in some other way (e.g. by file corruption, deactivation of a leaver’s account, or even a ransomware attack.)

It can be tempting for businesses to convince themselves they don’t really need this service. After all, with cloud services like Office 365, G-Suite and others, isn’t email already backed up - and in some of the most robust data centres in the world?

Actually, no. Once the recycle bin is manually or automatically purged (and that can be after as little as 30 days) the data is gone…forever.

It follows, then, that cloud services still need backup sitting behind them somewhere, and the most readily accessible place to put it is elsewhere in the cloud (cloud-to-cloud backup).

So, for example, a solution like Cloud Ally will back up all the emails (and other data) contained in cloud services like Office 365 Exchange, Sharepoint Online, OneDrive, SalesForce, G-Suite, Box and others) to a cloud-based AWS S3 data centre that is ISO 27001-certified - and indeed to other user-owned storage too.

This process is automated, enabling a business to easily recover backed-up email long after the cloud service providers would have junked it.

So why do businesses need both email backup and email archiving?

Clearly, email backup and email archiving share some DNA.

But neither is a substitute for the other. In fact both, used incorrectly, are risky, and can put the brakes on businesses’ productivity.

Email archiving boasts powerful storage, search and retrieval powers, but for most everyday users - whose emphasis is simply on being able to find and restore email content and attachments, rather than delivering them as legal records in an approved regulatory format – it’s unnecessarily sophisticated to learn and use.

By the same token, the snapshots generated by email backup solutions, whilst typically simple for users to navigate and restore, do not offer the same historical completeness as email archiving – and any attempt to make them do so in answer to a regulatory investigation or similar would entail many hours’ work manually stitching the snapshots together.

Two sides of the same coin? Perhaps. But businesses need both in the bag, or they could end up paying a hefty price - operationally, reputationally, and in the law courts!

Peak‘Apex One’ – it’s difficult to think of a more confident, self-assured name for a new brand!

And it’s a brand on a mission, too – to take the burdensome management out of security. As the Apex One developers put it in their blog, this is about “detecting and blocking as many endpoint threats as possible, without manual intervention.”

This, in turn, translates into less pressure on security teams, lighter workload for security service providers, and less costly time and effort involved overall.

But is this a solution the channel will want to sell? Is it easy and profitable to deploy and manage? And what makes it different from (and better than) what went before?

You can read the full solution brief on our website, but meanwhile here’s our take on it.

Single agent: a game-changer?

Trend’s existing XGen technology already automates threat detection across security layers and endpoints, including PC, Mac and VDI.

But where even the most automated threat detection capability stumbles is the need to use multiple agents to deliver across different kinds of customer deployment – like cloud, on-premise, and hybrid.

Here, Apex One plays a blinder. It has a single agent that is consistent across all customer deployment types, significantly diminishing deployment and ongoing management overheads, and reducing the risk of automation being devalued by interruption.

Given the high proportion of enterprise clients who have complex hybrid environments, this has to be a winner!

Detection and remediation: all done for you!

But security channel partners and in-house security teams alike also need to be sure that what is being automated is the most effective way for dealing with the broadest possible range of threats. Inadequate protection delivered automatically is not a value-add!

Apex One appears to be well ahead of the curve here, however, because it focuses its automation not on preventing threats (an impossible aim), but instead on detecting and removing them.

Unknown or fileless threat? Machine learning and behavioural analysis will spot its threatening characteristics and take action.

Operating system vulnerability? Apex One creates its own virtual patches to prevent zero-day exploits from making it onto any endpoint.

And if you’re hearing echoes of EDR (Endpoint Detection and Response) at this point, it’s true that Apex One offers upsell potential into both Trend’s full EDR and MDR (Managed Detection and Response) solutions - but it’s also important to understand that what Trend have built here is in fact something quite distinct.

Whereas EDR tends fundamentally be a noisy and manual process to manage (as we explained in this earlier post) automated detection and response - which is what Trend call it - neatly does much of it for you.

Manage, visualise, investigate – all in one place

The more you can understand about a threat, the more effective the measures you can take against it.

But the challenge is in corralling all the threat information – including user-based visibility, policy management, and log aggregation - into one place, in a way that makes sense of it.

Apex One has created a centralised console that enables exactly this, so although for some more detailed analysis a connection to an optional EDR dashboard is necessary, visualisation, investigation and reporting are already built into its standard configuration, adding an inbuilt layer of insight that other solutions don’t have.

