As more and more applications become web enabled, securing the flow of enterprise information over the web has gained critical mass. According to reports, applications such as IM, P2P, are also major sources of malicious code distribution. While larger enterprises can afford efficient security measures, SMBs barely have the resources to manage their infrastructure.

Surendra Singh, head - South East Asia and India, Websense elaborates on the security issues that plague the SMB segment.

Could you discuss some of the challenges that SMBs face with regards to security?

The genesis of the problem of security in the SMB segment is that they don’t have trained personnel to manage their IT infrastructure. The security threats scenario is changing very rapidly and needs a proactive approach of preventing attacks from these threats. SMBs traditionally secure their network using reactive techniques by countering attacks after they have been deployed using patches. This lag in fighting attacks makes many organisations vulnerable to new and more sophisticated security threats.

Do you believe that current anti-virus and firewall systems have given organisations, especially smaller ones a false sense of security?

Looking at the new trends in security, more and more attacks are launched through IMs, P2P file sharing applications and via websites. Anti-virus software are equipped to fight primarily against e-mail borne viruses and hence give a false sense of security to the SMBs as today’s threats are not only very sophisticated but also use multiple channels like P2P, IM and web. The SMB segment should be made aware about these advanced threats, otherwise they will easily fall prey to new kinds of attacks.

What according to you is lacking in these conventional AV and firewalls?

Each virus has thousands of variants and each variant is potentially harmful for an organisation which relies only on Anti-virus software until the software has a patch for that variant. It is practically impossible to prevent a virus attack from the day it is detected till the day the anti-virus companies provide a patch for it. Since a majority of SMBs rely on anti-virus software for their security, they are not secured from zero-day attacks.

With the advent of Web2.0, what are some of the threats emerging in the security landscape?

We have noticed many attacks being launched through the social networking sites. These sites have a very large set of users contributing from various parts of the world. The attackers who pose as innocent users on these websites upload malicious content which lures other users to download malicious codes and viruses. Very large files including music, video and pictures can be uploaded here and most of the websites do not have the required infrastructure to scan the uploaded content. Hence threats can arise from the websites supporting active content. These websites include blogs and social networking sites.

Could you brief us on Websense Express?

The product is based on the Threatseeker technology and it is our first SMB focused product. Websense has partnered with 50 channel partners for what it calls Level 1 support and two value added distributors for Level 2 support. We also provide additional technical assistance to our customers through telephone and e-mail.