Select Country

Australia flag Australia Canada flag Canada/English Germany flag Deutschland Spain flag España France flag France China flag Hong Kong India flag India Ireland flag Ireland Netherlands flag Nederland New Zealand flag New Zealand Portugal flag Portugal South Africa flag South Africa Switzerland flag Schweiz Switzerland flag Suisse United Kingdom flag United Kingdom United States flag United States Japan flag 日 本 ×

SecureAnywhere Business
Endpoint Protection

Aggregating Threat Intelligence

Strength In Numbers Through Collective Threat Intelligence

Webroot SecureAnywhere® uses a distributed model wherein the threat intelligence gathered from endpoints around the world instantly protects all other endpoints that use the Webroot Intelligence Network, creating a 24/7 circle of protection.  We call it Cloud Predictive Intelligence, and when leveraged along with the Webroot SecureAnywhere Agent’s advanced behavioral heuristics, outbound firewall, and offline protection, endpoints no longer have to rely on large signature updates to remain protected from malware threats.

Free Trial » Buy Now »
Product Details » View Demo » Contact Us »

Select Endpoints and Years

# of PCs to protect (5-999)

Need more than 999 seats?
Please call: ' . $orderPhoneNumber . '

Subscription Length (yrs)


Total Cost:

 


CLOUD PREDICTIVE INTELLIGENCE

While we were using a competitor's product, we were averaging at least one infection each month.  I'd have to determine the infection type and attempt to remove it - but sometimes removal wouldn't work and I'd have to either re-create the user account on the PC to restore to a previous point or do a clean install.  The process could take anywhere from one to five hours for each event.

Cloud Predictive Intelligence is the method Webroot® uses to assess whether existing, new or changed files and processes are safe to run on a user’s machine.

When the Webroot SecureAnywhere® Agent is first installed, it scans the endpoint to build a local cache of all the files and processes already present. It then continuously monitors for new or changed files that are attempting, or are poised, to execute. Files are instantaneously validated against the Webroot Intelligence Network to make a categorization as ‘known good’ or ‘known bad’. If a determination of ‘known good’ or ‘known bad’ cannot be made, files go into a third category: ‘unknown/undetermined’.

Watch Video
Video: The Webroot® Intelligence Network

The Cloud Predictive Intelligence process flow for a 'known bad' file
The Cloud Predictive Intelligence process flow for a 'known bad' file

The Cloud Predictive Intelligence process flow for a 'known good' file
The Cloud Predictive Intelligence process flow for a 'known good' file

How it Works

When a new file is identified or an existing file is changed, a file hash is created on the local endpoint. That hash is then encrypted and securely sent to the Webroot Intelligence Network.

Known Safe

If the Webroot Intelligence Network has seen the file before, and it is ‘known good’, the determination is sent back to the endpoint and the file is allowed to execute.

Known Malicious

If the Webroot Intelligence Network has seen the file before, and makes a ‘known bad’ determination, the file is immediately quarantined and blocked from being able to execute.

Unknown

The Cloud 
Predictive Intelligence process flow for a 'known good' file
The Cloud Predictive Intelligence process flow for an 'unknown/undetermined' file

The most significant risk to endpoints is from newly released malware, also known as a Zero Day threat. In this scenario, the file has never been seen before, so the Webroot Intelligence Network is unable to make an instantaneous determination based on the file hash alone.  Rather than assuming the file is not a threat because it is not ‘known bad’, the agent monitors the file's execution and records which other files are touched, changes that are made, and any network activity that is attempted without compromising the endpoint. The behaviors from this pseudo-execution are analyzed in more detail and matched against the Webroot Intelligence Network’s database of behavioral rule sets.

If a definitive determination is still not possible based on the behavior, the file is then allowed to run on the endpoint.  Full monitoring and journaling runs alongside all the other Webroot security shields until the new file can be clearly identified as ‘known good’ or ‘known bad’. Any behaviors that exhibit malware behaviors are immediately blocked despite the allowed file execution.

When the Webroot Intelligence Network has enough information about the file to accurately identify it as ‘known bad’, it will block any further execution, quarantine the file, and roll back any changes that have been made based on the information journaled since the file was first identified on the endpoint. This will restore the machine to the pre-infection state.

Strength in Numbers

Additionally, if a file is determined as 'known bad', all other endpoints in the network that might encounter this program are automatically protected as well because the file hash is updated in the Webroot Intelligence Network. This means the next time that file is seen, there is no need to do a behavioral analysis or journaling, because the file hash will immediately be identified as malware upon the first check.

Safeguards Against False Positives

If a file has been determined as ‘known bad’ by the Webroot Intelligence Network, but is being run intentionally in an environment, administrators have the ability to set an override to allow its continued use. For instance, a keylogger may have been legitimately deployed within a network for IT or development work. Webroot SecureAnywhere is likely to classify this type of file as ‘known bad’ since it exhibits malicious keylogger behaviors.  This would be an inaccurate determination for a specific set of users in this environment. With Webroot SecureAnywhere, an administrator is able to immediately override a ‘known bad’ determination with a few mouse clicks from within the web management console and re-classify the file as ‘known good’ for their network.

Next: Stopping Data Theft »