Conclusions: is Apex One the peak of security for channel partners?

Everyone likes a great name and a strong story, and Apex One has got both in spades – not least because it is in fact essentially the new brand name for the existing Trend endpoint security solution within its Smart Protection Suites solutions family.

But this is not some kind of rebadging exercise to revive a flagging solution – because Trend’s endpoint solution isn’t flagging. Just the opposite, in fact: it has received high praise from industry analysts like Gartner year after year, including in 2018.

But coupling it with a single agent shows that there’s a strategic endgame in mind: to make Trend’s endpoint security solutions as effortless as possible to use across every client environment – and therefore very hard to displace.

For end-clients and channel partners alike – and particularly existing Trend Micro Office Scan users, who will receive Apex One as a regular update at no additional cost - that’s a rebrand that will deliver far more than just a new name and a shiny logo.

Heimdal Security logoHow would your customers feel if they had a Norse warrior stopping malware from reaching their endpoints? Meet Denmark’s Heimdal Security.

In days of old, the sight of Vikings on the horizon was enough to turn decent peasants’ blood to ice.

But the marauding Danes are now playing poacher-turned-gamekeeper – at least in IT security terms.

Because instead of being the threat, they’re now stopping the threats before they make landfall. (Or, at least, before they reach your customers’ endpoints!)

This is what our newest vendor partner Heimdal Security sees as its killer battle cry when compared to traditional endpoint security. And here’s why malware needs to be very afraid of it.

From last-ditch to proactive: endpoint protection transformed

“Form square and stick out your spears” – that’s basically the traditional approach to endpoint protection. Once the problem has hit the machine, the security software rings the panic bell, musters the garrison, and mounts a defence.

We Brits tried that against the (real) Vikings. It didn’t work.

But if we could have spotted their boats as they cast off – or, even better, seen activity on the quayside that indicated an attack being prepared – we could have taken proactive action against them before they reached Blighty.

This is exactly what Heimdal does. Instead of looking at application code and signatures in files that have already entered the endpoint, to work out if there’s a threat, it looks at the undercurrents in the ‘sea’ of network and internet traffic entering and leaving your customers’ businesses, to detect danger before it surfaces.

Rather cleverly, though, this isn’t just about identifying when users are being taken to places they shouldn’t be sailing towards – e.g. malicious websites – and blocking the connection to them before it’s made (although this is certainly important, as we explore below).

It’s also about using advanced machine-learning, heuristics and network forensics to detect apparently harmless network file ‘plankton’ that is in fact fodder for a coming malware attack.

Traditional security protects an endpoint with a last-ditch defence. Heimdal protects it by turning the entire network into a shield wall.

Which one are you betting your krone on?

Multi Layered Security Graphic
Conventional endpoint security is typically missing the traffic-based anti-malware protection that Heimdal delivers.

“Probably the best malware protection in the world…”

The famous Danish beer ad is tongue in cheek. But there’s a serious point to be made here about the strains of malware that Heimdal can protect against that many other security solutions simply can’t.

Take ransomware, for example. Traditional endpoint security looks for malicious code within files, but a ransomware-triggering hyperlink, or instruction to connect to a website, is neither a file nor, in itself, an inherently malicious piece of code. So, the endpoint security software doesn’t spot it.

But Heimdal is looking at the network, not the endpoint. It detects and blocks the malicious connections (to malvertising, legitimate but compromised web banners, malicious iFrames and redirects, botnets etc.) that signal an intention to activate or propagate attack strains like APTs, ransomware, Trojans, polymorphic malware and others.

In short, Heimdal gets stuck into the melee long before the blunt old endpoint battle-axe can!

Automatic software updates: that’s 85% of web app attacks defeated!

Exploit kits and other threats that exploit programs’ existing security weaknesses are a huge worry for traditional endpoint security vendors, because these weaknesses often exist at a lower level than that at which the security solutions operate.

Consequently, exploits can slip underneath the endpoint radar (the bad guys must feel like they’ve died and gone to Valhalla!)

They’re a huge worry for your customers, too, given that some 85% of web app attacks (like the kind that typically trigger ransomware and steal personal financial data) take hold of endpoints through an existing unpatched security hole of this kind.

