Story image

Free enterprise security: Bargain or false economy?

13 May 2015

A senior e-threat analyst is cautioning enterprises to think twice before entrusting their networks – and company IP – to free enterprise security offerings.

Bogdan Botezatu, Bitdefender senior e-threat analyst, says while running any security solution is better than operating without one, free or freemium solutions may be a false economy, with hidden costs, and may leave businesses open to threats and under the false belief they are secure.

“Enterprises are now facing corporate espionage, government-grade malware, hactivist manifestations and opportunity attacks with an impressive toolset of technologies,” he says.

“Building commercial-grade malware has become a matter of simply buying an idiot-proof malware generating toolkit.

“The problem is free software gives the decision maker a sense of security that the product cannot honour.”

He says polymorphism, paired with zero-day exploit packs, are a ‘ruthless’ combination – and an increasing trend.

“Just as the user loads a web page, they both allow potential hackers to deliver a payload that has never been seen before by any antivirus company.

“Exploit packs can plant this payload with minimum user interaction, ie, loading a web page.

“The antivirus should be able to not only identify the browser exploitation itself, but also accurately block and report the new payload.”

Botezatu says it goes without saying that enterprises are much more vulnerable to software attacks and therefore basic protection ‘is never suffice’.

“Free security solutions are great for IT departments when testing products from security vendors, but they’re not the same as a paid security solution,” he adds.

“Premium features are available in suites, which build extra value on the anit-malware technology by integrating firewall, anti-spam, anti-phishing and tune-up modules.

“Many companies have taken the approach of giving away basic protection for free and monetising the premium features.”

And before you ask, no, Bitdefender doesn’t offer free enterprise security solutions.

Botezatu says most free or freemium security solutions don’t provide layered technologies for anti-malware detection, which may make networks more vulnerable to attacks.

Comprehensive centralised management for endpoints may also be missing, meaning companies that expect to save money by choosing a free security solution, may in fact find their IT and management-related expenses exceed the savings.

“Post-deployment support might become another issue as free products usually come without dedicated support,” Botezatu says.

“Support packages can be purchased separately, generating hidden costs that should be taken into account prior to deployment.”

He says free solutions may be missing some essential defence technology, such as behavioural-based analysis.

“Partial detection of threats would expose the company to brand new malware or advanced persistent threats,” Botezatu says.

He says companies also need to consider future-proofing.

“Ask yourself if the solution is able to deal with technologies or policies that will become part of your network in the foreseeable future, such as mobility or BYOD.

“Does it allow you to manage mobile devices, servers, virtualised appliances and endpoints altogether? If not it will have to be replaced at some point with a premium one, so rather than saving money, the company ends up paying for a security product, temporarily loses operational continuity and overloads the IT department in the process.”

Security shouldn’t be a reactive decision, Botezatu says, but rather a proactive one.

“Any security decision you make should take the future development of the company into account.

“Always go for a product that provides the best security your money can buy and take into account how well this solution would scale to the needs of your organisation in a short to medium timeframe.”

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.