OVERVIEW

The Virginia Peninsula Association of Realtors® (VPAR) is the region's advocacy group for real estate professionals. It also provides a central source of information for those wishing to enter the profession and for consumers looking for agents in good standing. The organization's objectives are to maintain high standards of ethical conduct, provide professional development programs, and be an information resource for all aspects of homeownership.

VPAR has 1,600 members including Realtors and affiliates like mortgage and financial services companies, home inspectors and pest control companies. The association maintains a member database that "contains a tremendous amount of information on our members," says VPAR Technology Director Rich Benet. Members log onto the VPAR web site to access the database where they can manage their profiles, research complementary services, and register for courses, meetings and events.

VPAR has seven employees who use a local area network with multiple servers that forms the infrastructure behind the web site. All servers are regularly backed up onto external hard drives, and the LAN is protected by a router and firewall.

CHALLENGE

Benet feels confident that adequate protection and disaster recovery policies are in place for the IT infrastructure itself, but protecting the network from what employees might inadvertently pick up while they're working online is another story. If a VPAR staffer were to accidentally click on a link in an e-mail that led to an infected web site, for example, the result could be a virus infection that brings the association's entire web site to a standstill. Another click could open the network to a "botnet" that could enable a hacker to access the wealth of personal and business information in the membership database.

"If you're not scanning e-mail and attachments for viruses and other malware, they can get control of your computers -- next thing you know, data from your computer has disappeared into cyberspace," Benet says. "You can't stop a user from doing dumb things, and you can't impose draconian usage rules -- people only try and get around them. But you do want to be able to protect people from themselves -- and the network from the people. If you do that, you can protect the data."

SOLUTION

Benet had been using one of the "big name" anti-virus programs, but the software was using so much of both the network and desktop resources that the web site was slowing down, affecting both productivity in the office and usability of the web site. "I started to research less resource-intensive anti-virus software for businesses and found the program I use now -- ESET's NOD32," Benet says. "In my opinion, NOD32 is the best anti-virus software out there. Besides the low overhead on the network and greater accuracy, the updating process is completely seamless."

The technology embedded in the NOD32 solution enables the program to protect against new and unknown viruses as well as those already in circulation. That way there's no "risk window" when users are waiting for their vendor to provide a new fix for a new virus, as is the case with programs that rely on signatures alone. In 2007, NOD32 was named "Best Antivirus Product of 2007" by independent research firm AV-Comparatives. Of the 17 products tested, NOD32 scored well in a range of categories including on-demand scanning speed and small numbers of "false positives."

The only issue concerning Benet was that ESET is located in Bratislava, Slovakia. "What if I had a support issue installing it?" he wondered.

That's when he discovered Software Security Solutions (SSS), a Colorado-based Security Value Added Reseller specializing in NOD32 anti-virus solutions. Benet purchased NOD32 from Software Security Solutions, and added Spy Sweeper from Webroot to take care of specific anti-spyware issues.

LAYERED SECURITY

SSS advocates a layered security approach and focuses on helping clients choose the best mix of solutions for their situation. "As in any walk of life, in the security business different tools are best at doing different things," says SSS founder and Chief Executive Officer Monte Robertson. "That's why it makes so much sense to take a layered approach to security, particularly in business. After all, what is more important to a business than the security of its own assets?"

Besides the existing firewall and NOD32 and Spy Sweeper anti-malware protection, Robertson suggested Benet take a look at LinkScanner, a new solution from Exploit Prevention Labs that blocks hidden threats on web sites that firewalls let through. Given his concerns with user behavior online, Benet was interested. "It looks like a useful additional layer, and could well end up being part of our security," he says. "It would allow users a little more freedom to use the web productively, and it would give me the peace of mind to not worry about where they might go."

Benet agrees that a layered approach is the way to go. "There's no silver bullet for all the security risks out there. You have to use multiple products that can keep an eye on each other and cover a broad spectrum of threats."

RESULTS

Benet pays about $500 per year for the peace of mind he gets with NOD32 and Spy Sweeper. "The cost is minuscule compared with what we could lose," he says. A virus on one workstation could take days to eradicate, during which time he couldn't work on anything else and the user would be without their PC. If the virus spread throughout the network, the entire association could go down. "Since I am the only person here doing IT work I would probably get outside help to get things up as quickly as possible. That is about $125 to $150 an hour for a few days, but is small compared to the cost of downtime."

Benet is so pleased with NOD32 that he's deployed it in a number of VPAR members' offices where he also manages IT services. "It's so easy for me to keep their virus protection humming. I can log into their server remotely and check the status wherever I am."