But here, Heimdal have put a real edge on their sword. They have coupled their network traffic analysis with an automatic software update tool, to ensure that your customers’ internet-facing and non-internet-facing apps  – from Acrobat to Audacity, Flash to Firefox, Java to Jitsi, and many others besides – are constantly and automatically updated with the latest security fixes and patches, thus denying exploit kits an entry point.

The most security-critical applications are often those that are not concerned with security at all – how’s that for a typically innovative Scandinavian way of looking at a problem?

Why Heimdal
“Proactive” is a word you’ll hear a lot from Heimdal – and the automatic patching capability that embodies it is a good third of the company’s overall value proposition. (Click to enlarge)

Heimdal: the new word in security

Bloodthirsty or not, the Vikings gave their name to some very beneficial concepts. The word ‘law’ comes into English from their language, for example – and from where we’re sitting it looks like they’ve done it again with ‘Heimdal’!

(Loosely translated, we think the name means: “Stop the thing that’s trying to attack the longboat before it reaches the longboat.” Genius.)

Time some of your customers learnt some Danish, perhaps?

Failing to correctly configure your security solutions is one of the biggest risks to you and your customers. Security health checks can prevent it.

So, you’ve got your customers’ security covered from all angles, right?

Layered protection that shares security intelligence across applications. Endpoint security that spots malware traditional anti-virus solutions miss. Machine-learning that gets better and better at understanding threats. Belt and braces.

But then you fail to configure it all correctly and your customers get hit anyway!

Sceptical? Look at Amazon’s AWS solution, which has suffered a number of critical security and other misconfigurations, resulting in compromised user data.

Read Gartner, who say that in 2017 misconfiguration will be the most common source of breaches in mobile applications.

And take heed of the Infosec Institute, who place security misconfiguration right in the middle of the top ten cyber-risks in 2017.

Whichever way you slice it, the evidence shows that even the cleverest solutions can be useless if they’re not set up correctly – but how do you go about making sure the security solutions you deliver don’t fall into this trap?

Health checks: an MOT for your security solutions

The answer isn’t rocket science, but it is common sense.

You get your car checked out regularly to ensure it’s running as it should, and to inform you of any action you need to take to keep it fit for purpose. Essentially, it’s a health check for your motor – and you can do exactly the same for the security solutions and services you deliver.

But the even better news is that the security healthcheck is often far less disruptive and time-consuming than taking your car to the local garage.This is because the health check can often be performed by an engineer remotely, using the same web consoles you use to deliver and manage your security offerings every day.

As the engineer finds configuration faults or errors, they document these in a report that includes recommendations for the actions you need to take to fix them.

Who delivers security health checks, and what do they cover?

Where and how you get your security health checks often depends on the support and services arrangements you have with the vendors of the security solutions you sell – although this is not the only way to access them.

You could, for example, go through a specialist security software distributor who has vendor-accredited technical expertise in-house. This means you get vendor-quality product knowledge but through an organisation that is typically smaller, more agile and delivers a more personal service.

Typically, a product security health check delivered in this way will cover the full spectrum of security configuration points (it could be 60 or more) that can become an issue if not properly attended to, including (amongst others):

  • Unresolved malware
  • Patching and security updates
  • Licence status
  • Choice of deployed modules and scan engines
  • Policy and protection compliance
  • Impending end-of-life, end of support, and other OS-related issues
  • Settings (e.g. threat sensitivity); options enabled and disenabled
  • Identification and authentication

Security health checks; who fixes what’s not working?

If you have technically proficient people in your organisation, they can of course take the recommendations of the health check report and act on them.

But how does it work if you haven’t got the necessary technical resources?

Again, think of your car: you have no hesitation in handing over your keys to a trusted specialist to carry out work you couldn’t. Depending on who you get your security health check services from, the same model is potentially available – hands-on, on-site corrective work, billed according to an agreed estimate of the time it takes to complete the job.

(But no expensive mechanical components to cause the sucking in of air between the teeth, of course!)

Insights: safer than consequences

“Prevention is better than cure”, runs the old adage – but when there’s no cure available, the need for prevention becomes even more urgent.

Sadly, you can’t “cure” breach and theft of your customers’ data, for example – once the data’s been taken, it’s an irreversible action.

And if it occurs because a solution you provide wasn’t set up correctly or hadn’t been kept up to date, the legal, reputational and financial consequences for your organisation – particularly under the imminent GDPR regulations – would be severe.

But regular insight into the status of your security solutions and how they have (or haven’t) been applied can wrongfoot the risk before it trips you up.

