JRB - Fotolia
This year has seen an unprecedented rise in cyber attacks, with the most recent infecting more than a thousand restaurants in US food chain Wendy’s with malware that leaked customers’ payment card data.
According to a survey commissioned by the Department for Business, Innovation and Skills, nearly three-quarters of UK small businesses that responded reported a data breach. A breach typically costs a company between £75,000 and £300,000 in business disruption, lost sales, recovery of assets, fines and compensation.
An intrusion prevention system, or IPS for short, should be the cornerstone of any company’s security structure, providing an additional layer of protection against malicious software. IPS is something of a misnomer, as IPS doesn’t block intruders, but snooping software that tries to leak valuable data from a network.
Given the ever evolving threats to network security, an IPS package needs to be carefully managed by a security administrator with a specialist skill set in order to remain effective. This costs time and money on top of the initial investment and subscription fees for the IPS, but without it the IPS is in danger of becoming redundant, blocking legitimate traffic or allowing malicious content through.
Read more about SME security
- The UK government has announced initiatives to boost SME cyber security, promote the cyber security profession and support cyber security innovation projects.
- Small and medium-sized enterprises (SMEs) typically face the same threats as bigger organisations, but lack the same level of expertise and other security resources.
- The London Digital Security Centre has been set up by the Mayor’s Office for Policing and Crime as part of the mayor’s business crime strategy.
A prospective company can expect to pay around £600 for an IPS package. A Cisco router with a managed Fortinet firewall, along with a subsequent monthly fee of £450 for 36 months, would work out at £5,400 a year.
Although such IPS packages can provide reliable protection and risk reduction, many small businesses are unable to afford the time or capital to invest in one. Hackers are well aware of this and seek to exploit this vulnerability by targeting small companies, as they are an easier target than larger companies that have been able to invest in network security.
Idappcom’s managed service
Security software development company Idappcom has recently unveiled a managed intrusion prevention service, which is essentially IPS as a small-scale service rather than a more conventional in-house operation.
Scheduled for launch in August 2016, the Idappcom service offers protection in three areas:
- Exploits: it protects unpatched vulnerabilities in hardware, applications and operating systems.
- Phishing: it detects connections to those servers known to have a bad reputation, blocking the transmission of any malicious code.
- Malware: it detects and blocks malware from email attachments and web links.
Rather than small companies managing their own IPS and employing a security administrator, Idappcom manages its customers’ protection systems.
There are three levels of service:
- Business intrusion protection systems (Bipsy) – enterprise-level protection for companies with no more than 20 users.
- Global intrusion protection systems (Gipsy) – for business travellers and regular commuters.
- Home intrusion protection systems (Hipsy) – for people who work from home.
Idappcom’s managed intrusion protection service acts as a buffer between a client’s devices and the internet. Rather than having to be updated manually, clients’ systems are automatically updated with the latest rules list.
These updates are delivered every two hours or whenever the device is first switched on. “It is only a few hundred megabytes and all compressed,” says Idappcom’s chief security officer Simon Wesseldine.
“Even if you have a software update and a rule update, it will only take 10 seconds and that is not fully utilising the bandwidth.” Only once the device has had the latest updates installed, will the device permit access to the internet.
Idappcom’s connections with devices, such as for distributing updates through the cloud or managing its clients’ devices, are conducted through a security operations centre (SOC). “We take every step we think is possible to lock down the box,” says Wesseldine. “Any communication we do, such as the updates, is via our secure VPN.”
Much of the system is managed by automated processes, allowing Idappcom to keep costs down. This includes the automated updates, as well as reports of any traffic being dropped.
A help desk is available to assist users during setup, or if their system is dropping legitimate traffic, so the device can be configured to meet the client’s demands more accurately.
The various subscriptions offered by Idappcom include:
- Exploit intrusion protection service: covers over 12,000 real-world exploit traffic files from Idappcom, as well as associated Snort rules, updated with 200 new policies every month.
- Emerging threats: covers malware signatures provided by Proofpoint’s ET Pro, including denial of service, botnets and backdoor attacks, and lists 15,000 malware signatures.
- Phishing black list: covers millions of suspected sources of phishing and drive-by attacks.
Hipsy is designed for home users, including people who work from home, acting as a buffer between the network router and the connected devices. Although the level of protection is not as robust as the enterprise-level Bipsy, the capacity and cost would be suitable for those working from home who do not have stringent security requirements.
With 8GB of RAM, a quad-core processor and a 1Gbit LAN, Bipsy is Idappcom’s enterprise-level opex-based IPS device. It is aimed at small companies with up to 20 medium-level (email and internet) users. “We say a small business of 10 to 20 users using it at once will max out, but it depends on what they are doing,” says Wesseldine. “If they are just using emails and internet access, then you might take over 20.”
Naturally, the heavier the internet use, the fewer the number of users who will be able to connect, as connection degradation will begin to occur.
Based on the Raspberry Pi 3, the compact Gipsy comes with 1GB of RAM, a quad-core processor and 802.11n wireless LAN, providing intrusion protection for business travellers. Wirelessly connecting to the laptop, Gipsy acts as a buffer between the laptop and any Wi-Fi points. Although powered by the laptop through a USB lead, the battery degradation caused by Gipsy is negligible.
Idappcom’s managed intrusion protection service is aimed at companies that have a network, but do not have the necessary skill set or capital to manage an IPS solution. Idappcom’s devices have been made simple to use, with plug-and-play functionality.
Former TrustMarque solutions manager (information security) Mark Shepherdson has been using Gipsy as a beta customer for several months. “I have used it on quite a few public Wi-Fi points and it is surprising what would normally get through. I have not found anyone trying to hack into my device specifically, but there is an awful lot of chatter coming in from access to the internet,” he says. “I also used it on the train and did not find any particular battery degradation with my laptop.”
The cost of Idappcom’s service is broken down into three categories, depending on the device being used. The price for the exploit protection service is different for each level, reflecting the types and number of policies that need to be applied in each case.
The basic device costs £278.76 for the Bipsy service level, £107.40 for Gipsy and £94.53 for Hipsy. Exploit protection costs £240 for Bipsy, £180 for Gipsy and £120 for Hipsy. Emerging threats costs £390 for all three levels, phishing black list costs £60 for all three levels. Those prices do not include postage and packing or taxes for destination countries.
For an office of up to 20 medium-level users, the complete package of services would cost just under £1,000 for the first year’s protection, and just under £700 a year to be renewed.
In instances where companies require multiple IPS devices – if, for example, they have separate networks for staff and visitors – clients will be able to buy multiple devices of various types, each of which can be managed through the online user portal of the Idappcom website.
In the future Idappcom will be looking to create more powerful IPS devices that can handle a greater numbers of users, as well as offering different and more personalised subscription services for companies seeking more diverse and controlled protection.
With the number of cyber attack vectors increasing every day, small businesses can no longer take the risk of hoping they will be missed. All businesses need to ensure they are sufficiently protected against the latest threats in the wild.
While Idappcom’s service may not protect as many users as a conventional IPS or offer as wide a protection as others, it does offer is a cost-effective alternative for companies otherwise unable to afford such protection for their network.