Then it suddenly hits you that the update process may not be working and sure enough, when you check the application log, a firewall blocked the download of an exe file – which is what we want our firewall to do. At this point, most users will either allow the download of the executable file, or those who have some form of central management will change their security policy to allow .exe files so they can update all computers at home or at work. The problem is that many do not remember to turn the policies back on or re-apply the block policy at the desktop level. What follows is a free-for-all for drive-by downloads.

I just spent the past week cleaning up computers that were infested with all kind of viruses and rootkits. Investigation revealed that security policies were relaxed so the client could “get rid of the damn popups”. There has to be a better way of pushing out updates than through exe files – and it is not enough for vendors to force “download managers” on users either because a centrally managed security policy will still block the executable file. It used to be safe to add vendor sites to safe lists, but with web address spoofing and hijacking getting more sophisticated, that is not as clear-cut as it once was.

Remember, we are talking about small business environments here. The big corporations have dedicated support staff that will take the update process through its paces and test to make sure they are safe before deploying to users. Small businesses do not have that luxury. Many are self-managed environments and most do not have the patience to vet every software that prompts for an update. Worse still, if the vendor is a “known” name like Microsoft and Adobe, they are trusted.

Granted this was a very small office, but there is no doubt that the incident had an impact on company productivity, not to talk of the negative impression it had on customers and potential customers because their requests could not be processed since the main database was on the infected computer.

This is no longer a debate about which Operating System – Linux or PC or Mac etc. is safer. The point is, how protected are the endpoints in your business environment. If you do have some level of protection, how are they managed? Do you use understaffed and overworked teams to “sneakernet” updates and patches to individual workstations and servers – a costly exercise? If you answered yes, it is time you considered centralized management. According to a survey conducted recently by Symantec which compiled data from 1,425 respondents worldwide, SMBs are facing a “security gap” because they often lack basic security measures — 59 percent of respondents admitted that they did not have endpoint protection, 47 percent lacked desktop backup recovery and 42 percent were not running an anti-spam solution. In addition, more than a third of Small and Medium Businesses (SMBs), defined as having 10 to 500 employees, lack server backup recovery (38 percent) and anti-virus protection (33 percent). This situation caused McAfee to argue that “Small and medium sized businesses (SMBs) have developed a false sense of their own security and remain naïve about impending threats”.

According to the McAfee report, nearly a third of the companies surveyed had been attacked four or more times in the past three years. A quarter of those attacks took the affected company more than a week to recover. Some 52 percent said that their company was too small to be noticed by criminals, and 46 percent did not believe that their company could make a cybercriminal money. In addition, the study found that 43 percent run with the default settings on all IT equipment, ignoring customization for security. Darrell Rodenbaugh, senior vice president of the mid-market segment at McAfee put it this way: “For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation,”

Centralized management means just that. Everything is managed from one location. You or an “administrator” can manage network and security policies from one console and be able to deliver updates to all workstations and servers. It also means you can configure or reconfigure your endpoints to allow or deny software installations, file downloads, and security levels to prevent “drive-by” downloads that may result in the download of viruses. A centralized endpoint security solution can protect against internal and external threats since many of them combine enterprise-class packet-filtering firewall with an advanced host intrusion prevention system. Some even have built-in virus, spyware, malware, adware, rootkit and trojan detection engines that can block those programs before they have the chance to install. A few very sophisticated ones like the Comodo Endpoint Security Manager have the ability to control program execution paths and can deny CPU time to detected malware applications.

Centralized management of endpoints increases productivity and ultimately. business profitability. By replacing manual processes with automation, employees are freed up to focus on taking care of customers.