A healthier situation all round.

 

 

 

XGen badge (HES) is the latest Trend Micro solution to wear the xGen badge. We take a brief look at the machine learning benefits behind the brand.

For both MSPs and resellers, Trend Micro’s Hosted Email Security (HES) has always been a compelling sell, delivering powerful, serverless email protection for customers with limited IT resources.

But whereas the rest of Trend’s Worry-Free Business Security Services solutions have already been plugged into the Predictive Machine Learning technology that is one of the features of the newly minted xGen brand, HES (perhaps because it’s also available as a standalone solution, outside of Worry-Free) hadn’t been – until now.

Here are some of the benefits that ‘xGenned’ HES now delivers to end-users.

Zero-day and unknown threats detected

With the threat landscape evolving at bewildering speed, checking chunks of code against databases of the known ‘usual suspects’ is only fractionally effective.

Instead, security solutions now need to detect hitherto unknown and unidentified threats, too, as we described in a previous post recently - and this is exactly what the Predictive Machine Learning in HES now enables it to do.

Predictive Machine Learning uses advanced file feature analysis to ascertain both the probability that a threat exists in a file, and the probable file type – and, of course, because it is learning from each example, it gets better as it goes.

Dangerous files and processes neutralised

Once the machine learning process has identified an unknown or zero-day threat, it can then take action to keep end-users protected.

If the threat is file-based, for example, the solution will quarantine the files in question, to stop the threat from spreading across users’ networks.

HES shares its newfound machine learning capabilities not only with Trend’s Worry-Free Business Security Services solutions but also with OfficeScan, so this more detailed explanation of the latter’s Predictive Machine Learning features, and how they work, is worth a read.

No more multiple login hell

Bringing HES into the xGen fold appears to have prompted some other helpful alignments with existing Trend solutions, too (although, in truth, these don’t have much to do with machine learning!)

There’s a lot less cumbersome clickery involved, for a start. For example, you can now jump directly from HES into the management console of the Cloud App Security solution, whereas before you’d have had to go from the Customer Licensing Portal (CLP) to HES, then back to CLP in order to reach Cloud App Security.

This is important for two reasons: firstly, to stop you losing the will to live. And secondly, because it’s a significant improvement to the overall email security workflow (Cloud App Security is needed to provide Exchange Online mail store scans as well as inspection of internal email traffic - so an easy hook-up to it is a must).

In short, HES is going through the same operator-friendly evolution as many other Trend solutions - getting rid of fiddly separate passwords for each service.

Ultimately, this helps partners work more efficiently and thus cut down on admin overheads, but also it makes for smoother service delivery.

HES: an xGen latecomer poised to deliver

It’s worth noting that HES has also recently benefited from an overhauled interface, improved data insights, enhanced Time-of-Click web protection, and other additional refinements, as explored in this post - so it certainly hasn’t been standing still.

But it has moved at a different speed to the rest of the xGen stable, and it’s good news for security resellers and MSPs alike that they can now tell their customers the gap is being closed!

Phishing:Despite being one of the oldest internet scams, phishing continues to unleash mayhem in businesses. How can security partners protect customers against it?

The oldest scam on the internet – phishing – is going from strength to strength.

Indeed, the Anti-Phishing Working Group report published in February 2017 tells us that the number of unique phishing sites detected in the second quarter of last year was at an all-time high.

The dreaded bogus links in incoming emails can trigger everything from banking fraud, to ransomware (the Locky attack was set off this way), to theft of Office 365 logins, as this phishing video shows.

So what advice should security partners be offering to their end-users to help them mount an effective defence against this menace?

1. No more phish and spam sandwiches

Poor spam management is a recipe for heightened exposure to phishing risk, since spam email is often the ‘bread’ around the phishy ‘filling’.

It sounds disgusting – but end-users are still swallowing it. In 2016, for example, 71% of ransomware was delivered via spam, making spam the most common attack vector. In fact, it’s even spawned a new term – malspam!

Strong anti-spam detection is therefore a critical ingredient in stopping phishing attacks before they reach the user, and for this a number of critical features are necessary in the security solutions end-users choose, including:

  • Antispam filters, so that detection thresholds can be adjusted in response to users’ experience of how effectively spam is being caught.
  • Connection to a global email and web reputation database, so that domains and identities associated with known malicious servers can be identified, and their IP addresses blocked.
  • IP address behaviour analysis, so that potentially suspicious behaviours like dynamic or masked IP addresses can be detected.
  • Document exploit detection to look beyond the email and into the attached files that malspam often makes use of to trigger an exploit.

