There's a blog over on the WSJ about how cyber-criminals are targeting Small and Medium businesses, and stealing money using the Zeus and Spyeye trojans, which we block.

One of the biggest problems is that most small and medium businesses think that they are not a target, and therefore don't need to do anything:

However, this may be a result of feeling powerless. The complexity of most approaches to stopping this sort of attack is also a bar that is too high, and costly, for most small and medium businesses.

The infrastructure that big companies use to inspect and lock down all traffic (provided by the large companies quoted in the WSJ), and the checks and balances in their processes, protect them, most of the time. When they fail, they at least alert them quickly to compromises. The problem is, this takes a lot of hardware and software, and very highly qualified people to run. It has to be monitored 24/7 to be effective.

For the SME, a complex layered defense with Intrusion Detection/Prevention, Alert monitoring, content inspection, and the staff to do all that is simply prohibitive. Even if you outsource it to someone like Secureworks, you still need all the equipment in your network, and the cost is typically at least as much as a 1/2 time IT guy per year, and goes up from there.

As a result, the defenses used by the big guys are expensive and inaccessible to the vast majority.

Cloud services provide the best way to handle this for a small company. Services like OpenDNS and Websense Triton do a good job of filtering what people browse to, but many bots communicate silently in the background, and circumvent those solutions.

ThreatSTOP, by doing the detection in the cloud, and using the company's existing firewall as the enforcement gateway, solves this issue. It makes the firewall smarter, allowing you to block the call home, and identify which computers are infected.

Learn more at


As if more evidence was needed of the problem:

Krebs has a story about how IF you get the bank to give you back your money, it can take a LONG time: