What Security Solutions Do I Actually Need for My SMB? Part 2

In this part of our three-part series “What Security Solutions Do I Actually Need for my SMB”, we are going to explore the Better option of solutions. The Better option includes the baseline items in the Short list, plus a few additional solutions.

In part 1 of this series, we reviewed our baseline Short list of solutions. We would highly recommend reading part 1 first.

The solutions that make the Better List: 

• Antivirus – especially a next-generation Antivirus product
• Endpoint Detection and Response
• Hardware Unified Threat Management Firewall
• Air-gapped backup
• An Email filtering solution
• Cloud-server backup (such as backup for Microsoft 365)
• Secure Access Service Edge (SASE)

The Better list includes an email filtering solution, a cloud server backup solution, and a Secure Access Service Edge (SASE) solution. One could argue that an email security solution should have been on the baseline list, as email is one of the largest attack surfaces that an organization has. We left it off of the shortlist as most modern email providers, such as Microsoft 365 and Google Workspace include a base-level email security solution in any package that includes email hosting. If your organization uses Microsoft 365, as you increase your license level, the email filtering and security solutions provided increase as well.

A third-party email security solution is important due to what we stated already – email is one of the largest attack surfaces that an organization has. Email is pervasive, nearly any office worker at an organization has an email address, and they most likely receive hundreds of emails a day. Each one of these emails is believed to be from the sender that the email client shows – but what happens when it is not? Email security solutions not only block blatant SPAM, but they help reduce the amount of CEO scam emails, gift-card scam emails, bogus invoices, attachments that contain viruses, and emails that fail more advanced email security checks, such as DKIM, SPF, and DMARC. The more emails that are blocked from the end-user, the less likely they are to click and inadvertently open a malicious attachment, reply back to a bad actor, or transfer money to an unknown entity.

The next solution that we added to the Better list is Cloud-server backup. A cloud server backup is a server-to-server backup solution that backs up popular email services like Microsoft 365 and Google Workspace. It is common for organizations to utilize these services for more than just email. In Microsoft 365, users can have data in OneDrive and SharePoint Online. In Google, users can have data in their Drive and Team Drives. Just like a physical server is backed up, cloud data should be backed up to be able to restore or recover from data loss or corruption. Yes – both Microsoft and Google offer the ability to recover data, but it is not a true backup. Each service has relatively short limits on how long the data is retained, and both Google and Microsoft make no claims of data availability, only service availability.

Lastly, we recommend implementing a Secure Access Service Edge (SASE) solution. SASE, in short, extends the capabilities of the corporate Firewall to remote endpoints. Any device, no matter its location, has the same protections as if it was in the office. Most SASE solutions offer Secure DNS, Web Content Filtering, Antivirus scanning, Firewall rules, and Traffic Analysis. The way SASE solutions work is by utilizing an always-on VPN connection that connects your computer to a Point-of-Presence (POP) at various data centers throughout the world. Since the connection is through a VPN, any internet traffic transmitted between your system and the POP is encrypted, making it impossible for an attacker to eavesdrop, or perform a man-in-the-middle attack. Once your traffic reaches the POP, it is analyzed and sent to its final destination assuming it does not fail any of the security checks.

I acknowledge that this suggestion may generate debate, as a SASE solution is usually regarded as a more advanced security option. We have included it in our Better list and not the Best list because of prevailing work-from-home and hybrid work setups. Safeguarding corporate systems and data becomes challenging when employees operate from various locations or use non-corporate devices with uncertain security measures, if any. By adopting SASE, the organization guarantees the presence of essential security measures to safeguard its data against cyber threats.

That wraps up part 2 of our series on what security solutions do you actually need for your SMB. In this section, we covered more advanced cybersecurity solutions that your SMB can deploy to increase your overall cybersecurity posture. In part 3 of this series, we will review additional cybersecurity solutions that we can deployed to reach cybersecurity maturity.