At its least harmful, spam is a distraction that leaves a bad taste in the business’s mouth. At worst, it carries a truly toxic payload.

2. Beware the newly-borns…

But at the risk of sounding like King Herod, one of the biggest threats in the phishing sphere comes from ‘newly-borns’ – malicious servers that simply haven’t been around long enough to make it onto any web or email reputation database, and so might not be detected.

So it’s critical that businesses’ anti-phishing security goes beyond this, and attempts to analyse the characteristics of the phishing email itself, such as:

  • Who sent it
  • Where it’s gone to
  • What it contains
  • When it was sent
  • How it reached a user’s inbox

As this excellent summary explains, by mapping these factors automatically to known social engineering scenarios (i.e. the many ways in which users can be tricked into doing something they shouldn’t!) tell-tale signs of phishing intent can be detected, and the relevant IP addresses blocked.

Needless to say, this process involves some pretty hefty probability calculations, and social engineering scenarios are changing all the time, so the system needs to be able to constantly learn from what it absorbs and update its assessments accordingly.

Machine-learning is the key here, and if implemented effectively it can ensure that businesses’ anti-phishing protection doesn’t behave as if it were born yesterday!

3. Educate, educate, educate!

Security vendors are in this business to make money by selling software – but even they have been vocal about the need for businesses to educate their workforce to spot the signs of phishing, and take evasive action.

Content like these Tips for mitigating phishing attacks, for example, is certainly helpful - but there is a realisation that hints, tips and instructions alone won’t change security culture within organisations.

Instead, businesses must fuel constant internal security conversations using simple, accessible content, and they are looking to resellers and MSPs to deliver this to them, working through cyber-security awareness content partners.

Phishing protection will never be 100% effective. But shouldn’t every business be wishing that whatever slips through the net (or should that be Net?) could be stopped by the ‘human firewall’?

Read the latest helpful updates on ransomware and cloud security from our industry partners and contacts.

We like to put our partner and media contacts to good use in helping you and your customers to understand the security landscape.

This month, we bring you three helpful new updates – two guides to ransomware (and how to defeat it) and the other an interesting short article from Cloudworks on the benefits of cloud security for small and medium businesses.

Business guide to ransomware

New from AppRiver, this guide is subtitled ‘Understand, Analyze and Protect’, and is a very readable resource covering what ransomware is, how it works, how it spreads, and the best practices and employee training that can help defend against it.

Ransomware: Malwarebytes bytes back!

Another take on ransomware and how to combat it comes from security experts Malwarebytes, who major on the importance of endpoint security (keeping PCs and devices protected) in this informative and short PDF.

Five reasons why cloud security is important for SMEs

Big servers, large infrastructure, lots of IT staff – these are all security components that SMEs just can’t afford! This is why they must look cloudward – and this article from Cloudworks describes the benefits of cloud security neatly.

We’ll be back with more helpful advice soon!

Web SecurityWeb attacks will continue to increase in 2016, experts tell us. But web security is getting cleverer - and here’s what you need to know about it.

The European Union’s latest ENISA Threat Landscape report tells us that web attacks will continue to increase in the future. So, no surprises there, then!

But web security hasn’t stood still. In fact, there are many web security features now available that give security partners and their customers much deeper insight into web threats, as well as more effective tools to combat and manage them.

Here are just a few web security developments you might want to look out for in 2017.

URL analysis to beat zero-day threats

The backbone of web security has often typically relied on comparing a URL to a database of known malicious URLs, and blocking access if a match is found.

Clearly, there are severe limitations to this approach. Zero-day threats, for instance, won’t be on any URL blacklist, because they are simply too new, as we’ve explored in a previous post.

But web security solutions can now ‘sandbox’ a URL (quarantine it so that interactions with it cannot pass threats onto the network) and automatically analyse the behaviours of the destination site.

This way, even zero-day and unknown threats can be spotted and blocked, before they can cause any damage.

Centrally managed content filtering and reporting

Web content filtering is also a critical security requirement for most organisations, to ensure that employees don’t access inappropriate or reputationally risky material.

