"The days of just buying and anti-virus or a firewall program and just putting it on a PC are over," said SonicWall's VP of corporate development Ed Cohen. Enterprises and small and medium business need a more layered approach to security. Yet, the layers need to be more sophisticated. With the growing complexity of corporate networks, a new approach is needed.

SonicWall's report cites the growing problem of securing networks from social applications and mobile devices. These are new problems within the last several years that corporate networks have not yet caught up with. Cohen uses the example of Facebook, which has become a necessity for enterprises. Yet, monitoring when, where and how employees Facebook or other similar applications is necessary for enterprise security. For instance, a business's marketing department needs to use Facebook but it should not be allowed to use applications within the platform, like MafiaWars.

There is also the growing ubiquity of mobile devices and workers accessing the corporate network. That includes workers accessing work data from their smartphones or remote workers tapping in from unsecured connections.

"The more access that companies give, the more vulnerable they are," Cohen said. "Yet, at the end of the day, access and productivity often trump security."

Cohen advises that consumers, corporations and small to medium businesses become more proactive with security. That includes more monitoring of how and when users are accessing their work data, installing sophisticated anti-virus programs, next-generation firewalls and filters that look scan for spyware, spam, Web vulnerabilities etc.

"It always surprises me when a small business says that it has an anti-virus program but asks why it also needs to get a firewall," Cohen said.

Cohn has four recommendations to effectively secure a business network.

• Protect the network - That classic fortress approach where firewalls, black lists and security programs monitor the network itself.
• Protect the endpoints - This includes securing computers making remote connections to the network, from using Secure Socket Layer and Virtual Private Networks to make sure that every smartphone, tablet or computer that can access work data has an anti-virus client.
• Back up data - This is an old standby credo of the security profession (or anybody that has ever used a computer), but Cohen says individuals and companies often do not do a good job of backing up data. There are a variety of new products and services that can help companies automatically back up their data in case of crash or breach.
• Use managed service providers - This is a trend in enterprise that has grown in the last several years, especially when it comes to mobile devices. If you do not know how or cannot effectively manage your network, hire somebody else to help you do it.

SonicWall has an interesting quiz about detecting phishing attempts that it says most people fail miserably. Head on over an take the quiz and let us know how you did. It is a lot harder to detect phishing than even sophisticated users think (this reporter got six out of 10 correct and apparently that is a good score).

Here is a sample of the quiz. Is this phishing or legit?

Answer: Phishing

File Sharing

According to this study, users on 92% of the monitored networks used P2P software, with BitTorrent and Gnutella being the most often used services.

On 76% of the monitored networks, the company also found that users used browser-based file-sharing and cloud-storage tools like YouSendIt and MediaFire. According to Palo Alto Networks, tools like MegaUpload, docstoc, Box.net, and Zoho Writer might seem extremely useful to a user who wants to finish an important document at home, but these services also introduce a number of business risks, including a potential lack of compliance.

Employees Will Find Ways to Route Around Corporate Security

The study also found that users will go to great lengths to route around corporate networks and often use tools like Gbridge, encrypted tunneling applications, and various private and public proxy services to circumvent security protocols, corporate firewalls and filtering mechanisms. Companies are spending a lot of money on firewalls and filtering products, but in the end, users will always find a way around these.

The conclusion of this report is pretty straightforward: application developers are making it easy for users to negate corporate firewalls, and users are happily taking advantage of this, while corporate IT networks are constantly playing a cat and mouse game with these users. Palo Alto Networks is obviously in the business of selling better firewalls, so the company's recommendation to filter traffic not by ports, protocols, or IP addresses, but by application type, content, and user doesn't come as a surprise. Some users, however, will always find a way around these systems.

It is important to note, though, that this study also shows that there is clearly a large demand for these kinds of cloud-storage and browser-based file sharing services, and a lot of the risks detailed in this report could be managed rather easily by giving users access to a comparable set of approved tools.