During recent chats I've had with vendors in the security space, the common thread has been the continuing impact of Web 2.0 technologies — instant messaging, social networking, YouTube, etc. — on the always-evolving world of network security. And, if you look over WatchGuard Technologies' Top 10 security threats to SMB networks, you'll find malicious HTML email sitting pretty in the number two spot. WatchGuard warns: "No longer are attackers sending emails with malicious attachments. Today, the threat is hidden in HTML email messages that include links to malicious, booby-trapped sites. A wrong click can easily lead to a 'drive-by' download."
So, it doesn't surprise me that security companies are doing what it takes to bolster email security offerings. In McAfee's case, it invested about $465 million in Secure Computing, which specializes in protecting Web and email assets. Symantec forked over even more cash — $695 million — for messaging security services firm MessageLabs, which offers 'in the cloud' security services for email, Web and instant messaging. When I chatted with MX Logic executives about their software as a service (SaaS) solution to email security and archiving, we discussed how the company achieved 45% growth last year, and why it expects that trend to continue. The answer is fairly simple: More and more companies are realizing that email security is a key element of network protection and that 'in the cloud' (Internet based) security offerings can also resolve storage issues tied to email archiving and disaster recovery.
All of this means that VARs must continue to address the issue of Web 2.0 security with their clients, especially SMBs that tend to believe they don't have anything a cyber criminal might want. That misconception was highlighted in the WatchGuard release surrounding its Top 10 list. "Security threats to SMBs are just as real as they are to enterprise organizations," says Eric Aarrestad, VP of marketing at WatchGuard. "The tragedy is that many SMBs are simply unaware of the unified threat management [UTM] appliances that can combat these threats." That is where you come in. Talk to your clients, show them the statistics about cybercrime in the SMB space, and then discuss how you can protect their networks from the continual evolution of threats, in particular, those that slip in through unguarded routes such as email, instant messaging, and websites.December 2008