Historically, however, it’s been easier said than done. Endpoint security solutions have rarely proven themselves up to the task; they typically cannot monitor or report on web access unless there is a policy in place on that endpoint for that specific website. (Hardly an all-encompassing strategy, eh?)

Web security solutions can totally transform this situation, because security policies and their actions can be applied from a central dashboard to users and roles, independently of the endpoints they’re working from.

A senior manager who has good cause to investigate questionable content on a website, for example, might simply be monitored; a more junior user attempting the same thing might have access to that website blocked.

Decoupling web filtering from endpoints also means that reports can be created and run in real-time, simply by clicking on widgets in the centralised dashboard - and these cover all web use, not just pre-selected sites.

Web application control: the new ‘must have’

As we touched on in a previous post, it is now possible for web security solutions to control access not only to cloud applications like, for example, Facebook, but to specific features within them – by individual, role, device and location.

These can include, for example, functions that enable users to upload or delete profile images, remove a public link, permanently delete files from a recycle bin, disable a security group, and many other types of actions that can be high-risk in certain contexts, both with and without malicious intent.

As businesses rely more and more on cloud and social applications to carry out everyday processes, this kind of web security is set to become mission-critical.

Gains in performance, deployability, and more

But it’s not just the security features themselves that are worthy of note.

A host of innovations around performance, deployment, usability and productivity mean that web security solutions are now a more attractive proposition from the point of view of end-users (who are looking for service excellence) as well as security partners (who are looking for differentiators and ease of management) than ever before.

From the performance point of view, the latency (lag) often associated with cloud-delivered solutions, for example, is a thing of the past, thanks to locally stored caches that wake up instantly.

From the deployment point of view, flexibility is high on the agenda, with agentless options, and multiple authentication methods, including SAML, direct, and agent-based – pretty much whatever the end-user prefers, in fact.

And when it comes to usability, guest users on VLAN and mobile workers are protected without the additional complication of connecting to a VPN (or the danger of failing to do so), supporting risk-aware productivity.

Something tells me threat actors, users and security partners alike will be watching web security very carefully in 2017.

Email SecuritySpam, phishing, malware – these are just some of the hazards email can carry. We’ll see more of them in 2017, so what kind of security solutions can counter them?

Following on from our recent post about business continuity solutions, another topic worth following in 2017 is email security.

So just how important is it?

Well, according to email research from the Radicati Group, the number of business emails sent and received per day in 2017 will number 120.4 billion. By 2019, it will be nearer 129 billion.

And this unrelenting growth is one of the factors driving a huge increase in email-borne cyber-threats. In fact, in the first quarter of 2016 alone, according to this piece in Infosecurity Magazine, there was an 800% increase in email-borne threats over the previous year!

What, then, should you be looking out for to protect your business (or your customers’ businesses, if you’re a security reseller or service provider) against this onslaught?

Choosing email security

We’ve identified some specific features that we believe are critical to effective email security in 2017’s threat-laden world.

1. Ease of use for SMEs

The latest Government Security Breaches Survey found that SMEs are now being pinpointed by digital attackers, according to this piece in The Guardian.

But SMEs also include many businesses that have little or no in-house IT or security expertise  - so complex on-premise email security just won’t work for them.

Instead, look out for cloud-delivered, as-a-service solutions that major on ease of use (that means, amongst other things, no-maintenance deployment, with 24 x 7 updates, patches and hot-fixes delivered automatically by the vendor).

This kind of solution has the added benefit that it can filter email inline and scan it prior to it reaching the recipient, so threats are intercepted before they touch the business’s network.

Nothing to remediate, no spam to archive, nothing to clean up – good news for resource-starved small businesses.

2. Email clients – cloud’s a must!

Smaller businesses in particular are also turning to hosted email clients like Office 365 and Google Apps, with research showing that nearly two-thirds of small business owners already have an average of three cloud solutions in place.

Combine this with the knowledge that Office 365 has known issues with its ability to detect insecure document content, though, and it’s not enough to just go with a cloud-based email security solution. You also need to choose one that is good at dealing with cloud-based email client vulnerabilities.

Get the last bit wrong and you’re still behind the SME security curve.

3. Threat coverage and awareness

Spam, malware, spyware, phishing and inappropriate content are all known risks that must of course be protected against.

But the underlying question is how the solution’s knowledge of the threat landscape evolves, since it is this process that ultimately protects users against emerging threats like zero-day exploits.

Big data and machine learning algorithms are the key features to look for in this respect, but many vendors are now jumping on this bandwagon, so look at the hard numbers to sort the aspirational from the credible.

Take Trend Micro’s Hosted Email Security (HES) as just one example: over 50 billion website URLs, email sources, and files scanned, correlated, and filtered, with over 7 terabytes of new threat data processed - daily.

That leaves little doubt (and the latest features in Trend Micro HES make convincing reading, too).

4. GDPR compliance

GDPR is never far away from our discussions thesedays, and any cloud-delivered service is now under the microscope with regard to how it protects the privacy of the data that it holds.

Look for a solution backed by data centres that have reached the most stringent privacy certifications - in Europe, these are generally considered to be ISO 9001, ISO 27001, OHSAS18001 (LHR1) and SAS 70 Type II.

5. Ease of partner management

For security partners, there is an added dimension to a choice of security solution: the ease with which they can manage it!

Solutions that are difficult to provision and manage burn through administration resource and gnaw at margins – making them potentially unprofitable.

Look instead for a single security dashboard across all customers, that also works with industry-standard platforms like Autotask, ConnectWise and Kaseya.

This will enable you, for example, to automate monthly usage and reporting management, proactively analyse emerging security threats, and provision new solutions and services more rapidly – without signing into and logging out of multiple systems and tools.

Email security in 2017 – as-a-service solutions to a growing challenge

As long as businesses keep sending and receiving emails, the bad guys will keep using them to try and attack the soft underbelly of businesses.

But to do that, the emails have to get there in the first place – and if they’re getting caught by security in the cloud first, they won’t.

Definitely one to watch for 2017.

Upgrade Trend Micro Worry-FreeIf you don’t manage your Trend Micro Worry-Free Business Security upgrades properly, your customers could be at risk from ransomware! We explain what to do.

If you sell Trend Micro’s Worry-Free Business Security Standard or Advanced editions, you’ll know that both come with a convenient management console that enables you to easily watch over and control the security services you deliver.

But if you don’t act on the information and alerts you receive, and keep your solution up to date, it could mean that your end-user customers are at greater risk from threats like ransomware!

There are just three things you need to do to keep your customers protected:

1. Upgrade manually after renewals

Renewals of Trend Micro’s Worry-Free for Business Standard or Advanced editions do not automatically upgrade to the latest version, so you need to manually manage this process yourself.

Happily, it’s an easy thing to do. There’s a link to Trend Micro’s Download Center at the top of every console homepage. Click to upgrade your renewed Worry-Free Business Security edition to the latest version (see images below).

Alternatively, you can go to the Help tab, click on Support, and then click on the Download Center icon at the bottom of the page (see image below).

No uninstall or reinstall is required, the upgrade will automatically be picked up from the server by all the connected security agents, and your customers will stay protected.

What’s not to like?

Worry-Free Console
(Click to enlarge)

Worry-Free Console
(Click to enlarge)

Worry-Free Console
Upgrading Worry-Free Business Security after renewal is easy! (Click to enlarge)

2. Get notified by RSS as well

If you’re not on v.7 or upwards, you won’t get console notifications, so you need another way of receiving them.

And even if you are on v.7 or upwards, there’s certainly no harm in having a backup notification channel to be doubly sure the message hits home.

This is why the Download Center website supports RSS. You can set up upgrade notifications and reminders from that site straight into your RSS feed (see image below), and then go into the console to act on them.

Trend Micro software download RSS Feed
You can subscribe to the Download Center website’s RSS feeds to get upgrade and service pack notifications – whether the notification feature is also available in your version of the console or not. (Click to enlarge)

3. Act on those notifications!

As we’ve shown above, the console – even in pre-v.7 guise - contains the necessary links for you to download upgrades or service packs, and you can also find these links in the Download Center, whose icon is at the bottom of the console page (see image above).

So it’s a cinch to stay ahead of the game – but you do have to make sure you download the upgrades and packs promptly from the links.

That way, your customers will continue to be fully protected.

Keep Worry-Free worry-free!

Pay heed to your console, reminders and notifications and your Worry-Free Business Security solutions will totally live up to their name (more so, in fact, if you upgrade to the cloud-based Services edition that significantly simplifies life for both you and your end-users!)

But miss an upgrade or a service pack, and fast-moving, destructive threats like ransomware are, in all probability, already one step ahead of you and your customers alike.

And that will prove very worrisome indeed.